Extreme Negative Numbers In Decimals
| Item | Description |
|---|---|
| Full Fuzzer Name | ExtremeNegativeNumbersInDecimalFieldsFuzzer |
| Log Key | ENNIDF |
| Description | This fuzzer will send outside the range values in decimal fields. The expectation is that APIs will reject the request as invalid as they might potentially break downstream systems. Furthermore, APIs should update their specs to define clear boundaries (minimum, maximum) for these fields. |
| Enabled by default? | Yes |
| Target field types | OpenAPI type number |
| Expected result when fuzzed field is required | 4XX |
| Expected result when fuzzed field is optional | 4XX |
| Expected result when fuzzed value is not matching field pattern | 4XX |
| Fuzzing logic | Iteratively replaces number fields with extreme negative decimal values: -1.7976931348623157E308 for format float, -3.5953862697246314E+308 for format double and -999999999999999999999999999999999999999999.99999999999 * 1.7976931348623157E308 for no format |
| Conditions when this fuzzer will be skipped | When field is not of type number |
| HTTP methods that will be skipped | None |
| Reporting | Reports error if: 1. response code is 404; 2. response code is documented, but not expected; 3. any unexpected exception. Reports warn if: 1. response code is expected and documented, but not matches response schema; 2. response code is expected, but not documented; 3. response code is 501. Reports success if: 1. response code is expected, documented and matches response schema. |