CATS is a REST API Fuzzer and negative testing tool for OpenAPI endpoints. CATS automatically generates, runs and reports tests with minimum configuration and no coding effort. Tests are self-healing and do not require maintenance.
APACHE-2.0 License
Bot releases are visible (Hide)
Published by en-milie over 3 years ago
Release Notes:
--timestampReports
is suppliedPublished by en-milie over 3 years ago
Release Notes:
test-report
based on timestamp. This way you can keep track of historical runsFuzzers
for contract checking: HttpStatusCodeInValidRangeFuzzer
, RecommendedHttpCodesContractInfoFuzzer
, SecuritySchemesContractInfoFuzzer
Scenario
and Expected Result
from the report. These were redundantScenario
title for all ContractInfo
Fuzzers
Published by en-milie almost 4 years ago
Release notes:
Published by en-milie almost 4 years ago
Release notes:
Published by en-milie almost 4 years ago
Release Notes:
additionalProperties
having nested additionalProperties
of type objectPublished by en-milie almost 4 years ago
Release Notes:
--proxyHost
and --proxyPort
Published by en-milie almost 4 years ago
Release notes:
./cats.jar list fuzzers
CATS will not display fuzzing related data anymorePublished by en-milie almost 4 years ago
Release notes:
body_
JSON objects names generated by OpenAPI in order to not be labeled incorrectly by the Contract fuzzerssnake_case
and hyphen-case
refData
to contain fields which can be marked for removal using cats_remove_field
Published by en-milie almost 4 years ago
Release notes:
SpacesOnlyInFieldsTrimValidateFuzzer
being ignored when the fuzzers where running--checkHeaders
, --checkFields
or --checkContract
to be able to run only categories of fuzzersPublished by en-milie almost 4 years ago
Release Notes:
oneOf
or allOf
elements404
a valid response for validation error; it now expects 400
or 422
org.apache.commons.lang3
classes to be used via SPeL in configuration files such as refData, customFuzzer, etc--printExecutionStatistics
was only considering SKIPPED testsPublished by en-milie about 4 years ago
Release notes:
additionalProperties
inside refData
and customFuzzerFile
refData
, customFuzzerFile
and securityFuzzerFile
. Currently it supports only the java.time
packagePublished by en-milie about 4 years ago
Release Notes:
HttpMethodsFuzzer
not conditioning HEAD by GET requestsMinimumExactValuesInNumericFieldsFuzzer
and MaximumExactValuesInNumericFieldsFuzzer
list fuzzers
will now list fuzzers based on categories: Field, Header and HttpPublished by en-milie about 4 years ago
Release notes:
SecurityFuzzer
that can be used for common security testing scenarios like XSS, SQL injection, etcuseExamples
which can control whether CATS
should use examples from the contract or only generate valuesprintExecutionStatistics
that will display average, best case and worse case response timesresponseTimeInMs
as part of the response information inside the CATS
reportDuplicateHeaderFuzzer
iterate through all headers and send duplicates, rather than just for the first oneCATS
exit with a non-zero code when there is at least an errorDummyFuzzer
that will send a dummy payload to all defined pathsexcludedFuzzers
to be able to globally exclude specific fuzzersskipForXXX
params and command listingpaths
argument to be comma separated in order to be consistent with all other argumentsPublished by en-milie about 4 years ago
Release notes:
2 * Long.MIN_VALUE
instead of zero$ref
for their bodiesCustomFuzzer
can now run business linked scenarios based on the order defined in the customFuzzer
fileCustomFuzzer
can now validate elements in responsesPublished by en-milie about 4 years ago
Release notes:
Published by en-milie about 4 years ago
Release Notes:
StringsInNumericFieldsFuzzer
-
from the log linesPublished by en-milie about 4 years ago
Release notes:
Published by en-milie about 4 years ago
Release Notes: