cats | Java Ecosystem Directory

Bot releases are visible (Hide)

cats - cats-12.0.0 Latest Release

Published by github-actions[bot] about 2 months ago

feat: Display current path/total paths in command line
feat: Add possibility to specify run order of paths
fix: Cache additionalProperties in order to avoid cyclic calls
fix: Decrease size for OverflowMapSizeFuzzer as it lead to outofmemory
fix: Fix issue with cyclic dependencies on additionalProperties
feat: After CATS runs, print number of errors by error reason
fix: Fix issue in swagger-parser with array query params with inline schemas
fix: Fix parsing JSON issues for keys like filters[]
fix: Query parameters that have cross path references to inline array schemas are now properly solved
feat: Add additional data to be displayed in the summary report: numer of paths and average execution time
feat: Properly parse strings which are actually escaped JSONs
fix: Prevent stackoverflow issue when schema was refering itself
feat: Reorganize summary page to include tests execution chart and additional details
fix: Fix issues with cross-path param reference and empty title inline schemas
fix: Improve cross-path reference solving for ApiResponses
feat: Introduce support for cross-path components references like #/paths/~~1v2~~11-clicks/get/responses/200/headers/ratelimit-limit
feat: Make help consistent across all arguments
fix: Don't mutate field if it's not part of the current payload
fix: Fix --dryRun not properly displaying number of test to be run
fix: Fix padding for banner and logo on summary page
feat: Add additional data to be displayed in the summary report
feat: Add new generator for content types
feat: Add new argument to cache generated payloads instead of generating them every time
feat: Display path and http method when showing processing errors at the end of the run
fix: Fix serialization of DateTime objects when fuzzers where replacing fields
fix: Improve regex generator to deal with fix length patterns
feat: Print errors during fuzzer processing at the end of execution
fix: When OpenAPI schema doesn't have min/max default to -1/-1
fix: Escape json keys like $idempotency_key
fix: Return default alphanumeric pattern for empty patterns
fix: Fix HttpStatusCodeInRangeLinter to conside 1xx,2xx,3xx,4xx,5xx codes
fix: Accomodate additional regexes with fixed length in definition and also having minLength and maxLength defined
fix: Ignore root schema names from cyclic references check
fix: Escape json keys like key[inner]
fix: Change default min length for headers to 1 when no constraint defined in OpenAPI
feat: Change PhoneNumberGenerator to also match phone1, phone2, etc.
feat: Add http method when printing that a param does not have a defined schema
fix: Make sure total string size does not exceed max possible on jvm
fix: Fix issues when content type is not Json and logic for param replacement was relying on json formatting
fix: When schema length is Integer.MAX_VALUE use only MAX_VALUE / 100 to generate exact length values
fix: Fix some edge cases for string generation
fix: When NewFieldsFuzzer cannot add new fields skip the test
fix: When payloads are not valid jsons compare them as strings
fix: Update StringGenerator to try to generate twice for each generator to increase chances of generating a value matching the pattern
fix: When path variable is not defined in OpenAPI print error instead of throwing exception
fix: When path variable is not defined in OpenAPI print error instead of throwing exception
fix: Fix issue with NewFieldsFuzzer to be skipped for primitives and better interpret arrays
fix: Fix issue with DefaultValuesInFieldsFuzzer to do simple replace instead of merge fuzzing
fix: When an exception happens before running the fuzzer make sure contract path is recorded
feat: Change display progress to unknown progress instead of percentage as percentages were unreliable
fix: When field is enum consider left boundary as length of element at position 0
fix: Escape zero width char to properly be displayed in the report
fix: ZeroWidthCharsInNamesHeadersFuzzer should not match response content type and body
fix: Split ZeroWidthCharacters fuzzers based on sanitization logic
fix: Fix issue with progress not being displayed when request payload contained many fields
fix: Fix issue when UUIDs could not be generated in native binaries
fix: Fix for #128 for case insensitive regexes
feat: Add new linter to check to check relevant response codes have response bodies
fix: Fix for #125 caused by pattern also allowing empty strings
feat: Add new generator for state codes
feat: Add new generator for sort codes
feat: Add new generator for nationality
feat: Add new generator for bank account numbers
fix: Improve phone number generator to accomodate regexes starting with +
fix: Add lineOne as possible field name for line1 generator
feat: cats generate ... will output single json instead of array when one type of request possible
fix: Fix for #127 when contentType is declared globally
feat: Add new linter to detect duplicate operationIds
feat: Add new linter to detect empty path elements
fix: Mark null responses as matching schema
fix: Mark null responses as matching schema
feat: Include additional potential monitoring endpoints to be displayed by cats stats sub-command
feat: Add 2 new fields fuzzers that are fuzzing field names and field values with zero length characters
fix: Add env. prefix to RELEASE_URL
Fix failing unit test
Include additional characters in the zero width chars small list
Add automated release for all binaries including release notes
Add macos-13 for amd64 builds on mac
Display os arch info in log
Add mvn clean before package in order to deploy okhttp fork
Initial test to see if Github actions can be used to build graalvm binaries on all platforms
Allow -X for http method in main command
Change okhttp to allow any unicode character in headers name
Add two new header fuzzers to cover basic zero width characters test cases
Update dependencies to latest versions
Add unit tests for missing cases
Enable debug logging earlier in GenerateCommand
Add unit tests for missing cases
Proper display stacktraces in CatsCommand
Update dependencies to latest versions
Add generate command in cats_autocomplete
Update javadoc to reflect that RandomResourceFuzzer runs for all http methods
Remove log line
Replace System.out with logger.noFormat
Fix sonarqube violations
Add new command to generate valid response templates
Change logic for phone generator to select from 10 and 11 lenght numbers only
Remove commented test
Exclude citizenship from the IP generator match condition
Make method return empty list when urlParams are null
When responses have binary content such as pdf or csv, assume the body matches
Change argument help to remove TemplateFuzzer reference
Update dependencies to latest versions
Refactor to avoid cyclic dependencies
Fix issues with default values for boolean arguments and their negatable values
Update with the latest arguments
Optimize streams usage
Create one parametrized test out of 2 tests
Fix issue where arrays were marked as xxxOf elements even if not containing any xxxOf in keys
Make default console width fixed to 80
Make cats fuzz do fuzzing based on the FUZZ keyword
Remove ambiguous naming for variable
Inject cats version directly in ApiArguments and create user agent there
Update dependencies to latest versions
Add api specs required by latest unit tests
Make matchXXX arguments required for templatefuzzer
Add unit tests for complex oneOf/anyOf hierarchies
Add default value for help on matchInput
Fix test case id star padding to have same lenght as default
Fix issue with refData from all not adding keys that were not on the path entry
Make cats fuzz sub-command render findings in console as it progresses
When running in summary mode don't prefix log lines with stars
Refactor to reduce cyclomatic complexity
Remove unused reportingArguments
Remove unused method argument
Add 2 new arguments for simpleReplace and printProgress for cats fuzz sub-command
Fix failing unit test
Several improvements for the cats fuzz subcommand
Unit test for #122
Handle connection reset exception separately
Change description for some arguments
Change default for --limitXxxCombinations and add negatable for boolean arguments
Fix some sonarqube violations
Fix for #122 - wrong detection of cyclic dependency
Update dependencies to latest versions
Handle additional cases for any_of/one_of generation - hopefully current commit covers almost all cases
Handle additional cases for any_of/one_of generation
Add method to get replacement key also taken into consideration arrays [*]
Prevent NPE when property is null
Fully sanitize json paths before performing operations
Fix issue with lookahead regex operators causing strings not to be generated
Change required maven version to 3.8.0
If --urlParams are not supplied for http methods with body, generate random values
If --targetFields are not supplied, compute all fields combinations from --data for cats fuzz...
Update dependencies to latest versions
Add latest arguments in cats_autocomplete
Filter out request payloads that are not fully created and still include ONE_OF/ANY_OF
Escape paths that start with $, like or
Fix NPE when pattern was empty
Add new arguments that deal with anyOf/oneOf generation
Improve cyclic schema dependencies detection to avoid infinite loops
Add new argument to explicetly set if response generation should account for anyOf/oneOf
Introduce additional mechanism to detect cyclic dependencies and return null when detected
Change regex to avoid performance issues
Change stack to deque
Improve oneOf/anyOf combination generation to avoid stackoverflow on circular references
Fix issue with allOf schemas not being properly inlined
Fix regex that espaces JsonPath to exclude arrays
Clean regexes that have characters prior to ^
Add method to escape json keys containing [] and new method to add elements to a json key rather than replace
Add method to eliminate end of string properties duplicates
Add response schemas only if they are not already part of the global schemas
Accomodate additional cases for allOf composition with root oneOf schemas
Accomodate additional cases for allOf composition with root oneOf schemas
Add missing javadoc
Fail gracefully when schema definitions are not part of the contract
Escape entire path element as some path elements might contain []
Improve detection of cyclic dependecies when property was having the same name
Fix array length to include maximum 5 elements even if maxItems is defined
Fix array length to include maximum 5 elements even if maxItems is defined
Fix issue when OpenAPI paths were already containing the query params in the definition
Fix NPE and cases when examples had nested elements with additional examples
Fix issue when OpenAPI parser was adding an empty schema
Fix for #119 - allOf schema was not properly inlined
Increase limit for yaml file size
Make squashAllOf method return a new json object rather than modifying the existing one
Check if field is part of request before setting default value
Add generator for bic/swift code
Fix self-reference detection by keeping full qualified property names
Add default value for xxxOf combinations as they grow exponentially and some OpenAPI specs abuse this
Remove additional parameter from method as it had a fixed value
Flag when a test case result is switched from error/warn to success based on --ignoreXXX arguments
Fix an issue where path specific headers were overriden by all level headers
Add unit test for missing cases
Add unit test for #117
Remove reduntant toString()
Improve mock data quality in unit tests to prevent random stacktraces
Fix possible NPEs
Change generator logic to consider enum and default values first
Fix failing unit test
Add unit tests for missing cases
Apply the fix for #117 for cyclic dependencies detection
Add IBAN generator
Minimum and Maximum exact value fuzzers for Integer and Number field should work (not be skipped) when 'format' is also given. That was not happening. Added the fix for this issue. Override the hasBoundaryDefine() function
Added the fix for number fields to consider enums and default value if provided when generating the HappyPath payload
Updated the test cases for String Boundary Fuzzer
Fix NPE when allOf schema was null
Fix NPE by when param name was not present
Refactor so that I can test that exactly one generator is returned per format and property name
Update to latest version of dependencies
Remove toLowerCase as it was already checked in PropertySanitizer
Add new generator for phone number name
Add new generator for business name
Fix spelling in the README.md
Refactor the way response codes are being checked
Manually add CatsResponseBuilder as Javadoc plugin couldn't see it for some reason
Fix failing unit test
Add unit tests for missing cases
Make very large fuzzer not check content type and response schema
Introduce ability for some fuzzers to not match response content type
Change order of matching for response codes and move notFound and notImplemented check later
Extend the response family for RandomResourcesFuzzer
Only apply custom generators for String schemas
Improve error reporting for FunctionalFuzzer and SecurityFuzzer for cases when custom file was empty or required keywords were not present
Changed the sequence of reporting. Error case will get reported 1st, then warning case and then success cases
Fix for the String Boundary fuzzers when field does not specify minLength or maxLenth. In such cases String Boundary fuzzer should fuzz the field with empty string or 10000 char length respectively
Check that --server is a valid URL in all commands
Add new generator for cardholdername
Small fixes for unit tests
Introduce custom http response code to signal different communication issues
Fix issue with data generator that was not considering the fully qualified name
Make fields totaly skippable for fuzzing using a !field syntax
Make Abugida fuzzer expect both 4xx and 2xx as not all services might proper sanitize data
Add unit tests for IOException cases
Consistently handle non-json responses and empty responses
Remove unused configurations
Handle IOException cases when parsing fails during response streaming
Prevent IOException in some cases and remove printing of suppressed exceptions
Fix intermitent failing test country generation
Add missing unit tests
Update CATS acronym
Don't generate data for cats get chema
Change regex in unit test to match wider case
Update existing generators with additional use cases
Use generator first and then check openapi examples
Add missing generator tests
Add new state generator
Add new post code generator
Add new description generator
Add date of birth generator
Add new city generator
Add new generators for address
Add classes to reflection config to be preserved in native image
Add test id and fuzzer name in user-agent header
Improve argument help as it wasn't correct
Generate arrays with minItems rather than maxItems
Rever to rgxgen 1.4 as 2.0 has performance issues
Introduce faker library to be able to generate real data
Fix path towards xss.txt
Add documentation about the custom files used by CATS
Add unit test for oneOf/anyOf limit and fix sonarqube violation
Add proper styling for custom http methods
Don't match body when regex and body are null
Print proper error when supplied files are having wrong syntax
Update cats_autocomplete with latest arguments
Change fuzzValueProducer to create objects instead of strings
Init terminal width compute through the CommandSpec
Change formular for computing total number of tests to run
Return empty array instead of null for arrays without schema
Add argument to limit number of possible anyOf/oneOf combinations
Add singular arguments for all plurals
Don't print progress in dry run as it has summary progress
Remove dependency on jline and get terminal width with picocli
Extract fuzzer filtering based on http methods in a method to make unit testing easier
Update dependencies to latest versions
Update cats_autocomplete with latest arguments
Improve matching for validaton errors checking for offending field presence
This predicate was not working properly. If path have GET, DELETE and POST method, then this predicate was skipping all the three method for the fuzzers which are only applicable for POST, PUT, PATCH methods
Small refactorings to improve readability
Remove default value for contentType in run and random commands as it was overriding the wildcard pattern
Addded the fix for countryCode generation
Added the fix for zip code generation
Added the fix for IP address generation
Make the RandomResourceFuzzer fuzz http body requests
Print error when OpenAPI specs are not valid
Move content types for fuzzing in the StringGenerator class
Fix for #102 - exact values fuzzer for number is now preserving data type
Add new headers mutators
Add Javadoc to specify it only runs for GET and DELETE
Add private constructors
Add new headers fuzzer that sens hypothetical HTTP non-restful methods
Change acronym for CATS
Update dependencies to latest versions
Make all methods in CatsUtil static and remove it as dependency from all classes
Remove dependencies on concrete Schema sub-classes and encapsulate in CatsModelUtils
Add new fuzzers for json keys
Allow custom mutator to load values from external file
Allow to list custom mutator types using the cats list --cmt sub-command
Allow to list mutators using the cats list -m sub-command
Add JsonSchema in reflection config to be available in native image builds
Add compatibility with OpenAPI 3.1
Add missing sub-commands in main help
Revert heap compress setting as is not compatible with all platforms
Set charset to UTF8 when writing to disk
Update cats_autocomplete with latest arguments
Update the LargeXXX and VeryLargeXXX fuzzers to expect response code 431 and don't match content type or response body
Add a new version of okhttp that can process requests without content
Make report width bigger in order to accomodate large fuzzer names and large test numbers
Do not compress references on heap for native image
Add description to cats files
Improve memory usage by not storing the entire test case after being written to disk
Change default values for random heads and large string sizes as fuzzers were failing randomly
Add missing dependency causing native image build to fail
Add javadoc to custom mutator classes
Add unused schemes in cats stats command
Update dependencies to latest versions
Change PathPlurals linter's algorithm to accomodate resources/actions paths
Add unit test for new method that generates random unicode strings
Fix typo in unit test
Fix for #100 when enum might be null, do not issue warning for response schema matching
Add new mutators for the RandomFuzzer
Fix issue with arrays of elements having objects using xxxOf
Add unit test for issue #98
Add unit test for missing branches on RandomFuzzer
Fix for #98 when schema might be null for some reasons
Add possibility to supply custom mutators rather than running the built-it ones
Add more mutators for whitespaces, emojis and control chars
Isolate the Random provider in CatsUtil and add constructor injection for Mutators
Introduce support for continuous fuzzing based on matchers and conditioned by stop triggers
Small tidyings to improve readability of code
Update autocomplete script with latest arguments
Small tidyings to improve readability of code
Remove xdoclint missing warnings
Add Javadoc to public methods
Update TestCaseExporter.java
Add Javadoc to public methods
Make validate sub-command properly display version for swagger specs 2.x
Fix for #96 - preserve data type for global variables in functional fuzzer
Add new command to validate if OpenAPI specs are valid
Update dependencies to latest versions
Update ExactValuesInFieldsFuzzerTest.java
Update StringGenerator.java
Add javadoc for public methods and classes
Update dependencies to latest versions
Add new --matchInput argument to check if input is reflected in response
Exclude ConsoleUtils from unit test coverage
Add unit test for uncovered code
Add unit test for uncovered code
Add unit test for uncovered code
Report errors even when running in blackbox mode and reporting is ignored
Add new argument toogle for cases when services might allow invalid values in enums
Fix issue with generating examples for array schemas with null internal schemas
Skip json objects case linter for non-body http methods
Add extended help for sub-commands similar to the main command
Fix NPE when expected response headers were null
Fix for #94 - IllegalStateException when computing anyOf/oneOf an array contains primives
Change expected result and response message for user dictionary and template fuzzers in order to match arguments supplied
Fix issue with --matchResponseRegex argument which was ignoring the regex
Add more help to the cats command which includes exit codes and examples to run
Fix sonarqube violations
Add abbreviate command options
Update dependencies to latest versions
Don't replace url params for RandomResourceFuzzer
Add unit test for uncovered code
Add unit test for uncovered code
Make sure content types also include versioning or vendor extensions when matching
Add unit test for uncovered code
Add unit test for uncovered code
Make CatsResultFactory an interface as it's not needed for instantiation
Add latest arguments in cats_autocomplete
Refactor fuzzer configuration to check for expectedResponseCode in a single place
Remove unused method
Add support for configuration of default values for fuzzers
Add unit test for POST requests with empty body
Update dependencies to latest versions
Fix for #92 - NPE when schema was empty
Add key=value pair arguments as alternative to file arguments
Fix issue with multi-levle anyOf/oneOf declarations in order to generate all possible combinations
Add more javadoc for public methods
Add condition to skip invalid maps
Fix issue when path was longer than screen size
Avoid some stacktraces when tests were running
Attempt to fix cases when regexes are overflowing
Add more unit tests for negative scenarios
Attempt a fix for stackoverflow issue during string generation for some regexes
Fix matching paths failing due to { and } not being escaped
Ignore release files
Add unit test to check the VeryLargeXXXInFields fuzzers do not require pattern matching against schema
Add unit test for case when field is present in path but not in the openapi spec
Update unit test to add assertion and proper name
Skip regex matching against schema pattern for VeryLargeXXXInFields fuzzers
Add default value for responseContentTypes to avoid NPEs
Throw exception when field is declared in path, but it doesn't have a definition
Add possibility to have multiple additional parameters in ref data file
Fix issue with keys having spaces in name
Optimize String generation and accomodate different corner cases based on size and regex
Fix issue in OverflowMapSize when map was null
Add idempotency and security headers in cats stats
Fix intermitent failing test due regex generation issues
Add latest arguments in cats_autocomplete
Remove unused variable
Introduce an additional regex generator library to accomodate additional weird regexes
Add tests for uncovered executions
Add tests for uncovered executions
Add possibility to include/skip tags
Add possibility to filter paths based on tag when using cats list --paths
Fix potential stackoverflow for generated bodies regex
Fix potential stackoverflow for generated bodies regex
Fix potential stackoverflow for generated bodies regex
Fix issue for oneOf/anyOf usage when one of the possibilities was actually nullable
Fix reporting issue for FunctionalFuzzer in --verbosity summary
Fix reporting issue for global linterns when running with --verbosity summary
Switch off logging for jline
When operationId is null return path + http method
Remove path name from versions fuzzer as it runs globally
Fix scenario name for QueryParamsCaseLinterFuzzer as it wasn't taking into consideration the naming name
Add more generated body names to naming linter
Make cats stats customizable so that you can filter certain information
Update cats_autocomplete with latest arguments
Update bug template to be more descriptive on steps to reproduce
Add check for content type matching and ability to ignore it command line through argument
Add new fuzzer to check that headers in response match the ones defined in the contract
Use ThreadLocalRandom as it's already properly registered for initialization with native images
Make ReplayCommand display similar output when received response is not a json
Fix intermitent failing test due to elements order
Fix parametrized test that didn't properly use the parameter
Fix some sonarqube violations
Add new argument to mask sensitive headers when writing in console or report files
Avoid calling mock in verify()
Remove runFilter as it wasn't actually needed
Add unit tests for new added method
Ignore *Entry entitie from code coverage
Move json serializer to the .json package
Fix typo in fuzzer description
Fix regex to avoid denial of service
Rename RecommendedHeadersLinterFuzzer to TracingHeadersLinterFuzzer
Change VersionsLinter to consider versioning info from paths, servers and accept headers
Add more javadoc for public methods
Add argument to list info for a single path
Move VoidGenerator in api package
Add more archunit tests
Change CommonWithinMethods to not depend on FuzzingData as it only uses the fuzzed field Schema
Correct javadoc to refect that default CatsDSLParser is NoOpParser
Move initLogger to constructor as it makes more sense
Fix small layout issues
Remove deprecated class from ReflectionConfig
Update dependencies to latest versions
Move VoidGenerator in api package
Add new stats sub-command
Fix bolding issue for argument help
Split NaminsLinterFuzzer in separate fuzzers for better control
Don't include versioning path parameters into the naming conventions
Record request details earlier when doing the service call so that they are available in case of failure
Don't add the entire payload to the description
Add more details to the cats info sub-command
Add 501 to ignore list when running in --blackbox mode
Update cats_autocomplete with latest arguments
Change pitest xmx value
Add mutation testing with PIT
Make sure exceptions are displayed in --verbosity summary if CATS cannot run at all
Fix progress issue for functionalfuzzer with --verbosity summary
Proper fix for #85 - arrays were not always correctly replaced
Refactor 3 tests in a parametrized test
Fix for #86 - oneOf/anyOf with simple types was not properly handled to create valid payloads
Add info command to display details about os and cats version
Update issue templates
Fix for #85 - properly replace arrays when passed in securityfuzzer file
Refactor to use records
Update dependencies to latest versions
Add possibility to replace entire request body with custom payload with SecurityFuzzer
Add checkFalse and checkTrue for assertions to replace checkBoolean
Add new fuzzer that inserts invalid json elements in valid requests
Add new fuzzer for random dummy invalid json body
Add new fuzzer for null unicode symbol body
Add new fuzzer for null unicode body
Add new fuzzer for empty json body
Add new fuzzer for empty json array body
Change description of malformedJsonFuzzer as body is properly added in report now
Enable dumb terminal for jline to remove warning when compiling to native code
Fix boolean condition to don't evaluate both sides
Filter blank lines and commented lines from string files
Add argument to send application/merge-patch+json for PATCH
Add argument to skip deprecated operations
Update run result image with --verbosity=summary output
Make --verbosity=summary the default value
Update cats_autocomplete with latest arguments
Fix failing unit tests after changing skip strategy reason
Don't attempt to run fuzzer if field is not part of the payload
Display separator between tests considering the console columns
Don't display skipped tests in final summary
Display separator between tests considering the console columns
Add xxxOfSelection argument in RunCommand
Enable more logging levels when CATS finishes in order to display execution statistics
Add setter for oneOfSelection/anyOfSelection so that it can be set from different commands
Remove empty line
Small refactoring after introducing --verbosity
Introduce --verbosity argument to allow a more compact output in console
Introduce --verbosity argument to allow a more compact output in console
Add 8 new fuzzers that are sending non-json request with different values
Exclude all fuzzers from duplicate analysis as some will follow templates which are 99% the same
Make Payload default to be displayed when opening individual tet cases
Rename method to correct typo
Add argument to be able to filter anyOf and oneOf selection if only one is valid
Introduce new argument to control number of random headers sent by the random headers fuzzers
Catch IllegalStateException as it might be thrown by OkHttp when parsing response
Preserve Of in the Fuzzers naming
Make response json parser more relaxed and use rfc4627
Move --skipFields and --skipHeaders from IgnoreArguments to FilterArguments
Fix issue for matching Cache-Control header when having multiple values
Update cats_autocomplete with latest arguments
Add additional unit tests
Add 2 new arguments to filter based on field type and field format
Refactor CatsResult to not use enums as instances were not immutable
Make CATS banner be displayed only when printing help command
Add new argument to set max response time and fail tests if it's exceeded
Encapsulate 999 as invalid error code and expose helper methods
Fix issue with fields naming conventions being reported multiple times
Don't include request/response details in linters report file
Remove 400 from expected response codes list for GET, DELETE and TRACE
Remove Test from the log prefixes; leave only the test number
Improve javadoc
Update dependencies to latest versions
Change method order to avoid sonarqube flagging duplicate code
Increase unit test coverage
Move unit test in the right place
Replace equals and hashcode with lomobok equivalent
Change order of methods to unflag for duplication
Improve logging and reporting when tests are ignore based on --ignoreXXX arguments
Don't even attempt to execute tests and mark them skipped if fuzzer cannot be applied to given field type
Add 3 new fuzzers for Content-Length and Transfer-Encoding
Small improvements for readability and remove of deprecated apis
Update dependencies to latest versions
Add more details to the list --paths subcommand
Refactor security headers fuzzer to allow X-XSS-Protection to either not be present or have value set as zero
Unify 2 tests into a parametrized one
Make logs a bit cleaner and add some initial info related to os and openapi details
Change log formatting to remove log label
Display old/new status code and response body for easier diff when doing cats replay
Add new argument to sent User-Agent header
Add 2 new HTTP fuzzers that sends null and empty bodies
Add new argument to disable colored output
Fix issue #83 - parsing functional file invoked SpringEl parser
Fix issue introduced by Quarkus update that removed subcommands without warning
Uncomment line provisioning CATS version
Fix issue when root element was an array, CATS was only generating a single root object element
Add note about using CATS as a Maven dependency
Bump com.squareup.okio:okio from 3.2.0 to 3.4.0
Update dependencies to latest versions, including update to okhttp to 4.11.0
Add more documentation to public methods
Change secret names for GPG signing
Add nexus release plugins
Add missing project url information
Add missing developer information
Add missing distribution from github action
Setup Java before invoking any maven action
Add missing clean goal meant to install the custom okhttp package
Change actions order to pack first and release after
Add github token to resolve packages
Add proper name for the workflow
Add workflow to release to Maven central
Update openapi generator to 7.0.0
Fix corner case for oneOf definitions when there are multiple arrays nested
Update dependencies to latest versions
Fix issue with Linters not running due to name changes
Update maven wrapper to 3.9
Fix for #80 - allow null values in cats config files
Fix for #75 - preserve types when readinf from cats config files
Bump com.github.tomakehurst:wiremock-jre8 from 2.35.0 to 2.35.1
Update dependencies to latest versions
Add fields to be replaced by security fuzzer in tests
Small UI tweaks for reporting
Make sure json check is a valid json, not numbers or strings
Fix minor styling issues for dark theme
Fix for #73 - make sure collection is not immutable when adding elements
Update cats_autocomplete with latest arguments
Make long paths break lines in test details page
Make list command not indent fuzzers and paths in console
Add updated report for the test details page
Add images with updated report
Change logo to svg for better scalling
Add description in logo
Change source images for logo
Change source images for logo
Change source images for logo
Show logo based on theme
Show logo based on theme
Show logo based on theme
Show logo based on theme
Show logo based on theme
Show logo based on theme
Show logo based on theme
Add new logo for CATS
Reskin CATS reporting summary page
Add possibility to remove fields when using the Function fuzzer #72
Add 2 new arguments to ignore reporting for success and warning
Update dependencies to latest versions
Add some unit tests for the version checker
Add update check functionality to display new version if available
Add possibility to select granular log levels
Update dependencies to latest versions
Add possibility to skip fuzzers when running lint command
When searchig for the fuzzedField in validation error response accomodate for snake-case and kebab_case
Don't escape query params when outputing the full request path
Ignore empty_body when checking naming conventions
Update quarkus to latest version
Add new Fuzzer to overflow map sizes
Switch skip message to debub to avoid too much logging
Add test for missing branch
If array has no maxItems, use the largeStringsSize argument value
Add missing fix for unit test related to number of fuzzers
Add new Fuzzer to overflow array size
Add fuzzers to replace arrays with primitives or objects
Change method name to createFuzzerContext in order to cache the value for future uses
Change the value for almost valid UUID values
Refactor headers fuzzer to use builders rather than inheritance
Add new Fuzzer to replace objects with arrays
Add new fuzzer to replace primitive values with objects
Fix out of bounds issue with pattern containing lenght
Update cats_autocomplete with latest arguments
Remove redundant thrown exception from method signature
Update dependencies to latest versions
Rename summary reports from .js to .json as they were actually json files
Add support for #71 - produce test case reports when replaying tests
Add ability to set server argument in replay command
Insert special characters in fuzzed values for all string fields, not only those matching StringSchema
Sanitize data for fuzzers sending exact length values in fuzzed field
When searchig for the fuzzedField in validation error response accomodate for snake-case and kebab_case
Don't send query paramters when they are set to null
Fix for #69 - NPE when using discriminator + mapping + root oneOf elements
Remove graalvm dump during native image build
Update dependencies to latest versions
Fix issue with oneOf payloads that have a common base class
Switch springel parser logging to trace
Update to quarkus 3.0.1
Add the openapi file used by the unit test
Second fix for #66 - generate array sizes based on mixItems and maxItems
Update dependencies to latest versions
Fix some sonarqube violations
Fix some sonarqube violations
Fix for #66 - CATS was generated more payload combinations than needed for level 3 anyOf
Small fixes
Remove joda.time dependency as is not used anymore
Move reflection and resources config in application.properties
Remove dependencies which are not used too much
Small optimizations to improve readability and extensibility
Make CatsDSLParser being used only through static methods
Add file used by the unit tests
Move methods from CatsUtil to the classes the use them
Remove unsued parser and introduce local variable for default parser
Add latest arguments and commands in cats_autocomplete
Add Unit Test for supplied headers to keep number when replaced
Add replace user supplied header logic in a separated method
Make methods signature consistent when adding headers
Isolate reporting logic in a dedicated method
Add --skipHeaders argument
Bump json from 20220924 to 20230227
Remove unused imports
Swtich SpringELParser logging to debug to be less verbose by default
No need to parse the payload for TemplateFuzzer through the DSL
Display cats running time in minutes and seconds
Replace replaceAll with replace as there was no regex
Remove unused import
Enhance the capabilities of expressions that can be used in custom files
Fix for #63 - example should already be in a json format
Update quarkus to latest version
Add exit code for Lint and Run commands
Add log line for when fuzzer finishes to run
Add HTTP_HEADER as possible value for the naming parameters
Improve linting for naming of OpenAPI elements
On empy array results consider it matches the response schema
Fix string genration issue when schema had pattern but no mix, max
Fix issue with query params being defined as object schema
Fix issue with allOf schemas and required fields part of root schema
Ignore cases when searching for a validation error for a field in the response
Remove deprecated graalvm property
Remove snake yaml explicit dependency
Correct the number of Fuzzers
Ignore cases when searching for a validation error for a field in the response
Update dependencies to latest versions
typo
Update libraries and plugins to latest versions
Fix issue when discriminator was an enum with it's own schema (rather than inline schema)
Remove CR from the spaces characters list as this is now in a dedicated Fuzzer
Simplified if expression which always evaluated to true
Abugidas Fuzzer doesn't need to maintain size as the APIs are expected to sanitize data
Separate the CR & LF characters into a dedicated fuzzer for headers
Add 2 new fuzzers that sends a large number of headers
Update quarkus to latest version
Proper fix for the build badge, replaced the other badge by mistake previously
Fix badge for build status
Update dependencies to latest versions
Extract strings as constants for better readability
Make DurationGenerator generate wrong values
Remove generators from Sonaruqbe duplicate analysis
Add new command to list OpenAPI formats supported by CATS generators
Add cats replay command to simplify tests replay
Add curl command for each test so it can be easily reproducible for non CATS users
Fix for #53 - make CATS allow CSP frame-ancestors 'none' as alternative to X-Frame-Options
Add more generators for invalid formats
Simplyfied if statement
Add info about build from sources
Update dependencies to latest versions
Re-write the logic for matching generic response codes in special fuzzers
Add comments around how values are generated
Fix unit test with better assertion
Improve generation of values for fixed length fuzzers
Make SecurityFuzzer consider the supplied http method and optimize for nosql injection strings
Make custom Fuzzers allow generic response codes for expectedResponseCode
Update quarkus to latest version
Fix issue with custom contentType not being properly loaded from the specs
Fix issue with auth script not properly refreshing after interval
Update quarkus to latest version
Fix failing unit test
Remove duplicate card numbers
Don't run Exact fuzzers when field has a format
Remove including fields that have format, but no boundaries defined
Add new generator for unixtime
Add more randomness to the format generators
Add informative messages if cats detects many io exception or 401/403s
Improve error messages to be more informative
Skip boundary fuzzers for numbers when field is ref data
Refactor the format generator logic to include both valid and invalid values
Make CheckDeletedResources fuzzer run only for GET requests and create custom check response
Avoid double base64 encoding of byte and binary data examples
Make ExamplesFieldFuzzer ignore examples created by cats for composed schemas
Display output with no format for cats list command
Add log for http method and path when starting fuzzer
Replace Schema with Schema.type when deciding if Fuzzer will run based on data type
Replace new BigDecimal with BigDecimal.valueOf
Fix some sonarqube violations
Fix failing unit test
Change generator for integer left boundary to return Long.MAX and Integer.MAX
Fix typo in fuzzer description
Change generators for boundary and extreme numbers to better aligned with the OpenaAPI defined formats
Switch conditions as match arguments are supplied less often
Remove Fuzzer from fuzzer names from console and reports
Rollback heading to documentation links
Add heading to documentation links
Move documentation from README.md to endava.github.io/cats
Remove site publish workflow from master
Setup workflow to publish documentation site
Make Random static non-static for smooth compile to native binary
Add details about the supported OpenAPI formats
Add new generators for additional OpenAPI formats
Make Random static
Add new generators for additiona OpenAPI formats
Refactor the format generator logic to be more extensible
Add new Fuzzer to send full Examples from the OpenAPI specs
Improve documentation for auth_script refresh
Add documentation about the usage of checkBoolean in SpecialFuzzers
Fix issue with SpecialFuzzers not running at all since SpecialFuzzers are not loaded by default anymore
Introduce possibility to check boolean expression in verify section using checkBoolean keyword
Move classes around for better structure and layers
Remove redundant logic from parsing composed schemas
Replace deprecated method from openapi tools
Separate test case execution into a method
Remove reports path initialization to /tmp
Add some simple archunit tests for class naming
Update documentation
Add exact path from contract in final report
Update dependencies to latest versions
Add more payloads for the InvalidReferencesFieldsFuzzer
Add default value for report path
Add a new fuzzer to check that resources are not available after delete
Small improvements reported by error-prone: missing annotations, javadoc, etc
Fix failing unit test
Add missing error-prone configuration
Add error prone for compile time bug pattern checking
Store successful delete responses for future fuzzers
Add unit test for empty body PUT
Centralize test case reporting in TestCaseListener to 2 methods per level. Done info, error
Centralize test case reporting in TestCaseListener to 2 methods per level. Done warn
Add a new xss payload example
Add default values in CatsTestCase in order to avoid explicately setting them
Remove duplications form cats_autocomplete
Make some fuzzers skip if payload is empty
Exclude path from final report http response
InvalidReferencesInFieldsFuzzer runs similar for all HTTP methods
Add full request path in CatsResponse
Take examples form Parameter class into it's corresponding schema when schema example is null
Update dependencies to latest versions
Add new fuzzer to fuzz path params with invalid references for all http methods
Fix issue when fuzzing strategy was not properly replacing json arrays but property was already retrieving arrray values
Add method for is4XX response code
Fix issue when fuzzing strategy was not properly replacing json arrays
Fix NPE when exception message was null
Add @Override to method
Add possibility to override the path in SimpleExecutorContext
Avoid printing duplicates when skipping HTTP methods
Update dependencies to latest versions
Handle case when request is PUT or POST but body is empty
Update documentation with missing arguments
Swith reason paramter location so that DryRun aspect properly intercepts the reportXXX methods
Fuzz authentication headers when using UserDictionaryHeadersFuzzer
Add possibility to set the auth token using a script so that you can refresh it after certain interval
Add more junit tests to cover more branches
Fix small sonarqube violations
Contract Fuzzers were already removed so no need to remove them again
Remove headers field as is not needed for the HeadersIteratorExecutor
Remove unused import
Isolate loading data from files in a common method
Don't replace refData when replacing objects with primitives
Ignore fields that are not present
Add documentation about the FieldsIteratorExecutor
Add method to check is field is present in json
Use SimpleExecutor in more places + add more documentation for it
Isolate fuzzer execution logic in Executor classes
Isolate Fuzzer logic into executor classes for HTTP fuzzers
Add possibility to disable granular log levels
Update documentation with missing fuzzers
Add badgets for commit and ci status
Update autocomplete scrip with latest commands and options
Add missing arguments for Run and TemplateFuzz commands
Update dependencies to latest versions
Add Custom User Dictionary Fuzzer for headers
Increase unit test coverage
Fix sonarqube violations
Add new UserDictionary fuzzers
Remove unfinished Fuzzers
Add setter for headersMap
Remove SpecialFuzzers from the default run
Add missing CatsExecutor class
Fix bug that was creating refData_replaced when functional fuzzer was not actually running
Change User Arguments to Dictionary Arguments
Allw cats run to parse simple headers using -H
Fix info reporting when skipReportingForIgnored is enabled
Isolate fuzzer run logic in CatsExecutor in order to reduce duplication
Add FormEncoder from stripe package to the codebase as it's the only class used
Add possibility to supply wildcard paths in --paths and --skipPaths
Fix failure when request didn't have body, but cats was trying to match post and delete
Fix typo in log line
Add possibility to supply headers using -H to override headers from the replay files
Add possibility to supply headers using -H
Change --checkHeaders to -A in order to use -H for headers across all commands and sub-commands
Update dependencies to latest versions and removed unused dependencies
Update dependencies to latest versions and removed unused dependencies
Improve logging to be less verbose for default run
Improve fuzzer descriptions to be more comprehensible
Allow payloads to be supplied as env variables in TemplateFuzzer
Display response code in summary report page
Small refactorings to improve readability
Fix crash for invalid json paths
Update description to onlu display headers name
Fix toString displaying non-user friendly data
Update dependencies to latest versions
Add new Fuzzer for sending default values
Update documentation
Add missing toString method to display fuzzer name
Add new fuzzer with large integers in numeric fields
Add new fuzzer with large decimals in numeric fields
Change order of headers to that they are displayed last in the final report
Record more details in CatsResponse in case of IOException
Format dates and date-time objects when returning from examples
Update quarkus to latest version
Add a new Fuzzer to iterate through each enum value
Add a new Fuzzer to replace objects with primitives
Change small things to leverage Java 17 syntax
Change small things to leverage Java 17 syntax
Rename some fuzzers for consistency
Add reason for skipping when field schema not matching String schema
Fix failing unit test
Allow to set root log level without specifying the package
Update java to 17 for github actions
Add timestamp of test case in final report
Print empty response when service returns empty
Print reponse headers in final report
Change minimum java version to 17
Small tweaks for the final report
Take into consideration enums when generating numbers
Don't reuse connection to see if it fixes io issues with non-rest http methods
Fix issue with json summary not being created on native binaries
Export time execution details as json
Fix issue with incomplete reporting when exceptions are thrown during execution
Add non-zero exit codes when something goes wrong
Don't create the cats-report folder when doing a --dryRun
Add global exception handler
Add possibility to have environment variables in test files when running > cats replay ...
Remove unused paramter and uncommented code
Fix issue with specific custom json mime type
Fix boundary fields running for DateSchema and DateTimeSchema
Fix issue with InvalidValuesInEnums fuzzer running for non-enum fields
Fix issue with some anyOf/oneOf payload not properly generating all payload combinations
Fix sonarqube violations
Print ListCommand as json
Update dependencies to latest versions
Fix issue with path being replaced as #### when tests failed due to connection issues
Add queryParams so that you can append query params which are not part of the API specs
Fix issue with --dryRun not reporting all tests
Add possibility to output to JSON for selected commands
Update dependencies to latest versions
Remove unfinished test
Rename LOGGER to logger as is not a constant
Make loggers non-static in order to properly read env variables
Update dependencies to latest versions
Update dependencies to latest versions
Update dependencies to latest versions
Fix for #44 - make CATS deal with anyOf/oneOf cases generated by NSwag
Update README.md
Add missing transient dependencies as GraalVM 22.1.0 does not allow incomplete classpaths
Update dependencies to latest versions
Refactor behaviour for Abugidas Fuzzers to not expect fail by default
Make Zalgo text prefix valid values
Order Fuzzer names so that they are easier to browse in report
Fix issue occuring for NullValuesInFieldsFuzzer that was treating null as string null rather than null value
Make XXXOnlyFuzzers run for DELETE and GET
Fix issue when content type was not properly added when using custom vendor headers
Fix issue for some query params not being properly url escaped
Fix issue in StringGenerator that was looping indefinetly for some patterns
Fix handling of cyclic dependencies
Update to codeql actions v2
Introduce JUNIT report format
Update okhttp to 4.9.3
Fix small sonarqube violations
Remove TrimValidate, ValidateTrim, SanitizeValidate, ValidateSanitize from fuzzer names
Add missing coverage for boundary methods
Change numeric fields to be used as Numbers instead of Strings
Allow run command to use ignore arguments in order to filter final results
Improve display and diagnostic for Contract linters
Update dependencies to latest versions
Make SecurityFuzzer accept http_headers as targetFieldTypes
Fix issue when response was marked as ignored when body was empty
Make SecurityFuzzer print more explicit output when required keywords are not present in the securityFuzzerFile
Update toString to replaced proxied class name
Update BypassAuthenticationFuzzer with more auth headers
Update cats_autocomplete with latest arguments
Add more bugs found by CATS
Uncomment resourceBunlde used to get version data
Enhance unit test coverage
Update dependencies to latest versions
Change apache HttpHeaders to guava's one
Add catsFuzzyField within the CatsDSLWords class
Add field from NewFieldsFuzzer in query params
Replace with HttpHearders.ACCEPT constant
Create ParametrizedTest from 2 individual tests
Avoid printing log with not supported content type when multiple content types for same body
Generate example for EmailSchema
Add more debug and escape content when response is not JSON
Add default content-type for GET and DELETE requests
Add debug argument for ReplayCommand
Update README with content type limitations
Introduce support for application/x-www-form-urlencoded
Add support for application/x-www-form-urlencoded
Make PayloadGenerator return a single example rather than a list as everything is assumed in json format
Remove mediaType when generating payload samples are not needed
Align printing exception stacktrace to CATS log level
Detect cyclic dependencies and return after level 5
Print log line when content types is not supported or recognized
Add non-JSON responses in the final report as raw data
Update help to reflect the --checkContract removal
Add more debug logs when creating payload examples
Fix issue when TemplateFuzzer was runing when not needed
Make ServiceCaller not to load on startup in order to avoid printing logs when running subcommands
Rename Abugidas Fuzzers to make the name shorter
Add new command to only run ContractInfoFuzzers as linters
Improve documentation for subcommands
Remove public modifier from test class
Remove @Startup from ServiceCaller as it was causing a note log to always be displayed
Add latest arguments and commands in cats_autocomplete
Improve diagnostic in case of failues by adding more debug logging and a debug -D option
Add match arguments for TemplateFuzzer to be able to only match given criteria when reporting
Add setLogLevel in ReportingArguments and add debug argument
Add more unit tests
Add instructions to install CATS via homebrew
Data defaults to null and replace with {} when constructing FuzzingData
Return NOT_SET when json parser throws exception
Add possibility to record non-json requests in final report
Fix issue when matching query params with target fields fuzzed values
Make data default to {}
Load ServiceCaller at startup and return generic message when response not a json
Add help for the new ignore arguments
Add possibility to ignore responses based on a given regex found in the response body
Add response lenght, words count and lines count in CatsResponse within report
Add possibility to ignore responses based on response lenght, number of words or number of lines
Fix issue when query part was null
Make rate limiter work also with TemplateFuzzer
Rename some methods for consistency
Update TemplateFuzzer to fuzz the service path
Update documentation for TemplateFuzzer GET requests
Remove unused imports and make logger static
Add unit tests for TemplateFuzzCommand
Fix issue with surefire reports crashing due to \uFFFe
Add a new Fuzzer for user supplied request templates
Make CatsRequest to use builder
Move large unicode string from StringGenerator to PayloadUtils
Switch logger to pl4j
Remove unused imports
Javadoc and formatting improvements
Create method in CatsResponse to get response code family based on response code
Move ZALGO_TEXT variable in PayloadUtils
Replace http method with body check with the one from HttpMethod
Add response code comparison in ResponseCodeFamily
Improve javadoc
Improve javadoc and move to a more specific package
Change method signature to return data rather than modify input data
Improve javadoc
Improve javadoc
Uncomment resourceBunlde used to get version data
Small refactorings to improve readability
Add required httpMethod key to reflect required elements
Update quarkus to latest version
Improve documentation for annotations
Update autocomplete scrip with latest commands and options
Add unit tests for content type with charset
Content type containing charset was not properly extracted from the openapi contract
Enable empty and null fields fuzzer to run for GET query params
Reduce code duplication by changing base class
Add new field Fuzzers for abugidas characters
Add test for examples in query and path params
Update dependencies to latest versions
Update autocomplete scrip with latest commands and options
Add new argument to ignore skip response codes in report
Update documentation with the latest Fuzzers and fix some typos
Rename CustomFuzzer to FunctionalFuzzer
Add new Fuzzer for abugidas chars in headers
Add possibility to add ALL as path name in securituFuzzer file
Add targetFieldTypes in SecurityFuzzer to support broader scope run
Add new Fuzzers for zalgo text in headers
Third attempt to fix Swagger 2 parsing issues in native images
Update documentation with the latest Fuzzers
Update autocomplete scrip with latest commands and options
Manually try Swagger2 and OpenAPI 3 parsers to fix issue with Swagger 2 specs not being parsed in native images
Disable ANSI formatting when NO_COLOR env variable is set
Add option to change to output folder for CATS reports
Export summary report in json format along with the html one
Change how report types are being injected in order to accomodate additional report types in the future
Add method name in Scenario text to have summary report more comprehensible
Add Swagger 2 parser in ReflectionConfig in order to be included in native images
Update to quarkus 2.6.2.Final
Add new Fuzzers for zalgo text
Improve regex performance in order to avoid stackoverflow
Fix for strings generated with validateAndSanitize strategy to maintain size
Update plugin versions
Refactor package composition for better seggregation
Cache POST requests in a Queue so that DELETE requests have enough resources available
Fix an inheritance issue for ControlChars/Emojis fuzzers that caused list command to wrongly display the Fuzzer numbers
Small fixes
Add 6 new Emoji Fuzzers for HTTP headers
Make large Fuzzers skip matching response schema
Fix small sonarqube violations
Improve error handling for --contract and --server to be consistent both in CatsCommand and subcommands
Introduce the ability to customFuzzerFiles and securityFuzzerFiles using the run subcommand
Introduce the ability to create refData files using the CustomFuzzer
Introduce support for readOnly and writeOnly fields #19
Fix NPE when tests were not supplied for replay command
Tweak color scheme when displaying help
Fix accidental typo
Increase unit test coverage for corner cases
Introduce support for response code ranges #20
Improve unit tests coverage
Remove GlobalData static class from PayloadGenerator and created a @Singleton
Improve readability in some places
Make replay command support proxy and additional auth
Revemo application/json from unsupported headers list
Create some small methods to isolate behaviour related to variable parsing in custom files
Separate all logic related to Fuzzer list in FilterArguments
Fix small typo
Make toString replace _Subclass due to Quarkus proxy
Fix issue when fuzzed headers were not properly merged with user supplied values
Replace System.out with pl4j console logger
Register resources for GraalVM
Group logic related to dynamic variables inside the CatsDSLParser
Fix tests for request parameters in custom files
Fix tests for request parameters in custom files
Register some common classes for reflection so that they can be used in native images with dynamic expressions
Update to pretty logger 1.9
Fix documentation for using request. in custom files and add limitations for native images
Update libraries to latest versions
Split CatsUtil into more specialized classes
Introduce ability to supply --contentType when using content negociation
Fix bug when payloads were not generated for each oneOf combination when --useExamnples=false
Add random test number so that test won't fail intermitently
Make native-image to not ignore swagger data models which causes native binaries to fail
Server is not mandatory anymore as you can use --dryRun to see how many tests will be generated
Add help about creating refData using the CustomFuzzer
Make sure CATS sends only one header when supplying a headers file
Introduce alternative string generator for cases when current one does not generate valid strings
Improve help styling using ansi codes
Add comments around banner to avoid breaking scripts
Remove banner at the end
Add native binaries to gitignore
Add cats autocomplete script
Add maven wrapper
Add help after Quarkus update
Add ability to write output variables in refData files when CustomFuzzer runs
Add one letter options for the most used arguments
Remove unused elements
Add dryRun functionality back using Interceptors instead of Aspects
Change version provider from text file instead of manifest as it was not working in native image
Improve unit tests coverage
Make CATS exit with error exit code when it founds errors
Merge 3 tests into a parametrized one
Inject build time in application.properties
Remove help for skipFuzzersForPath as is not used anymore
Remove help for skipFuzzersForPath as is not used anymore
Ignore VersionProvider from code coverage
Add version provider to support dynamic versioning in the command annotation
Add support for the help command
Improve help
Remove warning when all fuzzers are running as lengthy fuzzers are now disabled by default
Full migration from Springboot to Quarkus
Stable version of Picocli + Springboot
Prepare transition to Picocli by removing dependencies on Spring
Remove Fuzzer enablement config from application.properties
Remove unused imports
Fix typos
Update README structure to make it more comprehensible
Add a blackbox argument to only report 5XX error
Update to springboot 2.6.0 and fix circular dependency issue
Change the random unicode generator to start with a payload with crafter unicode chars
Properly use PrettyLogger
Small formatting fixes
Fix issue with response code and body check being ignored always when supplying any of the ignoreXXX arguments
Add correct number of Fuzzers
Add test for the VeryLargeUnicodeValuesInHeadersFuzzer
Add new arguments to ignore undocumented response code and response body checks
Fix layout for final report in summary table
Change the logic for VeryLargeFuzzers and add a new Large values fuzzer with random unicodes
Environment variables are now refered using 5136 instead of one $
Extend .gitingore with additional files
Introduce the ability to set the size of strings sent by VeryLargeStringsFuzzer
Add possibility to refer env variables in headers and refData files
Change testCases to tests for simplicity
Make ControlChars, Whitepsaces and Emojis fuzzer not being enabled by default
Change test case to test in all places
Add short description in logo
Change start of README
Change start of README
Change start of README
Change start of README
Change start of README
Change start of README
Add the possibility to also supply --help, -h and --version, -v for help and version
Update the test report screenshots
Fix issue with execution statistics not printing anymore and cats-report folder being deleted when running helper commands
Introduce the possibility to replay specific test cases by supplying a json test case output from CATS
Fix oneOf bug
Restrict printing execution statistics to summary only and add a new value you can supply for detailed statistics
Add the possibility to ignore specific http response codes and ingore WARNs and ERRORs reported when those codes are returned
Remove redundant havingValue from conditional property
Make getErrors() return 0 when using --dryRun
Remove --reportingLevel argument as it was redundant and extend --log to pick up multiple packages
Provide stacktrace when CATS fails #17
Include 404 as a special result reason category
Add a new column in report with the warn/error result reason
Make default min 5 when no left boundary provided for String schemas
Fix some sonarqube violations
Load FilterArguments to display help when running cats help
Change dryRun to String to allow empty values
Change default value for maxReqPerMinute to 10000
Remove Throwable as not needed and allow dryRun to be interpreted with empty value
Fix typos and add info about dryRun argument
Fix issue causesd by oneOf selecting between 2 primitive schemas
Make DryRunAspect only available if the dryRun=true
Introduce ability to dryRun in order to see how many tests will get generated for each path
Add documentation about using request fields in customFuzzer file
Add possibility to refer request fields in customFuzzer file
Add connectionTimeout, readTimeout and writeTimeout as arguments
Move toString into the base class
Small tweaks
Small improvements for better readability
Fix for #16 - NPE when response schema is a simple object
Change order of printing args and config when running helper commands
Remove configuration details from console when running helper commands
Change java version to 11 and leverage new APIs
Update dependencies to latest versions, including Java to 17
Fix typos and small updates on documentation
Bold fuzzer name and test id in console
Change cats version position within the report
Add cats version information in the report
Remove zero-width-whitespace from the typical alphanumeric regex
Change variable name to not be confused with a constant
Fix some sonarqube violations
Fix some sonarqube violations
Change CheckSecurityHeadersFile to allow multiple values for X-XSS-Protection; PR-13
Report warning when content type is not application/json; #14
Add rate limiting capabilities - #15
Fix issue when a response is using anyOf and the elements can either be an array or a single element
Add help for the new multi code point emoji fuzzers
Add new Fuzzer for inseting multi code point emojis
Add new Fuzzer for trailing multi code point emojis
Add new Fuzzer for only multi code point emojis
Add new Fuzzer for leading multi code point emojis
Add new Fuzzer for leading multi code point emojis
Fix issue with ExactValueInFieldsFuzzer to prevent it from running when a format is defined, but no left or right boundaries
Change default pattern when no pattern defined to also contain zero width whitespaces
Print note when Fuzzers are skipped when no requests fields available
Fix hashCode implementation to match equals implementation
Update to spring boot 2.5.2
Update unit test causing OutOfMemory to only test the length of the string to be generated
Add logic to handle cases when maxLength defaults to Integer.MAX_VALUE
Update README.md
Fix NPE reported under #8
Fix some sonar violations
Add help for sanitizationStrategy
Add a new type of fuzzer for single point emojis
Add a new FuzzingStrategy that inserts data in the middle of valid values
Add new filter for http methods
Improve Javadoc and small typos
httpMethod variable is now mandatory for CustomFuzzer and SecurityFuzzer
Improve Javadoc
Remove spring context from test as not needed
Read yaml entries in LinkedHashMap instead of generic Map
Enable CATS to also perform DELETE operations
Allow java.util packages to be interpreted by SpEl
Improve Javadoc
Improve Javadoc
Improve Javadoc
Re-annotate CatsMain as SpringBootApplication
Fix typos in readme
Add possibility to skip fields from being fuzeed
Remove invalid xml tag
Improve documentation and fixed typos
Run Invisible Chars Fuzzerss also for GET and DELETE
Make sure the report files are not null before deleting
Close keystore file when using mutual tls
Generate correct values when dealing with byte format
Fix typos in readme
Fix typo on readme
Add clean goal in order to deplpy the okhttp-cats jar
Update openapi tools + add clean to initialize okhttp deploy
Add new Fuzzer for non REST http methods
Update documentation with the latest Fuzzers
Print warning when running with all Fuzzers
Small refactorings and tweaks to make code easier to follow
Add explicit Spring configuration imports in order to improve startup times
Add JVM arguments to speed startup time
Small refactoring to make code easier to follow
Add description about the proxy arguments
Move specific logic form ServiceCaller to specific argument classes
Isolate the usage of OkHttpClient in one method
Remove dependency on apache http client
Remove \r from leading spaces Fuzzer as header values are not allowed to start with it As per HTTP RFC \r cannot start a header value, but it can contain it at the end so I moved it in the control chars header fuzzer
Small tweaks and reorganizing of base fields fuzzer classes and tests
Small tweaks and reorganizing of base fields fuzzer classes
Rename ControlCharsOnly to OnlyControlChars for consistency
Add Fuzzers for spaces normally accepted in headers as per RFP like simple space, new line and tab
Use custom version of OKHttpClient and refactor Headers Invisible Chars Fuzzers to always expect 4XX
Switch from HTTP Client to OK Http and add new Headers Fuzzers
Skip ControlChars and Whitespaces fuzzerd to GET and DELETE
Add possibility to use variables in verify section for custom fuzzer
Return replace() strategy for empty strings
Remove unnecessary comments
Add new Fuzzer which inserts Unicode Control Chars in the middle of the strings
Add new Fuzzers for Unicode Control Chars and Whitespaces
Refactor the trail/lead/only spaces Fuzzers to create a foundation for building additional Fuzzers
Fix broken unit test
Fix broken unit test
Add a new Fuzzer to insert zero width spaces in strings
Add UTF-8 encoding for the generated reports
Improve documentation and fixed typos
Add link to CATS github when clicking on the CATS logo
Change run result picture to reflect latest version of CATS
Add the ability to generate html only reports
Rename test-report to cats-report for better accuracy
Update to spring boot 2.4.5
Output all Long values as Strings as Javascript cannot properly handle large Long values
Fix issue when displaying value of skipPaths parameter in the console
Add new argument used to skip paths
Make CATS output reports in a timestamp folder only if --timestampReports is supplied
Add ability to load contracts from URL
Print date and time on CATS report summary page
Throw exception when cannot load security file, custom file or ref data, headers
Update to spring boot 2.4.4
Do not run Lead/Trailing spaces fuzzers for discriminators
Add details about the new ContractInfo fuzzers
Update dependencies to latest versions
Introduce constant for all 2xx http response codes
Add path to the full report when CATS finishes running
Fix scenario wording for security schemes fuzzer
Fix fuzzer being ignored independent of the trimming strategy
Add a new Fuzzer to check for recommended HTTP response codes for each HTTP path and method
Add new fuzzer for invalid http code responses
Report missing schema when a response schema is not present in the schemas section
Add details on how to read the CATS report
Create separate folder in test-report for each run, rather than delete it
Do not display cats running data when displaying help
Prevent double display of tests on first report page load
Add http method to CatsRequest and write in report from here rather than from CatsResponse
Remove Scenario and Expected Result from the fuzzers output
Add fuzzer enable/disable configuration through cats.properties
Add fuzzer enable/disable configuration through cats.properties
Update springboot starter parent to 2.4.3
Externalize help text in config file
Move the print args and help display logic into a simpler method
Move all help logic in argument specific classes
Add more logic in specific argument classes
Move logic to filter fuzzers into the FilterArguments class
Add AuthArguments in the ServiceCaller
Add ProcessingArguments for all arguments related to how CATS will generate data
Add FilterArguments for all properties related to Fuzzer selection
Use only the FilesArguments to get deails about the supplied files
Refactor CatsParams to FilesArguments
Refactor the arguments injection into dedicated classes
Refactor the arguments injection into dedicated classes
Add custom step for build with github token
Update codeql-analysis.yml
Add custom step for build with github token
Add custom step for build with github token
Add custom step for build with github token
Create codeql-analysis.yml
Add a new fuzzer to check for security schemes definition
Fix some typo in the fuzzer texts
Update NamingContractInfoFuzzer to allow start of path and end of path non plural names
Update NamingContractInfoFuzzer to allow start of path and end of path non plural names
Update RgxGen to 1.3 version
Fix for #6 - allow paths to end with verbs when checking for RESTful API naming practices
Change wording on how to load private key in JKS for 2-way SSL
Use CatsMain.EMTPY instead of empty
Add possibility to authenticate with 2-way SSL and basic auth
Fix some Sonarqube violations
Update pl4j version to 1.5
Fix typos in tests
Fix issues when ref data what empty for path, but had ALL ref data entry
Fix typo in actual result
Forgot to commit updated test
Make expected results more clear in terms of expected response code and body
Add more context on expected result for security headers check
Add links with tutorials on how to use CATS
add maven config guidance to README
Fix issue with filtering when clicking outside the span defining the filter name
Change place of Fuzzer name in final report so that is displayed for global fuzzers
Exclude authentication headers from fuzzing
Auth headers were not properly added when names were not exact matching the pre-defined list
Fix issue with name of the fuzzer not appearing in full after logback refactoring
Fix issue with name of the fuzzer not appearing in full after logback refactoring
Fix issue when additionalProperties had a chain of additionalProperties with object schema
Update to pl4j 1.4
Fix issue with auth headers not being parssed correctly
Add github packages repo
Update main.yml
Make fuzzers name shorter when prefixing log line by only use first character of every word from their class name
Change loggin to use pl4j
Change the way the fuzzers check for security headers
Make CATS aware of proxy settings
Make CATS display help when run with no arguments
Fix #4 by adding boundary=cats for multipart headers
Add more details on how the MalformedJsonFuzzer works
Make CATS to not display files related information when running non-fuzz commands
Make CATS to not display files related information when running non-fuzz commands
Update the jacoco maven plugin
Fix issue when a response was an array and response body was not matching properly
Fix issue when a deleting a node from an empty Json
Whitelist the body_ objects generated by OpenAPI when properties are in-line rather than in a Schema
Allow JSON objects to also accept snake_case and hypjen-case
Allow JSON objects to also accept snake_case and hypjen-case
Update documentation about the refData remove fields feature
Allow refData to have fields which are marked for removal before sending the request to the service
Change documentation to only allow # for fields qualifier separator
Change getRefData method to receive the path as the parameter and also consider the ALL refData key entry
Move deleteNode method in CatsUtil and make mergeFuzzing method to work when initial value is null
Add 414 on the list of possible undocummented codes
Add more unit tests for additional scenarios
Add the spotbugs plugin
Catch specific exception when creating the http client
Change visibility to package level
Add encoding when parsing OpenApi file
Fix potential IO problem when parsing a yaml
Add documentation about the usage of JsonPath
Add CatsDSLParser dependency
Make CustomFuzzer and SecurityFuzzer use the new JsonPath implementations
Replace the usage of JsonElement with JsonPath
Use StringUtils.isBlank instead of 2 or conditions
Change ServiceCaller to use JsonPath instead of JsonElements
Add new method to return an empty FuzzingResult
Change visibility of AUTH_HEADERS
Make BaseFieldsFuzzer use the new implementation with JsonPath for replacing fields
Replace application/json string with the one provided by MimeTypeUtils
Improve readability in some places
Make RemoveFieldsFuzzer to use JsonPath
Use JsonPath for testing for isPrimitive and replacig elements from BaseFieldsFuzzer
Make CatsUtil.isPrimitive to use JsonPath instead of custom implementation
Fix SpacesOnly fuzzer which was not properly implemented
Add missing file
Add more tests
Remove unused import
Fix issue when tag name was missing; it seems to have a value of 'null' rather than being null'
Introduce the possibility to run only categories of fuzzers using --checkXXX arguments
Create a new category for CustomFuzzer and SecurityFuzzer called SpecialFuzzers
Fix src/main/java/com/endava/cats/fuzzer/fields/SpacesOnlyInFieldsTrimValidateFuzzer.java being ignored when listing the fuzzers
Improve documentation by structuring Fuzzers in categories
Fix display issue when multiple tags or servers issue were identified
Improve matching of responses against the schema by also checking the presence of the fuzzedFiled in validation errors
Fix an issue when an OpenAPI object was a ref to oneOf elements
Fix an issue when an OpenAPI object was only containing allOf elements
Update tests to accomodate the latest ResponseCodeFamily changes
Add the fuzzedField on the CatsResponse object
Allow org.apache.commons.lang3 to be invoked through SPeL from config files
Fuzzer will check for a group of codes rather than generic 4XX or 2XX
Fix issue when a request/response does not have both Content and ref
Fix display issue when multiple tags were identified
Improve the NamingsContractInfoFuzzer to also check to JSON objects naming
Add a new Fuzzer for checking application/xml for request bodies
Small refactoring to add common elements for contract fuzzers in the same place
Fix an issue where CATS was not considering all media types when request were defined in components section
Fix an issue where --printExecutionStatistics was only considering SKIPPED tests
Add a new Fuzzer for checking REST naming practices
Add a central point to decide how many times a Fuzzer should run
Fix layout issue
Add a new Fuzzer for checking path tags
Add a new Fuzzer for checking if the versions are part of the contract paths
Add a new Fuzzer for checking recommended headers in contract
Small refactoring to better reuse methods
Fix small sonar violations
Add missing class from the previous commit
Add a new category of Fuzzers for contract structure and content validation
Fix for elements not being displayed in their proper order in the final report
Update the parsing of dynamic values to also consider element from json payloads
Update the parsing of dynamic values to also consider element from json payloads
Update the report to also include the path inside the Scenario column
Add the possibility to supply additionalProperties i.e. maps via customFuzzer or refData
Fix typo in README
Add the possibiltiy to supply dynamic values in config files and make customFuzzer aware of oneOf
Make Fuzzers be listed by category when running a command
Improve readme with a short introduction
Fix failing unit test
Add new Fuzzers focused on Security headers as per OWASP recommendations
Improve unit test coverage on various areas
Minor fixes from Sonarqube violations like making fields final or correcting typos
Add two new fuzzers for Exact minimum and maximum values in Numberic fields
Fix after refactoring for HEAD requests not being conditioned by GET anymore
Add new fuzzers for min and max length exact values in string fields
Add a new useExamples argument
Improve readability by removing multiple IFs
Change wording for execution times to also reflect the number of test cases
When printing execution times, skip tests run by the HttpMethodsFuzzer
Make HttpMethodFuzzer run only once for paths with multiple HTTP methods
Make DuplicateHeaderFuzzer iterate through all declared HTTP headers
Small improvement for logging
Add a new feature to print statistics about execution times
Add help for --securityFuzzerFile
Remove file IO files from jacoco/sonar coverage
Add xss.txt sample file
Add a new Fuzzer: SecurityFuzzer
Make the program to exit with a non zero code if there is at least an error
Add a new Fuzzer: DummyRequestFuzzer
Make CustomFuzzer also consider the httpMethod for a given custom test
Add a new argument to be able to exclude a list of Fuzzers for all paths
Add new Fuzzer for invalid values in ENUMs
Change the list of paths to be comma separated for consistency
Small refactoring to improve readability or lists testing for NULL
Improve logging for skipForParams and command listing
Fix for arrays that can be set as query params
Fix for the way dates were generated
Fix the exteneme negative number generator which was 0
Fix for the way dates were generated
Take into consideration more auth headers names
When creating the schema list take into consideration requestBodies elements
Add specific version of the sonarqube maven plugin
Fix for requests that only have
Make the CustomFuzzer to run tests based on the order supplied in the customFuzzer file
Change logging from debug to trace
Take into consideration the order of the tests declared in customFuzzer.yml
Fix potential NPE when json element is null
Add more capabilities to the CustomFuzzer
Migrate to OpenApiTools from swagger codegen plugin
Fix an issue where GET endpoints didn't have operation parameters
Add unit test for skipXXXForPath
Change description for the StringsInNumericFieldsFuzzer
Add documentation for the skipXXXForPath argument
Fix a problem when there were multiple levels of all_of objects
Fix a problem when there were multiple levels of all_of objects
Add table of contents for easier navigation
Introduce better error handling when there is a problem parsing the headers, urlParams or refData files
Introduce the ability to skip fuzzers for specific paths
Various tweaks for better readability
Small tweaks to make fields final
Fix for when the request consists of anyOf or oneOf schemas without top element
Fix an issue with not all fields being considered when having allOf, anyOf or oneOf schemas
Make logback remove startup logging
Update dependencies to latest versions
Add new StringsInNumericFields fuzzer
Report test as success if the return schema is an array and response is an empty array
Correctly report the reason for skipping a fuzzer
Write in the console the number of registered fuzzers
Fix typo for outcome to output
Add more data types
Change log level pattern to 5 characters left alignment
Mark lombok code as @Generated
Increase test coverage on missing branches
Make ServiceCallerTest use CatsUtil
Remove catch block when parsing refData and headers files
Fix a problem when removed headers where mixed with user headers
Update scm connection to ssh
Update README.md
Introduce the ability to use variables between tests
Increase test coverage on missing branches
Increase test coverage on missing branches
Increase test coverage on missing branches
Increase test coverage on missing branches
Fix CATS fails on HTTP GET with query parameters #2
Make Wiremock server run on dynamic port
Add missing branch for unit test coverage
Add Pitest maven plugin to measure mutation test coverage
Update README.md with different quality badges from sonarcloud.io
Increase test coverage
Increase test coverage
Increase test coverage
Remove unnecessary casts to Schema
Revert the change that tried to handle Schema manipulation with generics
Reduce complexity for some methods in order to make them easier to read
Remove public modifier from all test classes and methods
Fix a bunch of typos and small warnings related to usage of raw types
Fix some sonar reported issues
Update main.yml
Delete maven.yml
Update main.yml
Update main.yml
Create main.yml
Create maven-publish.yml
Update documentation to reflect the usage of RgxGen instead of Generex
Add security headers when RemoveHeadersFuzzer is running
Refactor to improve readabilitu and reduce complexity
Update TestCaseListener to handle empty requests and better report compliance with the contract
Update ServiceCaller to handle empty requests and better report compliance with the contract
Replace generex library with rgxgen
Introduce a generic way to handle errors when communicating with the service endpoints
And of course the update on the unit test
Fix an issue with fuzzed fields being empty rather when merging fuzzing
Correct typo in README
Add contributing link
Add scm info
Remove the maven publish step
Create mavenpublish.yml
Add distribution management
Add build status badge
GitHub action will also run the unit tests
Create maven.yml

cats - cats-11.8.0

Published by github-actions[bot] 3 months ago

feat: Make help consistent across all arguments
fix: Don't mutate field if it's not part of the current payload
fix: Fix --dryRun not properly displaying number of test to be run
fix: Fix padding for banner and logo on summary page
feat: Add additional data to be displayed in the summary report
feat: Add new generator for content types
feat: Add new argument to cache generated payloads instead of generating them every time
feat: Display path and http method when showing processing errors at the end of the run
fix: Fix serialization of DateTime objects when fuzzers where replacing fields
fix: Improve regex generator to deal with fix length patterns
feat: Print errors during fuzzer processing at the end of execution
fix: When OpenAPI schema doesn't have min/max default to -1/-1
fix: Escape json keys like $idempotency_key
fix: Return default alphanumeric pattern for empty patterns
fix: Fix HttpStatusCodeInRangeLinter to conside 1xx,2xx,3xx,4xx,5xx codes
fix: Accomodate additional regexes with fixed length in definition and also having minLength and maxLength defined
fix: Ignore root schema names from cyclic references check
fix: Escape json keys like key[inner]
fix: Change default min length for headers to 1 when no constraint defined in OpenAPI
feat: Change PhoneNumberGenerator to also match phone1, phone2, etc.
feat: Add http method when printing that a param does not have a defined schema
fix: Make sure total string size does not exceed max possible on jvm
fix: Fix issues when content type is not Json and logic for param replacement was relying on json formatting
fix: When schema length is Integer.MAX_VALUE use only MAX_VALUE / 100 to generate exact length values
fix: Fix some edge cases for string generation
fix: When NewFieldsFuzzer cannot add new fields skip the test
fix: When payloads are not valid jsons compare them as strings
fix: Update StringGenerator to try to generate twice for each generator to increase chances of generating a value matching the pattern
fix: When path variable is not defined in OpenAPI print error instead of throwing exception
fix: When path variable is not defined in OpenAPI print error instead of throwing exception
fix: Fix issue with NewFieldsFuzzer to be skipped for primitives and better interpret arrays
fix: Fix issue with DefaultValuesInFieldsFuzzer to do simple replace instead of merge fuzzing
fix: When an exception happens before running the fuzzer make sure contract path is recorded

cats - cats-11.7.1

Published by github-actions[bot] 5 months ago

feat: Change display progress to unknown progress instead of percentage as percentages were unreliable
fix: When field is enum consider left boundary as length of element at position 0
fix: Escape zero width char to properly be displayed in the report
fix: ZeroWidthCharsInNamesHeadersFuzzer should not match response content type and body
fix: Split ZeroWidthCharacters fuzzers based on sanitization logic

cats - cats-11.7.0

Published by github-actions[bot] 5 months ago

fix: Fix issue with progress not being displayed when request payload contained many fields
fix: Fix issue when UUIDs could not be generated in native binaries
fix: Fix for #128 for case insensitive regexes
feat: Add new linter to check relevant response codes have response bodies
fix: Fix for #125 caused by pattern also allowing empty strings
feat: Add new generator for state codes
feat: Add new generator for sort codes
feat: Add new generator for nationality
feat: Add new generator for bank account numbers
fix: Improve phone number generator to accommodate regexes starting with +
fix: Add lineOne as possible field name for line1 generator
feat: cats generate ... will output single json instead of array when one type of request possible
fix: Fix for #127 when contentType is declared globally
feat: Add new linter to detect duplicate operationIds
feat: Add new linter to detect empty path elements
fix: Mark null responses as matching schema
feat: Include additional potential monitoring endpoints to be displayed by cats stats sub-command
feat: Add 2 new fields fuzzers that are fuzzing field names and field values with zero length characters
fix: Add env. prefix to RELEASE_URL

cats - cats-11.6.0

Published by github-actions[bot] 5 months ago

Include additional characters in the zero width chars small list
Allow -X for http method in main command
Add two new header fuzzers to cover basic zero width characters test cases
Enable debug logging earlier in GenerateCommand
Proper display stacktraces in CatsCommand
Update javadoc to reflect that RandomResourceFuzzer runs for all http methods
Add new command to generate valid response templates
Change logic for phone generator to select from 10 and 11 length numbers only
Exclude citizenship from the IP generator match condition
Make method return empty list when urlParams are null
When responses have binary content such as pdf or csv, assume the body matches
Change argument help to remove TemplateFuzzer reference

cats -

Published by en-milie 6 months ago

Release Notes:

Improve cyclic schema dependencies detection to avoid infinite loops
Add new arguments that deal with anyOf/oneOf generation
Fix NPE when pattern was empty
Filter out request payloads that are not fully created and still include ONE_OF/ANY_OF
If --targetFields are not supplied, compute all fields combinations from --data for cats fuzz
If --urlParams are not supplied for http methods with body, generate random values
Fix issue with lookahead regex operators causing strings not to be generated
Fix for #122
Several improvements for the cats fuzz subcommand
Add 2 new arguments for --simpleReplace and --printProgress for cats fuzz sub-command
Make cats fuzz sub-command render findings in console as it progresses
When running in summary mode don't prefix log lines with stars
Fix issue with refData from all not adding keys that were not on the path entry
Make matchXXX arguments required for cats fuzz
Fix issues with default values for boolean arguments and their negatable values
Make cats fuzz do fuzzing based on the FUZZ keyword

cats -

Published by en-milie 7 months ago

Release notes:

Change generator logic to consider enum and default values first
Fix several possible NPEs
Fix #117
Fix #119
Fix #116
Fix an issue where path specific headers were overriden by all level headers
Flag when a test case result is switched from error/warn to success based on --ignoreXXX arguments
Add default value for xxxOf combinations as they grow exponentially and some OpenAPI specs abuse this
Fix self-reference detection by keeping full qualified property names
Add multiple generators
Increase limit for yaml file size
Fix issue when OpenAPI parser was adding an empty schema
Fail gracefully when schema definitions are not part of the contract
Accomodate additional cases for allOf composition with root oneOf schemas
Improve oneOf/anyOf combination generation to avoid stackoverflow on circular references
Add additional arguments to configure interaction with anyOf/oneOf schemas

cats -

Published by en-milie 7 months ago

Release notes:

Only apply custom generators for String schemas
Make very large fuzzer not check content type and response schema
Make RandomResourcesFuzzer expect 404,400,422 not just 400

cats -

Published by en-milie 7 months ago

Release notes:

Handle IOException cases when parsing fails during response streaming
Consistently handle non-json responses and empty responses
Make Abugida fuzzer expect both 4xx and 2xx as not all services might proper sanitize data
Make fields totally skippable for fuzzing using a !field syntax
Fix issue with data generator that was not considering the fully qualified name
Add new generator for cardholdername
Check that --server is a valid URL in all commands
Improve error reporting for FunctionalFuzzer and SecurityFuzzer for cases when custom file was empty or required keywords were not present

cats -

Published by en-milie 8 months ago

Release notes:

Fix for #101 #102 #014 #105 #106
Add compatibility with OpenAPI 3.1 specs
List mutators using cats list ...
Allow custom mutators to load values from files
Add new fuzzers for json keys
Add new fuzzers that sends additional http methods
Print error when OpenAPI spec is not valid
Don't print progress in dry run as it has summary progress
Add singular arguments for all plurals
Add argument to limit number of possible anyOf/oneOf combinations
Print proper error when supplied files are having wrong syntax
Add more Generators to generate more real world data

cats -

Published by en-milie 8 months ago

Release Notes:

Fix for #98 when schema might be null for some reasons
Fix issue with arrays of elements having objects using xxxOf
Fix for #100 when enum might be null, do not issue warning for response schema matching
Change PathPlurals linter's algorithm to accommodate resources/actions paths
Add unused schemes in cats stats command
Significantly Improve memory usage, especially when using with running more than 10000 tests, by not storing the entire test case after being written to disk
Make report width bigger in order to accommodate large fuzzer names and large test numbers
Update the LargeXXX and VeryLargeXXX fuzzers to expect response code 431 and don't match content type or response body
Introduce continuous fuzzing using cats random ... that let's you run fuzzing continuously until certain stop conditions are met

cats -

Published by en-milie 9 months ago

Release notes:

Enhanced help for all commands and sub-commands, adding exit codes and examples
Fix issue with --matchResponseRegex argument which was ignoring the regex
Change expected result and response message for user dictionary and template fuzzers in order to match arguments supplied
Fix for #94
Fix NPE when expected response headers were null
Skip json objects case linter for non-body http methods
Fix issue with generating examples for array schemas with null internal schemas
Add new argument toogle for cases when services might allow invalid values in enums
Report errors even when running in blackbox mode and reporting is ignored
Add new --matchInput argument to check if input is reflected in response
Add new command to validate if OpenAPI specs are valid
Fix for #96 - preserve data type for global variables in functional fuzzer

cats -

Published by en-milie 9 months ago

Release notes:

Make sure content types also include versioning or vendor extensions when matching
Don't replace url params for RandomResourceFuzzer

cats -

Published by en-milie 9 months ago

Release Notes:

Fix intermitent failing test due regex generation issues
Add idempotency and security headers in cats stats
Fix issue in OverflowMapSize when map was null
Optimize String generation and accomodate different corner cases based on size and regex
Fix issue with JSON keys having spaces in name
Add possibility to have multiple additional parameters in ref data file
Throw exception when field is declared in path, but it doesn't have a definition
Skip regex matching against schema pattern for VeryLargeXXXInFields fuzzers
Fix matching paths failing due to { and } not being escaped
Fix issue when path was longer than screen size
Add condition to skip invalid maps
Fix issue with multi-level anyOf/oneOf declarations in order to generate all possible combinations
Add key=value pair arguments as alternative to file arguments
Fix for #92 - NPE when schema was empty
Add configurable response codes for fuzzers #89

cats -

Published by en-milie 10 months ago

Release notes:

Make cats stats customizable so that you can filter certain information
Add more generated body names to naming linters
Fix scenario name for QueryParamsCaseLinterFuzzer as it wasn't taking into consideration the naming name
Remove path name from versions fuzzer as it runs globally
When operationId is null return path + http method
Fix reporting issue for global linters when running with --verbosity summary
Fix reporting issue for FunctionalFuzzer in --verbosity summary
Fix issue for oneOf/anyOf usage when one of the possibilities was actually nullable
Add possibility to filter paths based on tag when using cats list --paths
Add possibility to include/skip tags
Introduce an additional regex generator library to accommodate additional weird regexes

cats -

Published by en-milie 10 months ago

Release Notes:

add new --maskHeaders argument to mask sensitive headers in report files
CATS is now testing response content type and will report a warning if it doesn't match the contract; you can use --ignoreResponseContentTypeCheck to ignore this check
add new fuzzers for random resources checking and response http headers checking
VersionsLinterFuzzer will now check for versions in paths, servers definition and content type headers
NamingsLinterFuzzer is now split into more granular linters
501 is now on the response code ignore list when running in --blackbox mode
improve reporting for error scenarios
add new cats stats sub-command to display some statistics about OpenAPI contracts
add new argument to list info for a single path using the cats list sub-command

cats - cats-10.1.0

Published by en-milie 11 months ago

Release notes:

Add argument to skip deprecated operations
Add argument to send application/merge-patch+json for PATCH operations
Filter blank lines and commented lines from string files #84
Add 6 new http fuzzers
Add checkFalse and checkTrue to be used instead of checkBoolean in verify section
Add possibility to replace entire request body with custom payload with SecurityFuzzer
Fix for #85
Add cats info sub-command to display details about OS and CATS version
Fix for #86
Fix progress issue for FunctionalFuzzer with --verbosity summary
Make sure exceptions are displayed in --verbosity summary if CATS cannot run at all

cats - cats-10.0.0

Published by en-milie 12 months ago

Release notes:

Don't include request/response details in linters report file
Fix issue with fields naming conventions being reported multiple times
Add new argument to set max response time and fail tests if it's exceeded
Make CATS banner be displayed only when printing help command
Add 2 new arguments to filter based on field type and field format
Fix issue for matching Cache-Control header when having multiple values
Introduce new argument to control number of random headers sent by the random headers fuzzers
Add argument to be able to filter anyOf and oneOf selection if only one is valid
Add 8 new fuzzers that are sending non-json request with different values
Display separator between tests considering the console columns

Changed behaviour:

Make response json parser more relaxed and use rfc4627
Preserve Of in the Fuzzers naming
Make Payload default to be displayed when opening individual test cases
Introduce --verbosity argument to allow a more compact output in console which default to summary and reduced CATS logging to less verbose output
Don't attempt to run fuzzer if field is not part of the payload

cats -

Published by en-milie about 1 year ago

Release notes:

Add new argument to disable ANSI codes for output: --no-color
Add 2 new HTTP fuzzers that send null and empty bodies
Add 3 new HTTP header fuzzers that send invalid values in Content-Length and Transfer-Encoding headers
Add new argument to set the User-Agent header
Display old/new status code and response body in cats replay command
Refactor security headers fuzzer to allow X-XSS-Protection to either not be present or have value set as zero
Add more details to the cats list --paths subcommand
Improve logging and reporting when tests are ignore based on --ignoreXXX arguments
Logging doesn't include label now, only icons