OS: Windows
Action: Fuzz endpoint with POST method without request body
Swagger: 2.0
CATS version: 7.0.6
Server: https://petstore.swagger.io/
API doc: https://petstore.swagger.io/v2/swagger.json
Hi,
we tried to launch test for fuzzing endpoint with POST method without request body. We used "swagger":"2.0" and after run command below we have got error: The following HTTP methods won't be executed for path /pet/{petId}: [GET, DELETE]
Command:
java -jar cats-uber.jar --contract=https://petstore.swagger.io/v2/swagger.json --server=https://petstore.swagger.io --paths=/pet/{petId} --urlParams=petId:PET-123 --httpMethods=POST
Log from CMD:
Powered by Quarkus 2.7.1.Final
[][] ? start Starting CATS, version 7.0.6, build-time 2022-03-14T06:40:15Z UTC
[][] ? note Processing configuration...
[][] ? info No security custom Fuzzer file. SecurityFuzzer will be skipped!
[][] ? info No custom Fuzzer file. FunctionalFuzzer will be skipped!
[][] ? info No reference data file was supplied! Payloads supplied by Fuzzers will remain unchanged!
[][] ? info URL parameters: [petId:PET-123]
[][] ? info No headers file was supplied! No additional header will be added!
[][] ? complete Finished parsing the contract in 1865 ms
[][] ? start Start cleaning up cats-report folder ...
[][] ? complete Cleanup complete!
[][] ? skipping Skipping path /pet
[][] ? skipping Skipping path /pet/findByStatus
[][] ? skipping Skipping path /pet/findByTags
[][] ? info
[][] ? start Start fuzzing path /pet/{petId}
[][] ? info The following HTTP methods won't be executed for path /pet/{petId}: [GET, DELETE]
[][] ? info 61 configured fuzzers out of 88 total fuzzers: [TrailingSpacesInHeadersFuzzer, VeryLargeValuesInFieldsFuzzer, RemoveFieldsFuzzer, StringFormatTotallyWrongValuesFuzzer, NamingsContractInfoFuzzer, AbugidasCharsInHeadersFuzzer, DummyContentTypeHeadersFuzzer, NewFieldsFuzzer, PathTagsContractInfoFuzzer, NullValuesInFieldsFuzzer, UnsupportedAcceptHeadersFuzzer, HappyFuzzer, StringFormatAlmostValidValuesFuzzer, SecurityFuzzer, OnlySpacesInHeadersFuzzer, LeadingSpacesInHeadersFuzzer, StringsInNumericFieldsFuzzer, MinimumExactValuesInNumericFieldsFuzzer, ExtremeNegativeValueIntegerFieldsFuzzer, MaximumExactValuesInNumericFieldsFuzzer, MinLengthExactValuesInStringFieldsFuzzer, DecimalValuesInIntegerFieldsFuzzer, NonRestHttpMethodsFuzzer, RecommendedHttpCodesContractInfoFuzzer, ExtremeNegativeValueDecimalFieldsFuzzer, DuplicateHeaderFuzzer, RecommendedHeadersContractInfoFuzzer, FunctionalFuzzer, ExtraHeaderFuzzer, SecuritySchemesContractInfoFuzzer, StringFieldsLeftBoundaryFuzzer, BypassAuthenticationFuzzer, TopLevelElementsContractInfoFuzzer, ExtremePositiveValueDecimalFieldsFuzzer, MaxLengthExactValuesInStringFieldsFuzzer, VersionsContractInfoFuzzer, VeryLargeUnicodeValuesInHeadersFuzzer, ZalgoTextInStringFieldsSanitizeValidateFuzzer, RemoveHeadersFuzzer, DummyRequestFuzzer, ZalgoTextInHeadersFuzzer, VeryLargeUnicodeValuesInFieldsFuzzer, DecimalFieldsLeftBoundaryFuzzer, HttpMethodsFuzzer, MalformedJsonFuzzer, VeryLargeValuesInHeadersFuzzer, DecimalFieldsRightBoundaryFuzzer, InvalidValuesInEnumsFieldsFuzzer, EmptyStringValuesInHeadersFuzzer, BooleanFieldsFuzzer, CheckSecurityHeadersFuzzer, EmptyStringValuesInFieldsFuzzer, DummyAcceptHeadersFuzzer, IntegerFieldsRightBoundaryFuzzer, HttpStatusCodeInValidRangeContractInfoFuzzer, AbugidasCharsInStringFieldsSanitizeValidateFuzzer, StringFieldsRightBoundaryFuzzer, ExtremePositiveValueInIntegerFieldsFuzzer, IntegerFieldsLeftBoundaryFuzzer, UnsupportedContentTypesHeadersFuzzer, XmlContentTypeContractInfoFuzzer]
[][] ? skipping Skipping path /pet/{petId}/uploadImage
[][] ? skipping Skipping path /store/inventory
[][] ? skipping Skipping path /store/order
[][] ? skipping Skipping path /store/order/{orderId}
[][] ? skipping Skipping path /user
[][] ? skipping Skipping path /user/createWithArray
[][] ? skipping Skipping path /user/createWithList
[][] ? skipping Skipping path /user/login
[][] ? skipping Skipping path /user/logout
[][] ? skipping Skipping path /user/{username}
[][] ? skipping Skip printing time execution statistics. You can use --printExecutionStatistics to enable this feature!
[***][] ? complete CATS finished in 171 ms. Total (excluding skipped) requests 0. ? Passed 0, ? warnings: 0, ? errors: 0, ? skipped: 0. You can open the report here: file:///C:/Users/user1/Documents/TOOLS/CATS/cats-report/index.html