Releases: Endava/cats
Releases · Endava/cats
cats-11.7.1
- feat: Change display progress to unknown progress instead of percentage as percentages were unreliable
- fix: When field is enum consider left boundary as length of element at position 0
- fix: Escape zero width char to properly be displayed in the report
- fix: ZeroWidthCharsInNamesHeadersFuzzer should not match response content type and body
- fix: Split ZeroWidthCharacters fuzzers based on sanitization logic
cats-11.7.0
- fix: Fix issue with progress not being displayed when request payload contained many fields
- fix: Fix issue when UUIDs could not be generated in native binaries
- fix: Fix for #128 for case insensitive regexes
- feat: Add new linter to check relevant response codes have response bodies
- fix: Fix for #125 caused by pattern also allowing empty strings
- feat: Add new generator for state codes
- feat: Add new generator for sort codes
- feat: Add new generator for nationality
- feat: Add new generator for bank account numbers
- fix: Improve phone number generator to accommodate regexes starting with +
- fix: Add lineOne as possible field name for line1 generator
- feat: cats generate ... will output single json instead of array when one type of request possible
- fix: Fix for #127 when contentType is declared globally
- feat: Add new linter to detect duplicate operationIds
- feat: Add new linter to detect empty path elements
- fix: Mark null responses as matching schema
- feat: Include additional potential monitoring endpoints to be displayed by cats stats sub-command
- feat: Add 2 new fields fuzzers that are fuzzing field names and field values with zero length characters
- fix: Add env. prefix to RELEASE_URL
cats-11.6.0
- Include additional characters in the zero width chars small list
- Allow -X for http method in main command
- Add two new header fuzzers to cover basic zero width characters test cases
- Enable debug logging earlier in GenerateCommand
- Proper display stacktraces in CatsCommand
- Update javadoc to reflect that RandomResourceFuzzer runs for all http methods
- Add new command to generate valid response templates
- Change logic for phone generator to select from 10 and 11 length numbers only
- Exclude citizenship from the IP generator match condition
- Make method return empty list when urlParams are null
- When responses have binary content such as pdf or csv, assume the body matches
- Change argument help to remove TemplateFuzzer reference
cats-11.5.0
Release Notes:
- Improve cyclic schema dependencies detection to avoid infinite loops
- Add new arguments that deal with anyOf/oneOf generation
- Fix NPE when pattern was empty
- Filter out request payloads that are not fully created and still include ONE_OF/ANY_OF
- If
--targetFields
are not supplied, compute all fields combinations from--data
forcats fuzz
- If
--urlParams
are not supplied for http methods with body, generate random values - Fix issue with lookahead regex operators causing strings not to be generated
- Fix for #122
- Several improvements for the cats fuzz subcommand
- Add 2 new arguments for
--simpleReplace
and--printProgress
for cats fuzz sub-command - Make cats fuzz sub-command render findings in console as it progresses
- When running in summary mode don't prefix log lines with stars
- Fix issue with r
efData
from all not adding keys that were not on the path entry - Make matchXXX arguments required for
cats fuzz
- Fix issues with default values for boolean arguments and their negatable values
- Make cats fuzz do fuzzing based on the
FUZZ
keyword
cats-11.4.0
Release notes:
- Change generator logic to consider enum and default values first
- Fix several possible NPEs
- Fix #117
- Fix #119
- Fix #116
- Fix an issue where path specific headers were overriden by all level headers
- Flag when a test case result is switched from error/warn to success based on --ignoreXXX arguments
- Add default value for xxxOf combinations as they grow exponentially and some OpenAPI specs abuse this
- Fix self-reference detection by keeping full qualified property names
- Add multiple generators
- Increase limit for yaml file size
- Fix issue when OpenAPI parser was adding an empty schema
- Fail gracefully when schema definitions are not part of the contract
- Accomodate additional cases for allOf composition with root oneOf schemas
- Improve oneOf/anyOf combination generation to avoid stackoverflow on circular references
- Add additional arguments to configure interaction with anyOf/oneOf schemas
cats-11.3.0
Release notes:
- Only apply custom generators for String schemas
- Make very large fuzzer not check content type and response schema
- Make
RandomResourcesFuzzer
expect404,400,422
not just400
cats-11.2.0
Release notes:
- Handle IOException cases when parsing fails during response streaming
- Consistently handle non-json responses and empty responses
- Make Abugida fuzzer expect both 4xx and 2xx as not all services might proper sanitize data
- Make fields totally skippable for fuzzing using a !field syntax
- Fix issue with data generator that was not considering the fully qualified name
- Add new generator for cardholdername
- Check that --server is a valid URL in all commands
- Improve error reporting for FunctionalFuzzer and SecurityFuzzer for cases when custom file was empty or required keywords were not present
cats-11.1.0
Release notes:
- Fix for #101 #102 #14 #105 #106
- Add compatibility with OpenAPI 3.1 specs
- List mutators using
cats list ...
- Allow custom mutators to load values from files
- Add new fuzzers for json keys
- Add new fuzzers that sends additional http methods
- Print error when OpenAPI spec is not valid
- Don't print progress in dry run as it has summary progress
- Add singular arguments for all plurals
- Add argument to limit number of possible anyOf/oneOf combinations
- Print proper error when supplied files are having wrong syntax
- Add more Generators to generate more real world data
cats-11.0.0
Release Notes:
- Fix for #98 when schema might be null for some reasons
- Fix issue with arrays of elements having objects using xxxOf
- Fix for #100 when enum might be null, do not issue warning for response schema matching
- Change PathPlurals linter's algorithm to accommodate resources/actions paths
- Add unused schemes in cats stats command
- Significantly Improve memory usage, especially when using with running more than 10000 tests, by not storing the entire test case after being written to disk
- Make report width bigger in order to accommodate large fuzzer names and large test numbers
- Update the LargeXXX and VeryLargeXXX fuzzers to expect response code 431 and don't match content type or response body
- Introduce continuous fuzzing using
cats random ...
that let's you run fuzzing continuously until certain stop conditions are met
cats-10.5.0
Release notes:
- Enhanced help for all commands and sub-commands, adding exit codes and examples
- Fix issue with --matchResponseRegex argument which was ignoring the regex
- Change expected result and response message for user dictionary and template fuzzers in order to match arguments supplied
- Fix for #94
- Fix NPE when expected response headers were null
- Skip json objects case linter for non-body http methods
- Fix issue with generating examples for array schemas with null internal schemas
- Add new argument toogle for cases when services might allow invalid values in enums
- Report errors even when running in blackbox mode and reporting is ignored
- Add new
--matchInput
argument to check if input is reflected in response - Add new command to validate if OpenAPI specs are valid
- Fix for #96 - preserve data type for global variables in functional fuzzer