Skip to main content

Within Whitespaces

This Fuzzer has 2 flavours depending on the --edgeSpacesStrategy.

Within Whitespaces In Fields TRIM_AND_VALIDATE

ItemDescription
Full Fuzzer NameWithinWhitespacesInFieldsTrimValidateFuzzer
Log KeyWWIF
DescriptionThis fuzzer inserts whitespaces within fields. The expectation is that APIs will sanitize the input values, thus removing whitespaces and handle the request as a happy path.
Enabled by default?No. You need to supply --includeWhitespaces argument
Target field typesAll
Expected result when fuzzed field is required2XX
Expected result when fuzzed field is optional2XX
Expected result when fuzzed value is not matching field pattern2XX
Fuzzing logicIteratively inserts whitespaces within fields. The Fuzzer contains 18 whitespaces characters like: CR, LF, TAB, THIN SPACE, etc.
Conditions when this fuzzer will be skippedWhen field is a discriminator
HTTP methods that will be skippedNone
ReportingReports error if: 1. response code is 404; 2. response code is documented, but not expected; 3. any unexpected exception.

Reports warn if: 1. response code is expected and documented, but not matches response schema; 2. response code is expected, but not documented; 3. response code is 501.

Reports success if: 1. response code is expected, documented and matches response schema.

Within Whitespaces In Fields VALIDATE_AND_TRIM

ItemDescription
Full Fuzzer NameWithinWhitespacesInFieldsValidateTrimFuzzer
Log KeyWWIF
DescriptionThis fuzzer inserts whitespaces within fields. As the sanitization is assumed post-validation, the expectation is that APIs reject the request as invalid.
Enabled by default?No. You need to supply --includeWhitespaces argument
Target field typesAll
Expected result when fuzzed field is required4XX
Expected result when fuzzed field is optional4XX
Expected result when fuzzed value is not matching field pattern4XX
Fuzzing logicIteratively inserts whitespaces within fieldss. The Fuzzer contains 18 whitespaces characters like: CR, LF, TAB, THIN SPACE, etc.
Conditions when this fuzzer will be skippedWhen field is a discriminator
HTTP methods that will be skippedNone
ReportingReports error if: 1. response code is 404; 2. response code is documented, but not expected; 3. any unexpected exception.

Reports warn if: 1. response code is expected and documented, but not matches response schema; 2. response code is expected, but not documented; 3. response code is 501.

Reports success if: 1. response code is expected, documented and matches response schema.