Skip to main content

string-format-almost-valid

Run cats list --formats for a full list of supported formats.

String Format Almost Valid Values

ItemDescription
Full Fuzzer NameStringFormatAlmostValidValuesFuzzer
Log KeySFAVV
DescriptionThis fuzzer will target string fields with defined formats. It will generate values which are almost valid, hopping that the validation regexes of the APIs will fail. The expectation is that APIs will reject the requests as invalid.
Enabled by default?Yes
Target field typesOpenAPI type string
Expected result when fuzzed field is required4XX
Expected result when fuzzed field is optional4XX
Expected result when fuzzed value is not matching field pattern4XX
Fuzzing logicIteratively replaces string with defined formats with values which are almost correct. Target formats: date, date-time, password, uuid, email, hostname, ip, uri, byte, binary (run cats list --formats for a full list of supported formats)
Conditions when this fuzzer will be skippedWhen field is not a recognized format: date, date-time, password, uuid, email, hostname, ip, uri, byte, binary (run cats list --formats for a full list of supported formats)
HTTP methods that will be skippedNone
ReportingReports error if: 1. response code is 404; 2. response code is documented, but not expected; 3. any unexpected exception.

Reports warn if: 1. response code is expected and documented, but not matches response schema; 2. response code is expected, but not documented; 3. response code is 501.

Reports success if: 1. response code is expected, documented and matches response schema.