Releases: Endava/cats
Releases · Endava/cats
cats-11.6.0
- Include additional characters in the zero width chars small list
- Allow -X for http method in main command
- Add two new header fuzzers to cover basic zero width characters test cases
- Enable debug logging earlier in GenerateCommand
- Proper display stacktraces in CatsCommand
- Update javadoc to reflect that RandomResourceFuzzer runs for all http methods
- Add new command to generate valid response templates
- Change logic for phone generator to select from 10 and 11 length numbers only
- Exclude citizenship from the IP generator match condition
- Make method return empty list when urlParams are null
- When responses have binary content such as pdf or csv, assume the body matches
- Change argument help to remove TemplateFuzzer reference
cats-11.5.0
Release Notes:
- Improve cyclic schema dependencies detection to avoid infinite loops
- Add new arguments that deal with anyOf/oneOf generation
- Fix NPE when pattern was empty
- Filter out request payloads that are not fully created and still include ONE_OF/ANY_OF
- If
--targetFields
are not supplied, compute all fields combinations from--data
forcats fuzz
- If
--urlParams
are not supplied for http methods with body, generate random values - Fix issue with lookahead regex operators causing strings not to be generated
- Fix for #122
- Several improvements for the cats fuzz subcommand
- Add 2 new arguments for
--simpleReplace
and--printProgress
for cats fuzz sub-command - Make cats fuzz sub-command render findings in console as it progresses
- When running in summary mode don't prefix log lines with stars
- Fix issue with r
efData
from all not adding keys that were not on the path entry - Make matchXXX arguments required for
cats fuzz
- Fix issues with default values for boolean arguments and their negatable values
- Make cats fuzz do fuzzing based on the
FUZZ
keyword
cats-11.4.0
Release notes:
- Change generator logic to consider enum and default values first
- Fix several possible NPEs
- Fix #117
- Fix #119
- Fix #116
- Fix an issue where path specific headers were overriden by all level headers
- Flag when a test case result is switched from error/warn to success based on --ignoreXXX arguments
- Add default value for xxxOf combinations as they grow exponentially and some OpenAPI specs abuse this
- Fix self-reference detection by keeping full qualified property names
- Add multiple generators
- Increase limit for yaml file size
- Fix issue when OpenAPI parser was adding an empty schema
- Fail gracefully when schema definitions are not part of the contract
- Accomodate additional cases for allOf composition with root oneOf schemas
- Improve oneOf/anyOf combination generation to avoid stackoverflow on circular references
- Add additional arguments to configure interaction with anyOf/oneOf schemas
cats-11.3.0
Release notes:
- Only apply custom generators for String schemas
- Make very large fuzzer not check content type and response schema
- Make
RandomResourcesFuzzer
expect404,400,422
not just400
cats-11.2.0
Release notes:
- Handle IOException cases when parsing fails during response streaming
- Consistently handle non-json responses and empty responses
- Make Abugida fuzzer expect both 4xx and 2xx as not all services might proper sanitize data
- Make fields totally skippable for fuzzing using a !field syntax
- Fix issue with data generator that was not considering the fully qualified name
- Add new generator for cardholdername
- Check that --server is a valid URL in all commands
- Improve error reporting for FunctionalFuzzer and SecurityFuzzer for cases when custom file was empty or required keywords were not present
cats-11.1.0
Release notes:
- Fix for #101 #102 #14 #105 #106
- Add compatibility with OpenAPI 3.1 specs
- List mutators using
cats list ...
- Allow custom mutators to load values from files
- Add new fuzzers for json keys
- Add new fuzzers that sends additional http methods
- Print error when OpenAPI spec is not valid
- Don't print progress in dry run as it has summary progress
- Add singular arguments for all plurals
- Add argument to limit number of possible anyOf/oneOf combinations
- Print proper error when supplied files are having wrong syntax
- Add more Generators to generate more real world data
cats-11.0.0
Release Notes:
- Fix for #98 when schema might be null for some reasons
- Fix issue with arrays of elements having objects using xxxOf
- Fix for #100 when enum might be null, do not issue warning for response schema matching
- Change PathPlurals linter's algorithm to accommodate resources/actions paths
- Add unused schemes in cats stats command
- Significantly Improve memory usage, especially when using with running more than 10000 tests, by not storing the entire test case after being written to disk
- Make report width bigger in order to accommodate large fuzzer names and large test numbers
- Update the LargeXXX and VeryLargeXXX fuzzers to expect response code 431 and don't match content type or response body
- Introduce continuous fuzzing using
cats random ...
that let's you run fuzzing continuously until certain stop conditions are met
cats-10.5.0
Release notes:
- Enhanced help for all commands and sub-commands, adding exit codes and examples
- Fix issue with --matchResponseRegex argument which was ignoring the regex
- Change expected result and response message for user dictionary and template fuzzers in order to match arguments supplied
- Fix for #94
- Fix NPE when expected response headers were null
- Skip json objects case linter for non-body http methods
- Fix issue with generating examples for array schemas with null internal schemas
- Add new argument toogle for cases when services might allow invalid values in enums
- Report errors even when running in blackbox mode and reporting is ignored
- Add new
--matchInput
argument to check if input is reflected in response - Add new command to validate if OpenAPI specs are valid
- Fix for #96 - preserve data type for global variables in functional fuzzer
cats-10.4.1
Release notes:
- Make sure content types also include versioning or vendor extensions when matching
- Don't replace url params for RandomResourceFuzzer
cats-10.4.0
Release Notes:
- Fix intermitent failing test due regex generation issues
- Add idempotency and security headers in cats stats
- Fix issue in OverflowMapSize when map was null
- Optimize String generation and accomodate different corner cases based on size and regex
- Fix issue with JSON keys having spaces in name
- Add possibility to have multiple additional parameters in ref data file
- Throw exception when field is declared in path, but it doesn't have a definition
- Skip regex matching against schema pattern for VeryLargeXXXInFields fuzzers
- Fix matching paths failing due to { and } not being escaped
- Fix issue when path was longer than screen size
- Add condition to skip invalid maps
- Fix issue with multi-level anyOf/oneOf declarations in order to generate all possible combinations
- Add key=value pair arguments as alternative to file arguments
- Fix for #92 - NPE when schema was empty
- Add configurable response codes for fuzzers #89