Duplicate Headers
| Item | Description |
|---|---|
| Full Fuzzer Name | DuplicateHeadersFuzzer |
| Log Key | DH |
| Description | This fuzzer will send duplicate headers. Even though the HTTP protocol allows duplicate headers, the expectation is that APIs will reject the request as invalid, in order to prevent unwanted behaviour. |
| Enabled by default? | Yes |
| Target header types | All |
| Expected result when fuzzed header is required | 4XX |
| Expected result when fuzzed header is optional | 4XX |
| Fuzzing logic | Iteratively duplicates each HTTP header. If the current path and HTTP method does not a header defined, CATS will generate a header named Cats-Fuzzy-Header and duplicate it. |
| Conditions when this fuzzer will be skipped | None |
| HTTP methods that will be skipped | None |
| Reporting | Reports error if: 1. response code is 404; 2. response code is documented, but not expected; 3. any unexpected exception. Reports warn if: 1. response code is expected and documented, but not matches response schema; 2. response code is expected, but not documented; 3. response code is 501. Reports success if: 1. response code is expected, documented and matches response schema. |