cats-11.6.0

• Include additional characters in the zero width chars small list
• Allow -X for http method in main command
• Add two new header fuzzers to cover basic zero width characters test cases
• Enable debug logging earlier in GenerateCommand
• Proper display stacktraces in CatsCommand
• Update javadoc to reflect that RandomResourceFuzzer runs for all http methods
• Add new command to generate valid response templates
• Change logic for phone generator to select from 10 and 11 length numbers only
• Exclude citizenship from the IP generator match condition
• Make method return empty list when urlParams are null
• When responses have binary content such as pdf or csv, assume the body matches
• Change argument help to remove TemplateFuzzer reference

cats-11.5.0

Release Notes:

• Improve cyclic schema dependencies detection to avoid infinite loops
• Add new arguments that deal with anyOf/oneOf generation
• Fix NPE when pattern was empty
• Filter out request payloads that are not fully created and still include ONE_OF/ANY_OF
• If --targetFields are not supplied, compute all fields combinations from --data for cats fuzz
• If --urlParams are not supplied for http methods with body, generate random values
• Fix issue with lookahead regex operators causing strings not to be generated
• Fix for #122
• Several improvements for the cats fuzz subcommand
• Add 2 new arguments for --simpleReplace and --printProgress for cats fuzz sub-command
• Make cats fuzz sub-command render findings in console as it progresses
• When running in summary mode don't prefix log lines with stars
• Fix issue with refData from all not adding keys that were not on the path entry
• Make matchXXX arguments required for cats fuzz
• Fix issues with default values for boolean arguments and their negatable values
• Make cats fuzz do fuzzing based on the FUZZ keyword

cats-11.4.0

Release notes:

• Change generator logic to consider enum and default values first
• Fix several possible NPEs
• Fix #117
• Fix #119
• Fix #116
• Fix an issue where path specific headers were overriden by all level headers
• Flag when a test case result is switched from error/warn to success based on --ignoreXXX arguments
• Add default value for xxxOf combinations as they grow exponentially and some OpenAPI specs abuse this
• Fix self-reference detection by keeping full qualified property names
• Add multiple generators
• Increase limit for yaml file size
• Fix issue when OpenAPI parser was adding an empty schema
• Fail gracefully when schema definitions are not part of the contract
• Accomodate additional cases for allOf composition with root oneOf schemas
• Improve oneOf/anyOf combination generation to avoid stackoverflow on circular references
• Add additional arguments to configure interaction with anyOf/oneOf schemas

cats-11.3.0

Release notes:

• Only apply custom generators for String schemas
• Make very large fuzzer not check content type and response schema
• Make RandomResourcesFuzzer expect 404,400,422 not just 400

cats-11.2.0

Release notes:

• Handle IOException cases when parsing fails during response streaming
• Consistently handle non-json responses and empty responses
• Make Abugida fuzzer expect both 4xx and 2xx as not all services might proper sanitize data
• Make fields totally skippable for fuzzing using a !field syntax
• Fix issue with data generator that was not considering the fully qualified name
• Add new generator for cardholdername
• Check that --server is a valid URL in all commands
• Improve error reporting for FunctionalFuzzer and SecurityFuzzer for cases when custom file was empty or required keywords were not present

cats-11.1.0

Release notes:

• Fix for #101 #102 #14 #105 #106
• Add compatibility with OpenAPI 3.1 specs
• List mutators using cats list ...
• Allow custom mutators to load values from files
• Add new fuzzers for json keys
• Add new fuzzers that sends additional http methods
• Print error when OpenAPI spec is not valid
• Don't print progress in dry run as it has summary progress
• Add singular arguments for all plurals
• Add argument to limit number of possible anyOf/oneOf combinations
• Print proper error when supplied files are having wrong syntax
• Add more Generators to generate more real world data

cats-11.0.0

Release Notes:

• Fix for #98 when schema might be null for some reasons
• Fix issue with arrays of elements having objects using xxxOf
• Fix for #100 when enum might be null, do not issue warning for response schema matching
• Change PathPlurals linter's algorithm to accommodate resources/actions paths
• Add unused schemes in cats stats command
• Significantly Improve memory usage, especially when using with running more than 10000 tests, by not storing the entire test case after being written to disk
• Make report width bigger in order to accommodate large fuzzer names and large test numbers
• Update the LargeXXX and VeryLargeXXX fuzzers to expect response code 431 and don't match content type or response body
• Introduce continuous fuzzing using cats random ... that let's you run fuzzing continuously until certain stop conditions are met

cats-10.5.0

Release notes:

• Enhanced help for all commands and sub-commands, adding exit codes and examples
• Fix issue with --matchResponseRegex argument which was ignoring the regex
• Change expected result and response message for user dictionary and template fuzzers in order to match arguments supplied
• Fix for #94
• Fix NPE when expected response headers were null
• Skip json objects case linter for non-body http methods
• Fix issue with generating examples for array schemas with null internal schemas
• Add new argument toogle for cases when services might allow invalid values in enums
• Report errors even when running in blackbox mode and reporting is ignored
• Add new --matchInput argument to check if input is reflected in response
• Add new command to validate if OpenAPI specs are valid
• Fix for #96 - preserve data type for global variables in functional fuzzer

cats-10.4.1

Release notes:

• Make sure content types also include versioning or vendor extensions when matching
• Don't replace url params for RandomResourceFuzzer

cats-10.4.0

Release Notes:

• Fix intermitent failing test due regex generation issues
• Add idempotency and security headers in cats stats
• Fix issue in OverflowMapSize when map was null
• Optimize String generation and accomodate different corner cases based on size and regex
• Fix issue with JSON keys having spaces in name
• Add possibility to have multiple additional parameters in ref data file
• Throw exception when field is declared in path, but it doesn't have a definition
• Skip regex matching against schema pattern for VeryLargeXXXInFields fuzzers
• Fix matching paths failing due to { and } not being escaped
• Fix issue when path was longer than screen size
• Add condition to skip invalid maps
• Fix issue with multi-level anyOf/oneOf declarations in order to generate all possible combinations
• Add key=value pair arguments as alternative to file arguments
• Fix for #92 - NPE when schema was empty
• Add configurable response codes for fuzzers #89