cats

Release Notes:

• Add new Fuzzer for Zalgo Text in headers
• Add targetFieldTypes element in SecurityFuzzer
• Add possibility to add all as path name in SecurityFuzzer
• Add new Fuzzer for abugidas chars in headers
• Rename CustomFuzzer to FunctionalFuzzer

Release notes:

• Third attempt to fix Swagger 2 spec parsing in native binaries

Release Notes:

• Hotfix for Swagger 2 specs not being parsed by native images

Release Notes:

• Introduce the ability to create refData files using the CustomFuzzer
• CustomFuzzer and SecurityFuzzer files can be now run using the cats run command
• Make large Fuzzers skip matching response Schema
• Add 6 new Emoji Fuzzers for headers
• Make DELETE request work by caching POST results and matching with DELETE identifiers
• Fix for strings generated with validateAndSanitize strategy to maintain size
• Add new ZalgoText Fuzzers
• Fix issue in native images when parsing Swagger 2.0 specs
• Improve Scenario text for some Fuzzers
• Export summary report in JSON format as cats-summary-report.json
• Add option --output to change the folder where the CATS report is written
• Disable ANSI formatting when NO_COLOR environment variable is set

Release Notes:

• Native binaries are now fully working
• Improve help styling using ANSI codes
• Introduce alternative string generator for cases when the current one was failing
• Fix issue when CATS was sending duplicate headers when header present both in contract and headers file
• You can now use CustomFuzzer to replace variables in a refData template
• Fix bug when payloads were not generated for each oneOf combination when --useExamnples=false
• Introduce the ability to supply --contentType which is useful for content negociation
• replay command now support proxy and additional auth options
• Fix NPE when tests were not supplied for the replay command
• Introduce support for response code ranges #20
• Introduce support for readOnly and writeOnly fields #19

Release Notes:

• CATS is now migrated to Quarkus. This brings the ability to have native binaries for Linux and Mac OS, so no need for Java to be installed
• Another benefit from migration to Quarkus is that CATS is now faster
• With the hep of PicoCli, CATS is more command line friendly and offers the typical functionalities offered by any other command line tool: short arguments, autocomplete in bash and zsh, help, etc.
• Add the ability to reference environment variables in headers and refData files
• Add the ability to set the size of strings used by the VeryLargeXXX fuzzers
• Add new arguments to ignore undocumented response code and response body checks
• Add --blackbox mode as a shortcut to --ignoreResponseCodes="2xx,4xx"

[Edit]
The native binaries will be available in 7.0.1 as the current versions had some issues caused by the native-image compilation.

Use java -jar cats.jar instead of cats.

Release Notes:

• Add connectionTimeout, readTimeout and writeTimeout as arguments
• Add possibility to refer request fields in customFuzzer files using request#
• Introduce ability to --dryRun in order to see how many tests will get generated for each path
• Fix issue caused by oneOf selecting between 2 primitive schemas
• Change default value for maxReqPerMinute to 10000
• Make default min 5 when no left boundary provided for String schemas
• Add a new column in report with the warn/error result reason
• Include 404 as a special result reason category: CATS will report them as error in order to encourage providing business context
• Fix for #17
• Remove --reportingLevel argument as it was redundant and extend --log to pick up multiple packages
• Add the possibility to ignore specific http response codes using --ignoreResponseCodes. This will ignore WARNs and ERRORs reported when those codes are returned and mark them as successful
• Restrict printing execution statistics to summary only by default and add --printExecutionStatistics=detailed for details
• Introduce the possibility to replay specific tests by supplying a json test case output from CATS. Use ./cats.jar replay --tests=...
• Add the possibility to also supply --help, -h and --version, -v for help and version
• Make ControlChars, Whitespaces and Emojis fuzzer not being enabled by default. Use --includeEmojis, --includeWhitespaces and --includeControlChars to include them

Release notes:

• update to Java 11
• fix for #16
• remove config from console out when running helper commands
• bold fuzzer name and test id in console
• add CATS version information inside the final report

Release Notes:

• Fix for #15
• Fix for #14
• Fix for #8
• Proper implemented #13
• Introduce ability to limit number of transactions per minute using --maxRequestsPerMinute
• Add new Fuzzers for multi code point Emojis

Release Notes:

• Fix for #10
• Change default pattern when no pattern supplied to also generate zero-width whitespaces

Release Notes:

• Fix NPE reported under #8
• Add logic to handle cases when maxLength is equal to 2^31-1, reported under #11
• Print note when fuzzers are skipped due to requests not having any fields

Release Notes:

• Add new category of Fuzzers focused on sending single code point Emojis
• Add a new argument for setting the --sanitizationStrategy. This is used when sending ControlChars and Emojis inside valid values
• Add a new argument for setting the --httpMethods to be fuzzed. You can exclude methods which you don't want to be fuzzed
• Enable CATS to also perform Http DELETE operations
• httpMethod is now mandatory for the CustomFuzzer and SecurityFuzzer
• Improve documentation

Release Notes:

• Fix NonRestHttpMethodsFuzzer that was not running successful for all cases
• Add possibility to skip specific fields from being fuzzed by Replacement Fuzzers
• Invisible Chars Fuzzers (Whitespaces and ControChars) are now running also for GET
• Generate Base64 encoded strings when dealing with byte format

Release Notes:

• Add new Fuzzers for sending Unicode Control Characters in Fields and Headers
• Add new Fuzzers for sending Unicode Separators in Fields and Headers
• Remove NullValuesInHeaders as it was similar with EmptyStringValuesInHeaders
• Decrease startup time by 1-2 seconds
• Add UTF-8 encoding to the generated reports
• Add Fuzzers that insert Control Chars and Separators within values
• Add possibility to use variables in the verify section of the CustomFuzzer file
• Update dependencies to latest versions
• Replace Apache HTTP Client with OK HTTP Client
• Add new Fuzzer for non-REST API HTTP methods (specific to WebDav)
• Print warnings when running with all Fuzzers. Please check the README on details about running times
• CATS has now 68 Fuzzers

Release Notes:

• add support for html only reports. This is achievable using the --reportFormat=htmlOnly argument. Html only reports are easier to embed in CI server reports due to javascript content security policies
• test reports are now written in cats-report folder instead of test-report (this was a bit generic and confusing)
• add a new argument called --skipPaths=LIST which can be used to skip a list of paths from fuzzing
• all Long values are written in CATS report as String as Javascript has issues parsing Long numbers
• add Fuzzer name in the CATS report summary table
• test cases are now displayed as separated html page instead of javascript popup
• drastically improved CATS report load time from tens of seconds (for thousands of tests) to 1 second
• add test timestamp in the test case page

Release Notes:

• Make CATS output reports in a timestamp folder only if the argument --timestampReports is supplied
• Add ability to load Open API contract from URLs
• Print date and time on the CATS report page (inside the header)
• Throw exception when CATS is not able to load any custom file: custom fuzzer, security fuzzer, headers, ref data
• CATS will not run anymore Leading/Trailing Fuzzers for fields used as discriminators

Release Notes:

• Add path to the full report when CATS finishes running
• Reports are now written in separate folders inside test-report based on timestamp. This way you can keep track of historical runs
• Add 3 new Fuzzers for contract checking: HttpStatusCodeInValidRangeFuzzer, RecommendedHttpCodesContractInfoFuzzer, SecuritySchemesContractInfoFuzzer
• Report missing schema names when a response schema is not present in the schemas section
• Prevent double display of tests on first report page load in some cases
• Remove Scenario and Expected Result from the report. These were redundant
• Add HTTP method name in Scenario title for all ContractInfo Fuzzers

Release Notes:

• Fix for #6
• Add new fuzzer called SecuritySchemesContractInfoFuzzer

Release Notes:

• Add support for 2-way SSL
• Add support for basic auth using --basicauth argument
• Fix issue when ref data didn't exist for a path, but had all element defined
• Make expected results more clear in test report

Release notes:

• Headers Fuzzers are not considering auth headers anymore
• Fix issue in report when clicking outside the test status filter levels causing the list of tests to display empty
• Change the order of displaying the Fuzzer name in individual Test Cases in order to accommodate global Fuzzers cases