cats-7.3.1

Release Notes:

• Fix for #44
• Fix for #48 by adding new --queryParams argument to supply additional params in query which are not part of the API specs
• Fix issue with --dryRun not properly reporting all tests
• Fix issue with NO_COLOR variable being ignore by the native binaries
• Fix some issues with native binaries due to GraalVM updates

cats-7.3.0

Release Notes:

• Fix for #43
• Change logic of AbugidasFields fuzzer to reflect the fact that the payloads contain both unicode control chars as well as valid characters
• Change ZalgoText fuzzer to prefix valid values rather than replace
• Introduce a --selfReferenceDepth argument used when there are cyclic dependencies between objects
• Remove TrimValidate, ValidateTrim, SanitizeValidate, ValidateSanitize from fuzzer names
• Introduce junit report summary format
• Fix issue in StringGenerator that was looping indefinetly for some patterns
• Fix issue for some query params not being properly url escaped
• Fix issue when content type was not properly added when using custom vendor headers
• Make XXXOnlyFuzzers run for DELETE and GET
• Update dependencies to latest versions

cats-7.2.1

Release noted:

• fix for #42
• #39 allow > cats run security.yml to use the --ignoreXXX arguments
• improve output of > cats run
• improve display and diagnostic for contract linters
• change numeric fields to Number instead of String

cats-7.2.0

Release notes:

• Add non-JSON responses in the final report as raw data
• Print log line when content-type is not supported or not recognised
• Detect cyclic dependencies and gracefully handle them
• Add support for application/x-www-form-urlencoded
• Add -D argument for cats replay
• Add more debug logs for better troubleshooting
• Properly generate email example when format email
• Add field for NewFieldsFuzzer in query params for GET and DELETE requests

cats-7.1.1

Release notes:

• fix for TemplateFuzzer failing with NPE in some cases
• remove note log when running subcommands
• a new lint sub-command to run only ContractInfoFuzzers. These fuzzers are not included in standard run anymore. checkContract is also not available anymore. You can use --includeContract if you want to get these fuzzers back in the standard run

cats-7.1.0

Release Notes:

• improve diagnostic in case of failures by adding more debug logs and a new argument -D to enable debugging
• add a new TemplateFuzzer used to fuzz pre-defined request templates, rather than OpenAPI contracts. You can use this via cats fuzz [arguments]
• add possibility to record non-json requests in final report
• add possibility to ignore responses based on: size, number or words, number of lines or a specific regex; prior to this it was only possible via response codes
• update dependencies to latest versions

cats-7.0.6

Release notes:

• Fix for #32
• Fix for #34
• Add possibility to ignore results in final report for ignored response codes (using --)
• Enable empty and null field Fuzzers to run for GET query params
• Add new Fuzzers for abugidas characters
• Update dependencies to latest version

7.0.5

Release Notes:

• Add new Fuzzer for Zalgo Text in headers
• Add targetFieldTypes element in SecurityFuzzer
• Add possibility to add all as path name in SecurityFuzzer
• Add new Fuzzer for abugidas chars in headers
• Rename CustomFuzzer to FunctionalFuzzer

cats-7.0.4

Release notes:

• Third attempt to fix Swagger 2 spec parsing in native binaries

7.0.3

Release Notes:

• Hotfix for Swagger 2 specs not being parsed by native images