CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing and do not require maintenance.
APACHE-2.0 License
Bot releases are hidden (Show)
Release notes:
lint
and run
sub-commandsRelease Notes:
Release notes:
Release notes:
curl
request to reproduce a CATS test casecats replay
section in final report so that you can copy & paste to re-run the test case using CATScats list --formats
Published by en-milie almost 2 years ago
Release notes:
expectedResponseCode
Release Notes:
Release Notes:
InvalidReferencesFieldFuzzer
that will fuzz URL parameters with a pre-defined set of payloads-H Auth-Header=auth_script
and provide the script file using --authRefreshScript
UserDictionaryHeadersFuzzer
Release notes:
--checkHeaders
to -A
in order to use -H
for headers across all commands and sub-commands-H
(similar to curl)-H
to override headers when using cats replay
--paths
and --skipPaths
--skipReportingForIgnored
is enabled. Now tests are marked as ignoredUserDictionartyFieldsFuzzer
and UserDictionaryHeadersFuzzer
. They are enabled when using --words
: cats -contract=<CONTRACT> --server=<SERVER> --words=<CUSTOM_DICTIONARY>
Release notes:
DefaultValuesInFieldsFuzzer
, IterateThroughEnumValuesFieldsFuzzer
, ReplaceObjectsWithPrimitivesFieldsFuzzer
, VeryLargeDecimalsInNumericFieldsFuzzer
, VeryLargeIntegersInNumericFieldsFuzzer
date
and date-time
when returning values from examples--log "error"
191
on invalid input and 192
on execution exceptioncats-report
folder when doing a --dryRun
cats replay ...
Release Notes:
--queryParams
argument to supply additional params in query which are not part of the API specs--dryRun
not properly reporting all testsNO_COLOR
variable being ignore by the native binariesRelease Notes:
AbugidasFields
fuzzer to reflect the fact that the payloads contain both unicode control chars as well as valid charactersZalgoText
fuzzer to prefix valid values rather than replace--selfReferenceDepth
argument used when there are cyclic dependencies between objectsjunit
report summary formatXXXOnlyFuzzers
run for DELETE and GETRelease notes:
application/x-www-form-urlencoded
-D
argument for cats replay
email
NewFieldsFuzzer
in query params for GET and DELETE requestsPublished by en-milie over 2 years ago
Release notes:
TemplateFuzzer
failing with NPE in some caseslint
sub-command to run only ContractInfoFuzzers
. These fuzzers are not included in standard run anymore. checkContract
is also not available anymore. You can use --includeContract
if you want to get these fuzzers back in the standard runRelease Notes:
-D
to enable debuggingTemplateFuzzer
used to fuzz pre-defined request templates, rather than OpenAPI contracts. You can use this via cats fuzz [arguments]
Release notes:
--
)GET
query params