Date Range Inversion Fuzzer

Item	Description
Full Fuzzer Name	DateRangeInversionFuzzer
Log Key	DRI
Description	This fuzzer tests temporal validation logic by deliberately inverting date or time ranges in request payloads. It identifies pairs of fields that represent a logical date range (for example startDate / endDate, checkIn / checkOut) and sends requests where the start value is after the end value, verifying that the API correctly rejects invalid temporal relationships.
Enabled by default?	Yes
Target field types	OpenAPI type string with date or date-time semantics (format: date or format: date-time), or fields whose names imply date/time semantics
Expected result when fuzzed field is required	4XX
Expected result when fuzzed field is optional	4XX
Expected result when fuzzed value is not matching field pattern	4XX
Fuzzing logic	The fuzzer automatically discovers date range field pairs based on common naming patterns (e.g. startDate/endDate, checkIn/checkOut, validFrom/validTo, etc.) and then mutates the request as follows: 1. Parses both field values as date-time (OffsetDateTime) or date (LocalDate). 2. If the start value is before the end value, the two values are swapped so that start becomes after end. 3. If the original values are already inverted, the fuzzer pushes them further apart (start +10 days, end −10 days) to clearly violate the temporal constraint. 4. A single request is sent with both fields mutated simultaneously, ensuring the relationship is invalid rather than just a single malformed value.
Conditions when this fuzzer will be skipped	When no date range field pairs can be identified in the request OR when either field cannot be parsed as a date or date-time value.
HTTP methods that will be skipped	None
Reporting	Reports error if: 1. the API accepts the inverted date range (response code not in 4XX); 2. the response code is documented but not expected; 3. any unexpected exception occurs. Reports success if: 1. the API correctly rejects the inverted date range with a documented 4XX response.