From 3d3dd38b72ebf26fdd4e5516c6c7994303a1db95 Mon Sep 17 00:00:00 2001 From: Madalin Ilie Date: Fri, 8 Mar 2024 09:01:56 +0200 Subject: [PATCH] Add details about loading mutator values from custom file --- docs/getting-started/mutators.md | 16 ++++++++++++++++ docs/intro.md | 2 +- 2 files changed, 17 insertions(+), 1 deletion(-) diff --git a/docs/getting-started/mutators.md b/docs/getting-started/mutators.md index da9aeb18f..fc86f44b2 100644 --- a/docs/getting-started/mutators.md +++ b/docs/getting-started/mutators.md @@ -29,6 +29,22 @@ where: - `type` is one of `TRAIL, INSERT, PREFIX, REPLACE, REPLACE_BODY, IN_BODY` - `values` an array of possible values that will be used by the mutator for random selection +If `values` is a simple string (not an array as above) it will be interpreted as a file location and try to load the fuzz values from that file. An example: + +```yaml +name: xss mutator from file +type: replace +values: /my/full/path/to/xss.txt +``` + +CATS will load all values from `/my/full/path/to/xss.txt` and randomly select when fuzzing. + +:::caution +The path to the file with fuzz values must be relative to where you run CATS from, not the location where the custom fuzzer file is. +Or you can use an absolute path. +::: + + This is what each `type` means: - `trail` will trail a valid field value with the one generated by the mutator diff --git a/docs/intro.md b/docs/intro.md index 09a066898..c5fc7d869 100644 --- a/docs/intro.md +++ b/docs/intro.md @@ -21,7 +21,7 @@ CATS is: - **📖 Simple to Learn**: flat learning curve, with intuitive configuration and syntax - **⚡️ Fast**: automatic process for writing, running and reporting -By using a simple and minimal syntax, with a flat learning curve, CATS (**C**ontract **A**uto-generated **T**ests for **S**wagger) enables you to generate thousands of API tests within minutes with **no coding effort**. +By using a simple and minimal syntax, with a flat learning curve, CATS (**C**ontract **A**API **T**esting **S**ecurity) enables you to generate thousands of API tests within minutes with **no coding effort**. All tests are **generated, run and reported automatically** based on a pre-defined set of **100+ Fuzzers**. The Fuzzers cover a wide range of boundary testing and negative scenarios from random large Unicode values to well crafted, context dependant values based on the request data types and constraints. Even more, you can **leverage** the fact that **CATS** generates request payloads dynamically and **write simple end-to-end functional tests**.