Skip to main content

Abugidas In Strings

This Fuzzer has 2 flavours depending on the --sanitizationStrategy.

Abugidas in String Fields SANITIZE_AND_VALIDATE

ItemDescription
Full Fuzzer NameAbugidasInStringFieldsSanitizeValidateFuzzer
Log KeyAISF
DescriptionThis fuzzer inserts abugida characters (జ్ఞ‌ా and স্র‌ু) in valid values. The expectation is that APIs will sanitize the \u200c character and leave only the జ్ఞ and .
Enabled by default?Yes
Target field typesOpenAPI type string
Expected result when fuzzed field is required2XX
Expected result when fuzzed field is optional2XX
Expected result when fuzzed value is not matching field pattern4XX
Fuzzing logicIteratively inserts abugigas characters in string fields
Conditions when this fuzzer will be skippedWhen field is not of type string OR field is an enum OR field is a discriminator OR field is reference data
HTTP methods that will be skippedNone
ReportingReports error if: 1. response code is 404; 2. response code is documented, but not expected; 3. any unexpected exception.

Reports warn if: 1. response code is expected and documented, but not matches response schema; 2. response code is expected, but not documented; 3. response code is 501.

Reports success if: 1. response code is expected, documented and matches response schema.

Abugidas in String Fields VALIDATE_AND_SANITIZE

ItemDescription
Full Fuzzer NameAbugidasInStringFieldsValidateSanitizeFuzzer
Log KeyAISF
DescriptionThis fuzzer inserts abugida characters (జ్ఞ‌ా and স্র‌ু) in valid values. As the sanitization is assumed post-validation, the expectation is that APIs reject the request as invalid.
Enabled by default?Yes
Target field typesOpenAPI type string
Expected result when fuzzed field is required4XX
Expected result when fuzzed field is optional4XX
Expected result when fuzzed value is not matching field pattern4XX
Fuzzing logicIteratively inserts abugigas characters in string fields
Conditions when this fuzzer will be skippedWhen field is not of type string OR field is an enum OR field is a discriminator OR field is reference data
HTTP methods that will be skippedNone
ReportingReports error if: 1. response code is 404; 2. response code is documented, but not expected; 3. any unexpected exception.

Reports warn if: 1. response code is expected and documented, but not matches response schema; 2. response code is expected, but not documented; 3. response code is 501.

Reports success if: 1. response code is expected, documented and matches response schema.