Temporal Logic Fields Fuzzer

Item	Description
Full Fuzzer Name	TemporalLogicFieldsFuzzer
Log Key	TLF
Description	This fuzzer tests semantic temporal validation by injecting logically invalid date/time values into request payloads. It focuses on breaking business rules rather than syntactic validation, such as sending a startDate after an endDate, setting expiry dates in the past, or providing future dates where only past values should be allowed.
Enabled by default?	Yes
Target field types	Date and date-time fields (string with temporal semantics), inferred from field names
Expected result when fuzzed field is required	4XX
Expected result when fuzzed field is optional	4XX
Expected result when fuzzed value is not matching field pattern	4XX
Fuzzing logic	Injects semantically invalid temporal values based on field-name heuristics: 1. Normalizes field names (lowercase, alphanumeric only) to improve matching reliability. 2. Identifies temporal intent using keyword-based rules:   • Start-like fields (start, from, validFrom) → set to future (now + 5 days).   • End-like fields (end, to, validTo, until, expiry) → set to past (now - 5 days).   • Expiry fields (expire, expiry) → set far in the past (now - 1 year).   • Future-only fields (scheduled, next, due) → set to past (now - 1 day).   • Past-only fields (created, birth, issue) → set to future (now + 1 year). 3. Collects all detected violations and executes a single fuzzing run that replaces only the affected fields. 4. Sends the request expecting the API to reject it with 4XX.
Conditions when this fuzzer will be skipped	When no temporal fields are detected in the request payload based on naming heuristics.
HTTP methods that will be skipped	None
Reporting	Reports success if: 1. The API rejects semantically invalid temporal values with a documented 4XX response. Reports error if: 1. The API accepts invalid temporal relationships (e.g., startDate > endDate). 2. The API returns an unexpected response code, indicating missing or inconsistent business-rule validation.