Swap Discriminator Values Fields Fuzzer
| Item | Description |
|---|---|
| Full Fuzzer Name | SwapDiscriminatorValuesFieldsFuzzer |
| Log Key | SDVF |
| Description | This fuzzer targets OpenAPI discriminator fields and replaces the current discriminator value with a different valid discriminator value from the set of known discriminator mappings. The goal is to verify that the API enforces discriminator/type correctness and does not incorrectly accept or mis-handle payloads whose discriminator indicates a different subtype (which can lead to deserialization confusion, validation gaps, or unintended processing paths). |
| Enabled by default? | Yes |
| Target field types | Discriminator fields (OpenAPI polymorphism / discriminator-based schemas) |
| Expected result when fuzzed field is required | 4XX |
| Expected result when fuzzed field is optional | 4XX |
| Expected result when fuzzed value is not matching field pattern | 4XX |
| Fuzzing logic | Iteratively replaces discriminator fields with swapped discriminator values: 1. Identifies discriminator fields using the global discriminator registry ( catsGlobalContext::isDiscriminator). 2. Reads the current discriminator value from the request payload. 3. Retrieves the list/set of known discriminator values for that discriminator field from the global context. 4. Generates fuzz values by selecting all discriminator values except the current one. 5. Sends requests where the discriminator is changed, while keeping the rest of the payload unchanged, expecting rejection ( 4XX). |
| Conditions when this fuzzer will be skipped | When the field is not a discriminator field OR when no alternative discriminator values are known for that field (no values available to swap to). |
| HTTP methods that will be skipped | GET, DELETE, HEAD (inherited from BaseReplaceFieldsFuzzer) |
| Reporting | Reports success if: 1. The API rejects the request with swapped discriminator values using a 4XX response (proper polymorphic validation). Reports error if: 1. The API accepts the swapped discriminator value (e.g., 2XX) or behaves unexpectedly, indicating a potential type-confusion / validation weakness. |