-
Notifications
You must be signed in to change notification settings - Fork 73
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
--securityFuzzerFile Argument not showing any results #39
Comments
Hi @stuti100. The /path
test1:
description: XSS Strings
httpMethod: POST
targetFieldTypes:
- string
stringsFile: xss.txt
expectedResponseCode: 200 The command you've used runs all the Fuzzers + the SecurityFuzzer. There is an alternate command to run only the SecurityFuzzer: > cats run --contract=XXX --server=SERVER --output=OUTPUT secure.yml |
Hi @en-milie,Thanks for answering.
|
@stuti100 Can you please send the OpenAPI specs, especially the |
Also wanted to know,while using cats run command we are unable to use --ignoreResponseCode and --paths? |
--paths and --ignoreXXX arguments cannot be used with 'cats run'. this is because you the security.yml file has the paths as the main keys so adding another --path argument is redundant. the security.yml file also has a expectedResponseCode entry which might get in conflict with the --ignoreXXX argument. but I'll think about this a bit and see what is the best way to introduce --ignoreXXX arguments in 'cats run'. |
Hi @stuti100. To tackle things in order:
|
Thanks @en-milie for updates.Hoping to see the next release soon. |
I was curious to use the security fuzzer offered by CATS but when ran,does not give the right result.Is this the right way to use it,I am using the command below (attached in screenshot)? If not please provide some additional info and how it outputs will look like?
The text was updated successfully, but these errors were encountered: