cats-11.2.0

Release notes:

• Handle IOException cases when parsing fails during response streaming
• Consistently handle non-json responses and empty responses
• Make Abugida fuzzer expect both 4xx and 2xx as not all services might proper sanitize data
• Make fields totally skippable for fuzzing using a !field syntax
• Fix issue with data generator that was not considering the fully qualified name
• Add new generator for cardholdername
• Check that --server is a valid URL in all commands
• Improve error reporting for FunctionalFuzzer and SecurityFuzzer for cases when custom file was empty or required keywords were not present

cats-11.1.0

Release notes:

• Fix for #101 #102 #14 #105 #106
• Add compatibility with OpenAPI 3.1 specs
• List mutators using cats list ...
• Allow custom mutators to load values from files
• Add new fuzzers for json keys
• Add new fuzzers that sends additional http methods
• Print error when OpenAPI spec is not valid
• Don't print progress in dry run as it has summary progress
• Add singular arguments for all plurals
• Add argument to limit number of possible anyOf/oneOf combinations
• Print proper error when supplied files are having wrong syntax
• Add more Generators to generate more real world data

cats-11.0.0

Release Notes:

• Fix for #98 when schema might be null for some reasons
• Fix issue with arrays of elements having objects using xxxOf
• Fix for #100 when enum might be null, do not issue warning for response schema matching
• Change PathPlurals linter's algorithm to accommodate resources/actions paths
• Add unused schemes in cats stats command
• Significantly Improve memory usage, especially when using with running more than 10000 tests, by not storing the entire test case after being written to disk
• Make report width bigger in order to accommodate large fuzzer names and large test numbers
• Update the LargeXXX and VeryLargeXXX fuzzers to expect response code 431 and don't match content type or response body
• Introduce continuous fuzzing using cats random ... that let's you run fuzzing continuously until certain stop conditions are met

cats-10.5.0

Release notes:

• Enhanced help for all commands and sub-commands, adding exit codes and examples
• Fix issue with --matchResponseRegex argument which was ignoring the regex
• Change expected result and response message for user dictionary and template fuzzers in order to match arguments supplied
• Fix for #94
• Fix NPE when expected response headers were null
• Skip json objects case linter for non-body http methods
• Fix issue with generating examples for array schemas with null internal schemas
• Add new argument toogle for cases when services might allow invalid values in enums
• Report errors even when running in blackbox mode and reporting is ignored
• Add new --matchInput argument to check if input is reflected in response
• Add new command to validate if OpenAPI specs are valid
• Fix for #96 - preserve data type for global variables in functional fuzzer

cats-10.4.1

Release notes:

• Make sure content types also include versioning or vendor extensions when matching
• Don't replace url params for RandomResourceFuzzer

cats-10.4.0

Release Notes:

• Fix intermitent failing test due regex generation issues
• Add idempotency and security headers in cats stats
• Fix issue in OverflowMapSize when map was null
• Optimize String generation and accomodate different corner cases based on size and regex
• Fix issue with JSON keys having spaces in name
• Add possibility to have multiple additional parameters in ref data file
• Throw exception when field is declared in path, but it doesn't have a definition
• Skip regex matching against schema pattern for VeryLargeXXXInFields fuzzers
• Fix matching paths failing due to { and } not being escaped
• Fix issue when path was longer than screen size
• Add condition to skip invalid maps
• Fix issue with multi-level anyOf/oneOf declarations in order to generate all possible combinations
• Add key=value pair arguments as alternative to file arguments
• Fix for #92 - NPE when schema was empty
• Add configurable response codes for fuzzers #89

cats-10.3.0

Release notes:

• Make cats stats customizable so that you can filter certain information
• Add more generated body names to naming linters
• Fix scenario name for QueryParamsCaseLinterFuzzer as it wasn't taking into consideration the naming name
• Remove path name from versions fuzzer as it runs globally
• When operationId is null return path + http method
• Fix reporting issue for global linters when running with --verbosity summary
• Fix reporting issue for FunctionalFuzzer in --verbosity summary
• Fix issue for oneOf/anyOf usage when one of the possibilities was actually nullable
• Add possibility to filter paths based on tag when using cats list --paths
• Add possibility to include/skip tags
• Introduce an additional regex generator library to accommodate additional weird regexes

cats-10.2.0

Release Notes:

• add new --maskHeaders argument to mask sensitive headers in report files
• CATS is now testing response content type and will report a warning if it doesn't match the contract; you can use --ignoreResponseContentTypeCheck to ignore this check
• add new fuzzers for random resources checking and response http headers checking
• VersionsLinterFuzzer will now check for versions in paths, servers definition and content type headers
• NamingsLinterFuzzer is now split into more granular linters
• 501 is now on the response code ignore list when running in --blackbox mode
• improve reporting for error scenarios
• add new cats stats sub-command to display some statistics about OpenAPI contracts
• add new argument to list info for a single path using the cats list sub-command

cats-10.1.0

Release notes:

• Add argument to skip deprecated operations
• Add argument to send application/merge-patch+json for PATCH operations
• Filter blank lines and commented lines from string files #84
• Add 6 new http fuzzers
• Add checkFalse and checkTrue to be used instead of checkBoolean in verify section
• Add possibility to replace entire request body with custom payload with SecurityFuzzer
• Fix for #85
• Add cats info sub-command to display details about OS and CATS version
• Fix for #86
• Fix progress issue for FunctionalFuzzer with --verbosity summary
• Make sure exceptions are displayed in --verbosity summary if CATS cannot run at all

cats-10.0.0

Release notes:

• Don't include request/response details in linters report file
• Fix issue with fields naming conventions being reported multiple times
• Add new argument to set max response time and fail tests if it's exceeded
• Make CATS banner be displayed only when printing help command
• Add 2 new arguments to filter based on field type and field format
• Fix issue for matching Cache-Control header when having multiple values
• Introduce new argument to control number of random headers sent by the random headers fuzzers
• Add argument to be able to filter anyOf and oneOf selection if only one is valid
• Add 8 new fuzzers that are sending non-json request with different values
• Display separator between tests considering the console columns

Changed behaviour:

• Make response json parser more relaxed and use rfc4627
• Preserve Of in the Fuzzers naming
• Make Payload default to be displayed when opening individual test cases
• Introduce --verbosity argument to allow a more compact output in console which default to summary and reduced CATS logging to less verbose output
• Don't attempt to run fuzzer if field is not part of the payload