New Fields
| Item | Description |
|---|---|
| Full Fuzzer Name | NewFieldsFuzzer |
| Log Key | NF |
| Description | This fuzzer will inject a new field in a valid payload. If the request is for a method with body, the injection will happen within the json body, otherwise the injection will happen as an additional query param. The expectation is that APIs will reject the requests with json bodies in order to prevent injection of random data. |
| Enabled by default? | Yes |
| Target field types | N/A |
| Expected result when fuzzed field is required | N/A |
| Expected result when fuzzed field is optional | N/A |
| Expected result when fuzzed value is not matching field pattern | N/A |
| Fuzzing logic | Add a new field within the request body or query param. Expects 4XX for HTTP verbs with body (POST, PUT, PATCH) or 2XXfor HTTP verbs without body (GET, DELETE) |
| Conditions when this fuzzer will be skipped | None |
| HTTP methods that will be skipped | None |
| Reporting | Reports error if: 1. response code is 404; 2. response code is documented, but not expected; 3. any unexpected exception. Reports warn if: 1. response code is expected and documented, but not matches response schema; 2. response code is expected, but not documented; 3. response code is 501. Reports success if: 1. response code is expected, documented and matches response schema. |