Releases: Endava/cats
Releases · Endava/cats
cats-13.3.2
- feat: Add more linters for enum and string schema limits
- feat: Add new linters to check maxLength for string schemas
- fix: Properly report total number of fuzzers or linters
- feat: Add new linters to check for enum casing consistency
- fix: Fix issue when enum value was generated as null causing generation to enter in infite loop
- fix: Fix issue when payload is array and ref data replaces root array
- fix: Fix NPE when setting ref data to null values
- fix: Fix issue with AbstractRequestBodyLinter to run per path+method
- fix: Report global fuzzers in summary run mode
- fix: Properly resolve refs rerencing other files for unused elements linters
- fix: Add new empty line when printing summary statistics
- feat: #170 Allow to supply multiple report formats in same run
- fix: Fix for #168 - When uniqueItems is true, generate unique array elements
- feat: Add new linter to check for arrays with no items
- feat: Rename --skipFuzzers to --skipLinters from cats lint sub-command
- feat: Add new linter to check for unused components schemas
- feat: Add new linter to check for unused components responses
- feat: Add new linter to check for unused components requestBodies
- feat: Add new linter to check for unused components parameters
- feat: Add new linter to check for unused components headers
- feat: Add new linter to check for unused components examples
- feat: Rename all linters to not contain word fuzzer in their naming
- feat: #167 Allow configuration to be supplied through a property file using --configFile
- feat: Add new linter to multiple success reponse codes
- feat: Add new linter to check empty response schemas
- feat: Add new linter to check empty request schemas
- feat: Add new linter to check for verb consistent namings
- feat: Add new linter to check put without body
- feat: Add new linter to check post without body
- feat: Add new linter to check patch without body
- feat: Add new linter to check pagination for get on collections
- feat: Add new linter to check operationId prefixes
- feat: Add new linter to check head methods with body
- feat: Add new linter to check get methods with body
- feat: Add new linter to check delete methods with body
cats-13.2.0
- feat: Add new fuzzer for temporal logic
- feat: Add new fuzzer for min greater than max logic
- feat: Add new fuzzer for accept-language header
- feat: Add new fuzzer for enum case variants
- feat: Add unique test identifier sent as header and displayed in report
- fix: Fix issue when All entry for files was having different casing and data was not properly merged
cats-13.1.2
cats-13.1.1
- feat: Add explain sub-commant to get details about response codes, error reasons, etc.
- fix: Fix for #151 - Parse ref data variables from url in requests with body
- feat: Add mutators for lowercase/uppercase expanding strings
- feat: Add new argument to supply custor error details leaks file
- fix: Record reason first, then report error to avoid override by additional cases
- fix: Make total paths box wider in the summary repot in order to fit 3 digit numbers
- feat: Add more generators for things like: airports, timezones, user agent, etc.
- fix: Fix issue with schema using allOf and one of allOfs being objectschema with additionalProperties
- feat: Sort output of cats list --format and cats list --mutators
- feat: Add --useExamples flag in generate sub-command
cats-13.1.0
- Fix issues with JUNIT reporting and remove non-standard attributes and properly report failures and errors
- Add 4 fuzzers that test for strings that are expanding when lower/upper cased
- Fix rendering issue in summary when name of the OpenAPI spec was too long
- Update dependencies to latest versions including the swagger parser fork
cats-13.0.0
Breaking Changes:
- The generation engine was rewritten to better handle anyOf/oneOf/allOf combinations. The following arguments were removed:
--generateXxxCombinationsForResponsesand--filterXxxFromRequestPayloads. cats fuzzis replaced withcats templatefor non-OpenAPI fuzzing
Release Notes:
- feat: Add new mutator for big list of naughty strings
- feat: Add ability to detect error detail leaks in api responses
- fix: Fix infinite loop issue for complex self-referencing objects
- feat: Add
--limitNumberOfFieldsargument to be able to limit the number of fuzzed fields when payloads are very big - feat: Add
--selfReferenceDepthas argument for the cats generate subcommand - feat: Remove arguments for filtering anyOf/oneOf combinations as they are not needed anymore
- feat: Add new generator for job titles
- feat: Add new generator for gender
- feat: Add new generator for company departments
- fix: #146 properly format examples for date and date-time schemas
- fix: Fix issue with
OverflowArraySizeFuzzerthat wasn't properly serializing array elements - feat: Introduce improved generation engine for payloads that is faster and more reliable
- fix: Fix
ExampleFieldsFuzzerto properly serialize examples - feat: Allow useExamples to be null and only influence other flags when explicitly set to true or false
- fix: #145 correct typos
- feat: Allow continuous fuzzing when running in template fuzzing
- feat: Display additional config info when cats starts
- fix: #143 and #144 Add new arguments to handle examples from OpenAPI specs
- fix: Don't add path and http method for linters that run globally
- fix: Exclude emailAddress from address generator
- fix: Fix issue that was reporting null operationIds as duplicates
cats-12.1.0
- fix: Fix for #142 - add Cookie header in the list of authorization headers
- fix: Fix issue when query parameters have empty name
- fix: Fix issue of matching reponse content types when content type was invalid
- fix: Fix issue when oneOf/anyOf could be different vairants of arrays in root path
- feat: Add fuzzer name in console for current running path
- fix: Escape json keys like key.subkey.[anotherKey]
- fix Fix NPE when apiresponse schema was null
- fix: Fix issue when request body had a reference to a schema that was referencing another schema
- fix: Default to static value when header value fails to be parsed from Parameter schema
- fix: Limit xxxOf combinations when linting
- fix: Improve handling of complex regexes through call chains and report regexes which could not be translate into concrete strings
- feat: Add custom generator for timestamps
- fix: Fix for #141 regexes with starting and ending with .*
- fix: Fix for #140 NPE when running cats fuzz sub-command
- fix: Improve handling of allOf schemas with single child
- feat: Consider properties with name 'link' as candidates for URIGenerator
- fix: Fix issue when request content type doesn't have a schema
- feat: Improve openapi parser to consider schemas having additionalProperties false and type string as string schemas
- fix: Fix issue when oneOf/anyOf could be array or simple schemas
- fix: Fix cases when generated examples are too large to be stored in memory
- fix: Properly generate strings when regex doesn't have quantifiers, but has min length
- feat: Improve handling of complex regexes like email, password or uri
- fix: Improve detection of self-refence properties and properly stop generation after --selfReferenceDepth
- fix: Fix issue when json key was '*'
- fix: Improve handling of regex that have length in their definition
- fix: Improve self-references detection
- fix: Generate examples for parameters that have content-type
- fix: Escape json keys like @idempotency_key
- fix: Fix issue when nested oneOf/anyOf combinations was considering duplicate payload structures
- fix: Fix issue with escaped URLs not being properly replaced with ref data and url params
- feat: Make NewFieldsFuzzer run for empty payloads
- fix: Fix issue with dark mode not displaying well on test case page
- fix: Update cats list sub-command description to reflect all usages
- fix: Bold and underline Usage header from help
- feat: Add --skipPath for linting
- fix: Fix issue with request payload not being selected by default in test case page
cats-12.0.0
- feat: Display current path/total paths in command line
- feat: Add possibility to specify run order of paths
- fix: Cache
additionalPropertiesin order to avoid cyclic calls - fix: Decrease size for
OverflowMapSizeFuzzeras it lead to outofmemory - fix: Fix issue with cyclic dependencies on additionalProperties
- feat: After CATS runs, print number of errors by error reason
- fix: Fix issue in swagger-parser with array query params with inline schemas
- fix: Fix parsing JSON issues for keys like
filters[] - fix: Query parameters that have cross path references to inline array schemas are now properly solved
- feat: Add additional data to be displayed in the summary report: number of paths and average execution time
- feat: Properly parse strings which are actually escaped JSONs
- fix: Prevent stackoverflow issue when schema was referring itself
- feat: Reorganize summary page to include tests execution chart and additional details
- fix: Fix issues with cross-path param reference and empty title inline schemas
- fix: Improve cross-path reference solving for ApiResponses
- feat: Introduce support for cross-path components references like
#/paths/~1v2~11-clicks/get/responses/200/headers/ratelimit-limit
cats-11.8.0
- feat: Make help consistent across all arguments
- fix: Don't mutate field if it's not part of the current payload
- fix: Fix --dryRun not properly displaying number of test to be run
- fix: Fix padding for banner and logo on summary page
- feat: Add additional data to be displayed in the summary report
- feat: Add new generator for content types
- feat: Add new argument to cache generated payloads instead of generating them every time
- feat: Display path and http method when showing processing errors at the end of the run
- fix: Fix serialization of DateTime objects when fuzzers where replacing fields
- fix: Improve regex generator to deal with fix length patterns
- feat: Print errors during fuzzer processing at the end of execution
- fix: When OpenAPI schema doesn't have min/max default to -1/-1
- fix: Escape json keys like $idempotency_key
- fix: Return default alphanumeric pattern for empty patterns
- fix: Fix HttpStatusCodeInRangeLinter to conside 1xx,2xx,3xx,4xx,5xx codes
- fix: Accomodate additional regexes with fixed length in definition and also having minLength and maxLength defined
- fix: Ignore root schema names from cyclic references check
- fix: Escape json keys like key[inner]
- fix: Change default min length for headers to 1 when no constraint defined in OpenAPI
- feat: Change PhoneNumberGenerator to also match phone1, phone2, etc.
- feat: Add http method when printing that a param does not have a defined schema
- fix: Make sure total string size does not exceed max possible on jvm
- fix: Fix issues when content type is not Json and logic for param replacement was relying on json formatting
- fix: When schema length is Integer.MAX_VALUE use only MAX_VALUE / 100 to generate exact length values
- fix: Fix some edge cases for string generation
- fix: When NewFieldsFuzzer cannot add new fields skip the test
- fix: When payloads are not valid jsons compare them as strings
- fix: Update StringGenerator to try to generate twice for each generator to increase chances of generating a value matching the pattern
- fix: When path variable is not defined in OpenAPI print error instead of throwing exception
- fix: When path variable is not defined in OpenAPI print error instead of throwing exception
- fix: Fix issue with NewFieldsFuzzer to be skipped for primitives and better interpret arrays
- fix: Fix issue with DefaultValuesInFieldsFuzzer to do simple replace instead of merge fuzzing
- fix: When an exception happens before running the fuzzer make sure contract path is recorded
cats-11.7.1
- feat: Change display progress to unknown progress instead of percentage as percentages were unreliable
- fix: When field is enum consider left boundary as length of element at position 0
- fix: Escape zero width char to properly be displayed in the report
- fix: ZeroWidthCharsInNamesHeadersFuzzer should not match response content type and body
- fix: Split ZeroWidthCharacters fuzzers based on sanitization logic