⛏️ Write a test to detect if a user cannot provide multiple ratings

[aktoboy]

💭 Introduction: We want to test whether an attacker can rate an product/video multiple times by exploiting race condition.

🎯 Requirements:

1. Filters - This test should run on apis which are used to rate or like videos. You can choose an API that has word rating or like in url.
2. Execute - Re-run the same request without any changes
3. Validate - If we get 90% response match, then it is vulnerable

The test should correctly detect whether the api is vulnerable to race condition.

✅ Task summary:

• [ ] Ask to be assigned to the issue.
• [ ] Wait to be assigned. We will try to assign in less than 2 hours.
• [ ] Signup for Akto
• [ ] Fork the tests-library repository, create a new branch and commit the yaml file which will be called in your test.
• [ ] Submit both the PR here.

📚 Reading You can find a detailed documentation of test editor rules here Find 100+ examples of YAML tests here

🙋🏼‍♂️ Questions: If you have questions, need any help, or just want to hang out, make sure to join us on our Discord server.

[khanjasir90]

@aktoboy @Ankita28g i would like to work on this! : )

[Ankita28g]

Hi @khanjasir90 . Assigning to you! Happy hackfesting 🎉

[Ankita28g]

Hi @khanjasir90 thanks for your submission in Hackfest. 🔥 We are reviewing your work. Do these two below:

1. Join this group on discord for discussions around prizes? 🚀 🏆
2. Please fill this form your PR to be considered for prizes!

[Anurag-space]

@Ankita28g @ankush-jain-akto "Hi there, I want to work on the test to detect if a user cannot provide multiple ratings. Could you assign me this problem for further exploration? I'm eager to help enhance the system's functionality.

Thanks for your time.

[SanchitMahajan236]

I would love to contribute. Can you please assign me this issue ?

[avneesh-akto]

I've assigned it to you, @SanchitMahajan236 . Happy hacking! Feel free to join our Discord if you need assistance.