cats-8.0.0

Release notes:

• Allow payloads to be supplied as env variables in TemplateFuzzer
• Display response code in summary report page
• Update description of some Fuzzers to be more comprehensive
• Add new Fuzzers: DefaultValuesInFieldsFuzzer, IterateThroughEnumValuesFieldsFuzzer, ReplaceObjectsWithPrimitivesFieldsFuzzer, VeryLargeDecimalsInNumericFieldsFuzzer, VeryLargeIntegersInNumericFieldsFuzzer
• Rename some Fuzzers to be more comprehensive. This may cause breaking changes when filtering based on Fuzzers names
• Add response headers in individual test case report
• Display more details in final report in case of IO exceptions
• Properly format date and date-time when returning values from examples
• Update to Java 17
• Add reason for skipping for boundary Fuzzers when schema not matching String schema
• Allow to set root level without specifying the package using --log "error"
• Add timestamp of test case in final report
• Print "empty response" if IO exception
• Add http method name in the summary report
• When a Fuzzer is selected from the drop-down the selection will remain active when going back in browser
• Take into consideration enums when generating numbers
• Don't send Content-Type for GET and DELETE
• Fix issue with report summary json not being properly created when using native binaries
• Export time execution details as json
• Add non-zero exit codes when something goes wrong: 191 on invalid input and 192 on execution exception
• Don't create cats-report folder when doing a --dryRun
• Add possibility to have environment variables in headers when running cats replay ...

cats-7.3.2

Release Notes:

• Fix issue with some oneOf/anyOf models not properly generating all request combinations
• Fix issue with InvalidValuesInEnumsFieldsFuzzer running for non-enum fields
• Fix issue with boundary fuzzers running for date and date-time fields

cats-7.3.1

Release Notes:

• Fix for #44
• Fix for #48 by adding new --queryParams argument to supply additional params in query which are not part of the API specs
• Fix issue with --dryRun not properly reporting all tests
• Fix issue with NO_COLOR variable being ignore by the native binaries
• Fix some issues with native binaries due to GraalVM updates

cats-7.3.0

Release Notes:

• Fix for #43
• Change logic of AbugidasFields fuzzer to reflect the fact that the payloads contain both unicode control chars as well as valid characters
• Change ZalgoText fuzzer to prefix valid values rather than replace
• Introduce a --selfReferenceDepth argument used when there are cyclic dependencies between objects
• Remove TrimValidate, ValidateTrim, SanitizeValidate, ValidateSanitize from fuzzer names
• Introduce junit report summary format
• Fix issue in StringGenerator that was looping indefinetly for some patterns
• Fix issue for some query params not being properly url escaped
• Fix issue when content type was not properly added when using custom vendor headers
• Make XXXOnlyFuzzers run for DELETE and GET
• Update dependencies to latest versions

cats-7.2.1

Release noted:

• fix for #42
• #39 allow > cats run security.yml to use the --ignoreXXX arguments
• improve output of > cats run
• improve display and diagnostic for contract linters
• change numeric fields to Number instead of String

cats-7.2.0

Release notes:

• Add non-JSON responses in the final report as raw data
• Print log line when content-type is not supported or not recognised
• Detect cyclic dependencies and gracefully handle them
• Add support for application/x-www-form-urlencoded
• Add -D argument for cats replay
• Add more debug logs for better troubleshooting
• Properly generate email example when format email
• Add field for NewFieldsFuzzer in query params for GET and DELETE requests

cats-7.1.1

Release notes:

• fix for TemplateFuzzer failing with NPE in some cases
• remove note log when running subcommands
• a new lint sub-command to run only ContractInfoFuzzers. These fuzzers are not included in standard run anymore. checkContract is also not available anymore. You can use --includeContract if you want to get these fuzzers back in the standard run

cats-7.1.0

Release Notes:

• improve diagnostic in case of failures by adding more debug logs and a new argument -D to enable debugging
• add a new TemplateFuzzer used to fuzz pre-defined request templates, rather than OpenAPI contracts. You can use this via cats fuzz [arguments]
• add possibility to record non-json requests in final report
• add possibility to ignore responses based on: size, number or words, number of lines or a specific regex; prior to this it was only possible via response codes
• update dependencies to latest versions

cats-7.0.6

Release notes:

• Fix for #32
• Fix for #34
• Add possibility to ignore results in final report for ignored response codes (using --)
• Enable empty and null field Fuzzers to run for GET query params
• Add new Fuzzers for abugidas characters
• Update dependencies to latest version

7.0.5

Release Notes:

• Add new Fuzzer for Zalgo Text in headers
• Add targetFieldTypes element in SecurityFuzzer
• Add possibility to add all as path name in SecurityFuzzer
• Add new Fuzzer for abugidas chars in headers
• Rename CustomFuzzer to FunctionalFuzzer