Malformed JSON
| Item | Description |
|---|---|
| Full Fuzzer Name | MalformedJsonFuzzer |
| Log Key | MJ |
| Description | This fuzzer will send a request with an invalid JSON. The expectation is that APIs reject the request as invalid. |
| Enabled by default? | Yes |
| Expected result | 4XX |
| Fuzzing logic | Iteratively sends an invalid JSON for each path and HTTP method. |
| Conditions when this fuzzer will be skipped | None |
| HTTP methods that will be skipped | GET, DELETE |
| Reporting | Reports error if: 1. response code is 404; 2. response code is documented, but not expected; 3. any unexpected exception. Reports warn if: 1. response code is expected and documented, but not matches response schema; 2. response code is expected, but not documented; 3. response code is 501. Reports success if: 1. response code is expected, documented and matches response schema. |
info
Please note that because the CATS report will only display valid JSON files for both request and responses, the final report won't display the malformed JSON which includes the bla string at the end.
No need to worry, as CATS is actually sending the right malformed data to the service. You can check the running logs for the line starting with Final payload: to see the exact string which is being send to the service.