cats

Release notes:

• Fix issue when root json was array - CATS was generating a simple object instead of array
• Remove dependency on github packages #76

Release notes:

• Fix for #75
• Add configuration to release to maven central #76
• Fix for #80
• Fix issue with Linters not properly running
• Fix corner case for oneOf definitions when there are multiple arrays nested

Release notes:

• Fix for #74
• Fix for #73
• Fix styling issues for dark mode

Release notes:

• Brand new logo
• New reporting design with more cleaner UI and omni-search in summary page
• Fix out of bounds issue with pattern containing length
• Add new fuzzer to replace primitive values with objects
• Add new Fuzzer to replace objects with arrays
• Change the value for almost valid UUID values
• Add fuzzers to replace arrays with primitives or objects
• Add new Fuzzer to overflow array size
• Switch skip message to debug to avoid too much logging
• Add new Fuzzer to overflow map sizes
• Ignore empty_body when checking naming conventions
• Don't escape query params when writing the full request path
• When searching for the fuzzedField in validation error response accomodate for snake-case and kebab_case
• Add possibility to skip fuzzers when running lint command
• Add possibility to include/exclude more granular log levels
• Add 2 new arguments to ignore reporting for success and warning
• #72 Add possibility to ignore fields in FunctionalFuzzer
• Renamed ContractInfo Fuzzers to LintFuzzers
• Add update check functionality to display new version if available

Release notes:

• Output report files when running cats replay if --output argument is supplied. #71
• Add possibility to add --server when running cats replay
• Fix for #69
• Change extension of summary json files from .js to .json
• Run special characters fuzzers for all string field types, not only StringSchema. This includes email, password, etc.
• Don't send query parameters when they are set to null
• When searching for the fuzzedField in validation error response make sure it matches snake-case and kebab_case
• Fix issue when generators were generating special chars and exact value fuzzers would fail due to values being sanitized by the services

Release notes:

• fix issue with anyOf payloads that have a base class where CATS generated a double nested object

Release notes:

• Second fix for #66 when arrays have minItems and maxItems defined
• Switch expression parsing logic to trace instead of debug
• Fix issue with header files not being properly processed

Release notes:

• Fix for #66
• Add new argument to --skipHeaders
• Switch some logging logic to debug to be less verbose
• Display CATS running times in minutes/seconds rather than ms

Release notes:

• Enhance the capability of expressions that can be used in custom files and reference data files; they can ruse output variables as well as request/response fields
• Fix for #63
• Add non-zero exit codes when there are errors for lint and run sub-commands
• Improve linting for naming conventions. You can configure now the naming strategy for each element like: paths, path variables, headrs, etc.
• Empty array responses are now consider to match response schemas
• Add log line when Fuzzer finishes

Release Notes:

• Fix string generation issue when schema had pattern but no min/max
• Fix issue with query params being defined as object schema
• Fix issue with allOf schemas and required fields part of root schema
• Ignore cases when searching for a validation error for a field in the response

Release notes:

• Add 2 new Fuzzers that will send a large number of HTTP headers
• Separate CR & LF characters into a dedicated Fuzzer to target HTTP headers
• Fix issue when discriminator was an enum with it's own schema
• Ignore cases when searching for a validation error for a field in the response

Release notes:

• Fix for #53
• Add 'curl' section in final report so that you can copy & paste a curl request to reproduce a CATS test case
• Add cats replay section in final report so that you can copy & paste to re-run the test case using CATS
• Add new command to list OpenAPI formats supported by cats: cats list --formats
• Add more invalid data generators for OpenAPI formats

Release notes:

• Fix issue with auth script not properly refreshing after configured interval
• Fix issue with custom contentType not being properly loaded from the specs
• Make custom Fuzzers allow generic response codes for expectedResponseCode
• Make SecurityFuzzer consider the supplied http method and optimise for nosql injection strings
• Improve generation of values for fixed length fuzzers

Release Notes:

• Introduce possibility to check boolean expression in verify section using checkBoolean keyword
• Fix issue with SpecialFuzzers not running at all since SpecialFuzzers are not loaded by default anymore
• Add new Fuzzer to send full Examples from the OpenAPI specs
• Add new generators for additional OpenAPI formats. See https://endava.github.io/cats/docs/getting-started/openapi-formats
• Remove Fuzzer from fuzzer names from console and reports
• Change generators for boundary and extreme numbers to better aligned with the OpenaAPI defined formats
• Change generator for integer left boundary to return Long.MAX and Integer.MAX
• Add log for http method and path when starting fuzzer
• Display output with no format for cats list command
• Avoid double base64 encoding of byte and binary data examples
• Skip boundary fuzzers for numbers when field is ref data
• Improve error messages to be more informative
• Add informative messages if cats detects many io exception or 401/403s
• Don't run Exact fuzzers when field has a format

Release Notes:

• Add exact path from contract in final report. Any fuzzing will be visible in the full path section
• Add new fuzzer called InvalidReferencesFieldFuzzer that will fuzz URL parameters with a pre-defined set of payloads
• Don't replace ref data when replacing objects with primitives
• Add possibility to set authorisation headers using a script. Use -H Auth-Header=auth_script and provide the script file using --authRefreshScript
• Fuzz authentication headers when using UserDictionaryHeadersFuzzer
• Fix issue when PUT and POST had empty bodies
• Avoid logging duplicate lines when skipping HTTP methods
• Fix issue when not properly fuzzing json arrays
• Take examples from Parameters
• Make some fuzzers skip if payload is empty
• Add fuzzer to check if resources are still available after successful DELETE
• Addition small bug fixes

Release notes:

• Improve fuzzers description to be more comprehensible
• Make logging less verbose out of the box
• Change --checkHeaders to -A in order to use -H for headers across all commands and sub-commands
• Add possibility to supply headers using -H (similar to curl)
• Add possibility to supply headers using -H to override headers when using cats replay
• Add possibility to supply wildcard paths in --paths and --skipPaths
• Fix failure when request didn't have body, but cats was trying to match post and delete
• Fix info reporting when --skipReportingForIgnored is enabled. Now tests are marked as ignored
• Remove SpecialFuzzers from the default run
• Add Custom User Dictionary Fuzzer for headers: UserDictionartyFieldsFuzzer and UserDictionaryHeadersFuzzer. They are enabled when using --words: cats -contract=<CONTRACT> --server=<SERVER> --words=<CUSTOM_DICTIONARY>

Release notes:

• Allow payloads to be supplied as env variables in TemplateFuzzer
• Display response code in summary report page
• Update description of some Fuzzers to be more comprehensive
• Add new Fuzzers: DefaultValuesInFieldsFuzzer, IterateThroughEnumValuesFieldsFuzzer, ReplaceObjectsWithPrimitivesFieldsFuzzer, VeryLargeDecimalsInNumericFieldsFuzzer, VeryLargeIntegersInNumericFieldsFuzzer
• Rename some Fuzzers to be more comprehensive. This may cause breaking changes when filtering based on Fuzzers names
• Add response headers in individual test case report
• Display more details in final report in case of IO exceptions
• Properly format date and date-time when returning values from examples
• Update to Java 17
• Add reason for skipping for boundary Fuzzers when schema not matching String schema
• Allow to set root level without specifying the package using --log "error"
• Add timestamp of test case in final report
• Print "empty response" if IO exception
• Add http method name in the summary report
• When a Fuzzer is selected from the drop-down the selection will remain active when going back in browser
• Take into consideration enums when generating numbers
• Don't send Content-Type for GET and DELETE
• Fix issue with report summary json not being properly created when using native binaries
• Export time execution details as json
• Add non-zero exit codes when something goes wrong: 191 on invalid input and 192 on execution exception
• Don't create cats-report folder when doing a --dryRun
• Add possibility to have environment variables in headers when running cats replay ...

Release Notes:

• Fix issue with some oneOf/anyOf models not properly generating all request combinations
• Fix issue with InvalidValuesInEnumsFieldsFuzzer running for non-enum fields
• Fix issue with boundary fuzzers running for date and date-time fields

Release Notes:

• Fix for #44
• Fix for #48 by adding new --queryParams argument to supply additional params in query which are not part of the API specs
• Fix issue with --dryRun not properly reporting all tests
• Fix issue with NO_COLOR variable being ignore by the native binaries
• Fix some issues with native binaries due to GraalVM updates

Release Notes:

• Fix for #43
• Change logic of AbugidasFields fuzzer to reflect the fact that the payloads contain both unicode control chars as well as valid characters
• Change ZalgoText fuzzer to prefix valid values rather than replace
• Introduce a --selfReferenceDepth argument used when there are cyclic dependencies between objects
• Remove TrimValidate, ValidateTrim, SanitizeValidate, ValidateSanitize from fuzzer names
• Introduce junit report summary format
• Fix issue in StringGenerator that was looping indefinetly for some patterns
• Fix issue for some query params not being properly url escaped
• Fix issue when content type was not properly added when using custom vendor headers
• Make XXXOnlyFuzzers run for DELETE and GET
• Update dependencies to latest versions