cats

Release Notes:

• Make CATS output reports in a timestamp folder only if the argument --timestampReports is supplied
• Add ability to load Open API contract from URLs
• Print date and time on the CATS report page (inside the header)
• Throw exception when CATS is not able to load any custom file: custom fuzzer, security fuzzer, headers, ref data
• CATS will not run anymore Leading/Trailing Fuzzers for fields used as discriminators

Release Notes:

• Add path to the full report when CATS finishes running
• Reports are now written in separate folders inside test-report based on timestamp. This way you can keep track of historical runs
• Add 3 new Fuzzers for contract checking: HttpStatusCodeInValidRangeFuzzer, RecommendedHttpCodesContractInfoFuzzer, SecuritySchemesContractInfoFuzzer
• Report missing schema names when a response schema is not present in the schemas section
• Prevent double display of tests on first report page load in some cases
• Remove Scenario and Expected Result from the report. These were redundant
• Add HTTP method name in Scenario title for all ContractInfo Fuzzers

Release Notes:

• Fix for #6
• Add new fuzzer called SecuritySchemesContractInfoFuzzer

Release Notes:

• Add support for 2-way SSL
• Add support for basic auth using --basicauth argument
• Fix issue when ref data didn't exist for a path, but had all element defined
• Make expected results more clear in test report

Release notes:

• Headers Fuzzers are not considering auth headers anymore
• Fix issue in report when clicking outside the test status filter levels causing the list of tests to display empty
• Change the order of displaying the Fuzzer name in individual Test Cases in order to accommodate global Fuzzers cases

Release notes:

• Fix issue with auth headers not being recognised when not matching full name from pre-defined list
• Fix issue with Fuzzer names not being properly displayed in report after latest logback pattern change

Release Notes:

• Fix issue with additionalProperties having nested additionalProperties of type object
• Fix issue with auth headers not always being parsed correctly

Release Notes:

• make CATS proxy aware by using --proxyHost and --proxyPort
• change logging to use https://github.com/ludovicianul/pl4j
• make Fuzzer names shorter when prefixing log line by only using the first character of every work from their class name

Release notes:

• Fix #3
• Fix #4
• When non-fuzzing commands like ./cats.jar list fuzzers CATS will not display fuzzing related data anymore

Release notes:

• Fix an issue when a response was an array and CATS didn't properly check if the elements match the declared schema
• Whitelist the body_ JSON objects names generated by OpenAPI in order to not be labeled incorrectly by the Contract fuzzers
• Allow JSON object names to also match snake_case and hyphen-case
• Allow refData to contain fields which can be marked for removal using cats_remove_field

Release notes:

• custom files now use JsonPath syntax, so you have more control on the properties being replaced/used
• fix for SpacesOnlyInFieldsTrimValidateFuzzer being ignored when the fuzzers where running
• introduce arguments like --checkHeaders, --checkFields or --checkContract to be able to run only categories of fuzzers

Release Notes:

• fix various issues when dealing with oneOf or allOf elements
• add new Fuzzers for checking OpenAPI contract good practices in terms of presence of specific elements, naming conventions, content types, recommended headers
• fix issue when CATS was considering a 404 a valid response for validation error; it now expects 400 or 422
• CATS now also checks if the fuzzedField is present in a validation error response
• allow org.apache.commons.lang3 classes to be used via SPeL in configuration files such as refData, customFuzzer, etc
• fix issue with --printExecutionStatistics was only considering SKIPPED tests
• fix for elements sometimes not being displayed in the proper order in the final report

Release notes:

• Add the possibility to add additionalProperties inside refData and customFuzzerFile
• Add possibility to supply dynamic values to refData, customFuzzerFile and securityFuzzerFile. Currently it supports only the java.time package
• Update Report summary to also includes the path

Release Notes:

• fix for HttpMethodsFuzzer not conditioning HEAD by GET requests
• Add 2 new Fuzzers for exact value matching: MinimumExactValuesInNumericFieldsFuzzer and MaximumExactValuesInNumericFieldsFuzzer
• Add new security Fuzzers for checking security headers and mime types according to OWASP REST API recommendations
• list fuzzers will now list fuzzers based on categories: Field, Header and Http

Release notes:

• Add 2 new fuzzers for minLength and maxLength exact matching on String fields
• Add a new SecurityFuzzer that can be used for common security testing scenarios like XSS, SQL injection, etc
• Add a new argument called useExamples which can control whether CATS should use examples from the contract or only generate values
• Add a new argument called printExecutionStatistics that will display average, best case and worse case response times
• Add responseTimeInMs as part of the response information inside the CATS report
• Make DuplicateHeaderFuzzer iterate through all headers and send duplicates, rather than just for the first one
• Improve logging summary by adding colour codes
• Make CATS exit with a non-zero code when there is at least an error
• Add a new fuzzer called DummyFuzzer that will send a dummy payload to all defined paths
• Add a new argument called excludedFuzzers to be able to globally exclude specific fuzzers
• Add a new fuzzer for invalid values in ENUMs
• Improve logging for skipForXXX params and command listing
• Change the list of paths from the paths argument to be comma separated in order to be consistent with all other arguments

Release notes:

• Arrays can be set as query params
• Date-Time values are now properly made incorrect
• Fix the extreme negative values in integer fields to return 2 * Long.MIN_VALUE instead of zero
• Take into consideration responseBodies elements
• Fix for request that only have $ref for their bodies
• CustomFuzzer can now run business linked scenarios based on the order defined in the customFuzzer file
• CustomFuzzer can now validate elements in responses

Release notes:

• Fix an issue for GET requests that didn't have Operation Parameters causing NPE

Release Notes:

• add a new StringsInNumericFieldsFuzzer
• introduce the ability to skip specific fuzzers for certain paths
• fix an issue with hierarchical allOf elements
• add better error handling when there is a problem parsing refData and headers files
• remove the - from the log lines
• print the number of fuzzers when listing the fuzzers
• correctly report the reason for skipping a fuzzer
• update all dependencies to the latest versions
• fix an issue where not all fields where considered when dealing with allOf, anyOf or oneOf

Release notes:

• RemoveHeadersFuzzer will take into consideration if custom headers were supplied via the headers.yml file and will add the proper supplied values
• Remove the CatsHeader name when printing Cats headers
• Logging is now 5 characters left aligned formatted
• CATs will now fail if the supplied refData or headers files are not valid

Release Notes:

• Introduce the ability to correlate tests. Please check the README.md for details
• Fix for fuzzing query parameters as part of #2
• Make WireMock server run on dynamic ports when running tests
• Add RgxGen instead of Generex for generating random data