⛏️ Write test for parameter pollution

[ankush-jain-akto]

💭 Introduction Create a YAML test to check for parameter pollution in a POST request.

📚 Reading

You can find a detailed documentation of test editor rules here

Find 100+ examples of YAML tests here

🎯 Requirements

1. Filters - The test should run only on POST APIs that have at least 2 input arguments in the JSON

2. Execute - It should remove 1 entry and add the removed key-value pair at the end of a different value. For example, eg, if original payload looks like

{
    "name": "John",
    "age" : "36"
}

the attempt should look like

{
    "name": "John&age=36"
}

3. Validation - If the application responds with a positive response code and response body is 80% similar to the original mirrored Response body, the API endpoint is vulnerable to this kind of input validation flaw.

✅ Task summary:

• [ ] Ask to be assigned to the issue.
• [ ] Wait to be assigned. We will try to assign in less than 2 hours.
• [ ] Fork the tests-library repository, create a new branch and commit the yaml file which will be called in your test.
• [ ] Signup for Akto
• [ ] Check in the Attempt tab, if the payload changes, then task is done.
• [ ] Submit the PR here.

🙋🏼‍♂️ Questions: If you have questions, need any help, or just want to hang out, make sure to join us on our Discord server.

[nandini584]

Could you please assign me this issue?

[Atharva1723]

Can I work on this issue?

[nandini584]

Could you review my pr? @ankush-jain-akto https://github.com/akto-api-security/tests-library/pull/25

[avneesh-akto]

Hi @nandini584 . Your yaml is invalid. Also you have missed some fields in the test template. Please run the templates and only on successful run submit a PR.

[nandini584]

Yeah, sure I will redo it.

[MacroAndMicro]

Hello @ankush-jain-akto and @Ankita28g Can I please work on this issue?

[avneesh-akto]

I've assigned it to you, @MacroAndMicro . Happy hacking! Feel free to join our Discord if you need assistance.