cats

Release noted:

• fix for #42
• #39 allow > cats run security.yml to use the --ignoreXXX arguments
• improve output of > cats run
• improve display and diagnostic for contract linters
• change numeric fields to Number instead of String

Release notes:

• Add non-JSON responses in the final report as raw data
• Print log line when content-type is not supported or not recognised
• Detect cyclic dependencies and gracefully handle them
• Add support for application/x-www-form-urlencoded
• Add -D argument for cats replay
• Add more debug logs for better troubleshooting
• Properly generate email example when format email
• Add field for NewFieldsFuzzer in query params for GET and DELETE requests

Release notes:

• fix for TemplateFuzzer failing with NPE in some cases
• remove note log when running subcommands
• a new lint sub-command to run only ContractInfoFuzzers. These fuzzers are not included in standard run anymore. checkContract is also not available anymore. You can use --includeContract if you want to get these fuzzers back in the standard run

Release Notes:

• improve diagnostic in case of failures by adding more debug logs and a new argument -D to enable debugging
• add a new TemplateFuzzer used to fuzz pre-defined request templates, rather than OpenAPI contracts. You can use this via cats fuzz [arguments]
• add possibility to record non-json requests in final report
• add possibility to ignore responses based on: size, number or words, number of lines or a specific regex; prior to this it was only possible via response codes
• update dependencies to latest versions

Release notes:

• Fix for #32
• Fix for #34
• Add possibility to ignore results in final report for ignored response codes (using --)
• Enable empty and null field Fuzzers to run for GET query params
• Add new Fuzzers for abugidas characters
• Update dependencies to latest version

Release Notes:

• Add new Fuzzer for Zalgo Text in headers
• Add targetFieldTypes element in SecurityFuzzer
• Add possibility to add all as path name in SecurityFuzzer
• Add new Fuzzer for abugidas chars in headers
• Rename CustomFuzzer to FunctionalFuzzer

Release notes:

• Third attempt to fix Swagger 2 spec parsing in native binaries

Release Notes:

• Hotfix for Swagger 2 specs not being parsed by native images

Release Notes:

• Introduce the ability to create refData files using the CustomFuzzer
• CustomFuzzer and SecurityFuzzer files can be now run using the cats run command
• Make large Fuzzers skip matching response Schema
• Add 6 new Emoji Fuzzers for headers
• Make DELETE request work by caching POST results and matching with DELETE identifiers
• Fix for strings generated with validateAndSanitize strategy to maintain size
• Add new ZalgoText Fuzzers
• Fix issue in native images when parsing Swagger 2.0 specs
• Improve Scenario text for some Fuzzers
• Export summary report in JSON format as cats-summary-report.json
• Add option --output to change the folder where the CATS report is written
• Disable ANSI formatting when NO_COLOR environment variable is set

Release Notes:

• Native binaries are now fully working
• Improve help styling using ANSI codes
• Introduce alternative string generator for cases when the current one was failing
• Fix issue when CATS was sending duplicate headers when header present both in contract and headers file
• You can now use CustomFuzzer to replace variables in a refData template
• Fix bug when payloads were not generated for each oneOf combination when --useExamnples=false
• Introduce the ability to supply --contentType which is useful for content negociation
• replay command now support proxy and additional auth options
• Fix NPE when tests were not supplied for the replay command
• Introduce support for response code ranges #20
• Introduce support for readOnly and writeOnly fields #19

Release Notes:

• CATS is now migrated to Quarkus. This brings the ability to have native binaries for Linux and Mac OS, so no need for Java to be installed
• Another benefit from migration to Quarkus is that CATS is now faster
• With the hep of PicoCli, CATS is more command line friendly and offers the typical functionalities offered by any other command line tool: short arguments, autocomplete in bash and zsh, help, etc.
• Add the ability to reference environment variables in headers and refData files
• Add the ability to set the size of strings used by the VeryLargeXXX fuzzers
• Add new arguments to ignore undocumented response code and response body checks
• Add --blackbox mode as a shortcut to --ignoreResponseCodes="2xx,4xx"

[Edit]
The native binaries will be available in 7.0.1 as the current versions had some issues caused by the native-image compilation.

Use java -jar cats.jar instead of cats.

Release Notes:

• Add connectionTimeout, readTimeout and writeTimeout as arguments
• Add possibility to refer request fields in customFuzzer files using request#
• Introduce ability to --dryRun in order to see how many tests will get generated for each path
• Fix issue caused by oneOf selecting between 2 primitive schemas
• Change default value for maxReqPerMinute to 10000
• Make default min 5 when no left boundary provided for String schemas
• Add a new column in report with the warn/error result reason
• Include 404 as a special result reason category: CATS will report them as error in order to encourage providing business context
• Fix for #17
• Remove --reportingLevel argument as it was redundant and extend --log to pick up multiple packages
• Add the possibility to ignore specific http response codes using --ignoreResponseCodes. This will ignore WARNs and ERRORs reported when those codes are returned and mark them as successful
• Restrict printing execution statistics to summary only by default and add --printExecutionStatistics=detailed for details
• Introduce the possibility to replay specific tests by supplying a json test case output from CATS. Use ./cats.jar replay --tests=...
• Add the possibility to also supply --help, -h and --version, -v for help and version
• Make ControlChars, Whitespaces and Emojis fuzzer not being enabled by default. Use --includeEmojis, --includeWhitespaces and --includeControlChars to include them

Release notes:

• update to Java 11
• fix for #16
• remove config from console out when running helper commands
• bold fuzzer name and test id in console
• add CATS version information inside the final report

Release Notes:

• Fix for #15
• Fix for #14
• Fix for #8
• Proper implemented #13
• Introduce ability to limit number of transactions per minute using --maxRequestsPerMinute
• Add new Fuzzers for multi code point Emojis

Release Notes:

• Fix for #10
• Change default pattern when no pattern supplied to also generate zero-width whitespaces

Release Notes:

• Fix NPE reported under #8
• Add logic to handle cases when maxLength is equal to 2^31-1, reported under #11
• Print note when fuzzers are skipped due to requests not having any fields

Release Notes:

• Add new category of Fuzzers focused on sending single code point Emojis
• Add a new argument for setting the --sanitizationStrategy. This is used when sending ControlChars and Emojis inside valid values
• Add a new argument for setting the --httpMethods to be fuzzed. You can exclude methods which you don't want to be fuzzed
• Enable CATS to also perform Http DELETE operations
• httpMethod is now mandatory for the CustomFuzzer and SecurityFuzzer
• Improve documentation

Release Notes:

• Fix NonRestHttpMethodsFuzzer that was not running successful for all cases
• Add possibility to skip specific fields from being fuzzed by Replacement Fuzzers
• Invisible Chars Fuzzers (Whitespaces and ControChars) are now running also for GET
• Generate Base64 encoded strings when dealing with byte format

Release Notes:

• Add new Fuzzers for sending Unicode Control Characters in Fields and Headers
• Add new Fuzzers for sending Unicode Separators in Fields and Headers
• Remove NullValuesInHeaders as it was similar with EmptyStringValuesInHeaders
• Decrease startup time by 1-2 seconds
• Add UTF-8 encoding to the generated reports
• Add Fuzzers that insert Control Chars and Separators within values
• Add possibility to use variables in the verify section of the CustomFuzzer file
• Update dependencies to latest versions
• Replace Apache HTTP Client with OK HTTP Client
• Add new Fuzzer for non-REST API HTTP methods (specific to WebDav)
• Print warnings when running with all Fuzzers. Please check the README on details about running times
• CATS has now 68 Fuzzers

Release Notes:

• add support for html only reports. This is achievable using the --reportFormat=htmlOnly argument. Html only reports are easier to embed in CI server reports due to javascript content security policies
• test reports are now written in cats-report folder instead of test-report (this was a bit generic and confusing)
• add a new argument called --skipPaths=LIST which can be used to skip a list of paths from fuzzing
• all Long values are written in CATS report as String as Javascript has issues parsing Long numbers
• add Fuzzer name in the CATS report summary table
• test cases are now displayed as separated html page instead of javascript popup
• drastically improved CATS report load time from tens of seconds (for thousands of tests) to 1 second
• add test timestamp in the test case page