Enum Case Variant Fields Fuzzer
| Item | Description |
|---|---|
| Full Fuzzer Name | EnumCaseVariantFieldsFuzzer |
| Log Key | ECVF |
| Description | This fuzzer tests case sensitivity handling for enum fields by sending enum values with randomized letter casing (for example ACTIVE → aCtIvE). It helps detect APIs that incorrectly treat enums as case-insensitive, leading to inconsistent validation, unexpected behavior, or hidden contract violations. |
| Enabled by default? | Yes |
| Target field types | OpenAPI fields with defined enum values |
| Expected result when fuzzed field is required | 2XX |
| Expected result when fuzzed field is optional | 2XX |
| Expected result when fuzzed value is not matching field pattern | 2XX |
| Fuzzing logic | Iteratively replaces enum fields with case-variant versions of their allowed values: 1. Iterates through all enum values defined in the OpenAPI schema. 2. For each enum value, generates a random casing variant (upper/lower/mixed case). 3. Ensures the generated value is not identical to any of the original enum literals. 4. Sends each mutated value individually while keeping the rest of the request unchanged. |
| Conditions when this fuzzer will be skipped | When the field is not an enum, OR the field is a discriminator, OR the field is not present in the request payload. |
| HTTP methods that will be skipped | None |
| Reporting | Reports success if: 1. The API accepts the case-variant enum value with a 2XX response, indicating case-insensitive handling. Reports error if: 1. The API rejects the value with a non- 2XX response, indicating strict case-sensitive validation that contradicts expected behavior for this fuzzer. |