fuzz-lightyear
fuzz-lightyear copied to clipboard
Yelp
A pytest-inspired, DAST framework, capable of identifying vulnerabilities in a distributed, micro-service ecosystem through chaos engineering testing and stateful, Swagger fuzzing.
### Reproduction Steps ``` $ fuzz-lightyear https://petstore.swagger.io/v2/swagger.json -v -t user.loginUser ... simplejson.errors.JSONDecodeError: Expecting value: line 1 column 1 (char 0) ``` ### Analysis Looking at the issue, it looks like...
Bumps [jinja2](https://github.com/pallets/jinja) from 2.11.3 to 3.1.3. Release notes Sourced from jinja2's releases. 3.1.3 This is a fix release for the 3.1.x feature branch. Fix for GHSA-h5c8-rqwp-cp95. You are affected if...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [werkzeug](https://github.com/pallets/werkzeug) from 0.15.5 to 3.0.1. Release notes Sourced from werkzeug's releases. 3.0.1 This is a security release for the 3.0.x feature branch. Changes: https://werkzeug.palletsprojects.com/en/3.0.x/changes/#version-3-0-1 3.0.0 This is a feature...
Bumps [urllib3](https://github.com/urllib3/urllib3) from 1.26.17 to 1.26.18. Release notes Sourced from urllib3's releases. 1.26.18 Made body stripped from HTTP requests changing the request method to GET after HTTP 303 "See Other"...
Bumps [flask](https://github.com/pallets/flask) from 1.1.1 to 2.2.5. Release notes Sourced from flask's releases. 2.2.5 This is a security fix release for the 2.2.x release branch. Note that 2.3.x is the currently...
Bumps [py](https://github.com/pytest-dev/py) from 1.8.0 to 1.10.0. Changelog Sourced from py's changelog. 1.10.0 (2020-12-12) Fix a regular expression DoS vulnerability in the py.path.svnwc SVN blame functionality (CVE-2020-29651) Update vendored apipkg: 1.4...
Hello, This is a nice project. I try to us it to test my api, but it run fail when server with self signed certificate. This is exception report ```...
Hi Team! While testing Fuzz-lightyear against [Mozilla Kinto](https://docs.kinto-storage.org/en/stable/api/index.html) we have faced with issue related with propagating non-valuable data through request sequences. Could you please check our results? While generating a...
`fuzz-lightyear` has [a test case](https://github.com/Yelp/fuzz-lightyear/blob/2d2d87931af4a6098e9f69de953f1cafe3669074/tests/unit/supplements/factory_supplements_test.py#L116),`test_nested_endpoint_dependency_uses_default `, which currently fails. We want to support this case in the future, but making this change is somewhat difficult. Here's the problem: Consider the...
Hi team, First of all thanks for the great tool! 😃 Currently I'm configuring and testing it against [Apache ServiceComb Service Center](https://github.com/apache/servicecomb-service-center). I've noticed that if endpoint have two or...
