Overflow Map Size
| Item | Description |
|---|---|
| Full Fuzzer Name | OverflowMapSizeFieldsFuzzer |
| Log Key | OMSF |
| Description | This fuzzer will overflow the size of OpenAPI map elements (i.e. elements that have additionalProperties defined). The expectation is that APIs will reject the request as invalid. |
| Enabled by default? | Yes |
| Target field types | All map fields |
| Expected result when fuzzed field is required | 4XX |
| Expected result when fuzzed field is optional | 4XX |
| Expected result when fuzzed value is not matching field pattern | 4XX |
| Fuzzing logic | Iteratively replaces OpenAPI map elements with maps having size bigger with 10 elements than the maxProperties attribute. If no maxProperties is defined, the fuzzer will send the number of elements defined in the --largeStringsSize argument, which defaults to 40 000 if not provided. |
| Conditions when this fuzzer will be skipped | When field is not an OpenAPI map |
| HTTP methods that will be skipped | None |
| Reporting | Reports error if: 1. response code is 404; 2. response code is documented, but not expected; 3. any unexpected exception. Reports warn if: 1. response code is expected and documented, but not matches response schema; 2. response code is expected, but not documented; 3. response code is 501. Reports success if: 1. response code is expected, documented and matches response schema. |