cats-8.5.0

Release notes:

• Enhance the capability of expressions that can be used in custom files and reference data files; they can ruse output variables as well as request/response fields
• Fix for #63
• Add non-zero exit codes when there are errors for lint and run sub-commands
• Improve linting for naming conventions. You can configure now the naming strategy for each element like: paths, path variables, headrs, etc.
• Empty array responses are now consider to match response schemas
• Add log line when Fuzzer finishes

cats-8.4.2

Release Notes:

• Fix string generation issue when schema had pattern but no min/max
• Fix issue with query params being defined as object schema
• Fix issue with allOf schemas and required fields part of root schema
• Ignore cases when searching for a validation error for a field in the response

cats-8.4.1

Release notes:

• Add 2 new Fuzzers that will send a large number of HTTP headers
• Separate CR & LF characters into a dedicated Fuzzer to target HTTP headers
• Fix issue when discriminator was an enum with it's own schema
• Ignore cases when searching for a validation error for a field in the response

cats-8.4.0

Release notes:

• Fix for #53
• Add 'curl' section in final report so that you can copy & paste a curl request to reproduce a CATS test case
• Add cats replay section in final report so that you can copy & paste to re-run the test case using CATS
• Add new command to list OpenAPI formats supported by cats: cats list --formats
• Add more invalid data generators for OpenAPI formats

cats-8.3.1

Release notes:

• Fix issue with auth script not properly refreshing after configured interval
• Fix issue with custom contentType not being properly loaded from the specs
• Make custom Fuzzers allow generic response codes for expectedResponseCode
• Make SecurityFuzzer consider the supplied http method and optimise for nosql injection strings
• Improve generation of values for fixed length fuzzers

cats-8.3.0

Release Notes:

• Introduce possibility to check boolean expression in verify section using checkBoolean keyword
• Fix issue with SpecialFuzzers not running at all since SpecialFuzzers are not loaded by default anymore
• Add new Fuzzer to send full Examples from the OpenAPI specs
• Add new generators for additional OpenAPI formats. See https://endava.github.io/cats/docs/getting-started/openapi-formats
• Remove Fuzzer from fuzzer names from console and reports
• Change generators for boundary and extreme numbers to better aligned with the OpenaAPI defined formats
• Change generator for integer left boundary to return Long.MAX and Integer.MAX
• Add log for http method and path when starting fuzzer
• Display output with no format for cats list command
• Avoid double base64 encoding of byte and binary data examples
• Skip boundary fuzzers for numbers when field is ref data
• Improve error messages to be more informative
• Add informative messages if cats detects many io exception or 401/403s
• Don't run Exact fuzzers when field has a format

cats-8.2.0

Release Notes:

• Add exact path from contract in final report. Any fuzzing will be visible in the full path section
• Add new fuzzer called InvalidReferencesFieldFuzzer that will fuzz URL parameters with a pre-defined set of payloads
• Don't replace ref data when replacing objects with primitives
• Add possibility to set authorisation headers using a script. Use -H Auth-Header=auth_script and provide the script file using --authRefreshScript
• Fuzz authentication headers when using UserDictionaryHeadersFuzzer
• Fix issue when PUT and POST had empty bodies
• Avoid logging duplicate lines when skipping HTTP methods
• Fix issue when not properly fuzzing json arrays
• Take examples from Parameters
• Make some fuzzers skip if payload is empty
• Add fuzzer to check if resources are still available after successful DELETE
• Addition small bug fixes

cats-8.1.0

Release notes:

• Improve fuzzers description to be more comprehensible
• Make logging less verbose out of the box
• Change --checkHeaders to -A in order to use -H for headers across all commands and sub-commands
• Add possibility to supply headers using -H (similar to curl)
• Add possibility to supply headers using -H to override headers when using cats replay
• Add possibility to supply wildcard paths in --paths and --skipPaths
• Fix failure when request didn't have body, but cats was trying to match post and delete
• Fix info reporting when --skipReportingForIgnored is enabled. Now tests are marked as ignored
• Remove SpecialFuzzers from the default run
• Add Custom User Dictionary Fuzzer for headers: UserDictionartyFieldsFuzzer and UserDictionaryHeadersFuzzer. They are enabled when using --words: cats -contract=<CONTRACT> --server=<SERVER> --words=<CUSTOM_DICTIONARY>

cats-8.0.0

Release notes:

• Allow payloads to be supplied as env variables in TemplateFuzzer
• Display response code in summary report page
• Update description of some Fuzzers to be more comprehensive
• Add new Fuzzers: DefaultValuesInFieldsFuzzer, IterateThroughEnumValuesFieldsFuzzer, ReplaceObjectsWithPrimitivesFieldsFuzzer, VeryLargeDecimalsInNumericFieldsFuzzer, VeryLargeIntegersInNumericFieldsFuzzer
• Rename some Fuzzers to be more comprehensive. This may cause breaking changes when filtering based on Fuzzers names
• Add response headers in individual test case report
• Display more details in final report in case of IO exceptions
• Properly format date and date-time when returning values from examples
• Update to Java 17
• Add reason for skipping for boundary Fuzzers when schema not matching String schema
• Allow to set root level without specifying the package using --log "error"
• Add timestamp of test case in final report
• Print "empty response" if IO exception
• Add http method name in the summary report
• When a Fuzzer is selected from the drop-down the selection will remain active when going back in browser
• Take into consideration enums when generating numbers
• Don't send Content-Type for GET and DELETE
• Fix issue with report summary json not being properly created when using native binaries
• Export time execution details as json
• Add non-zero exit codes when something goes wrong: 191 on invalid input and 192 on execution exception
• Don't create cats-report folder when doing a --dryRun
• Add possibility to have environment variables in headers when running cats replay ...

cats-7.3.2

Release Notes:

• Fix issue with some oneOf/anyOf models not properly generating all request combinations
• Fix issue with InvalidValuesInEnumsFieldsFuzzer running for non-enum fields
• Fix issue with boundary fuzzers running for date and date-time fields