openapi-fuzzer
openapi-fuzzer copied to clipboard
matusf
Black-box fuzzer that fuzzes APIs based on OpenAPI specification. Find bugs for free!
I was wondering if the fuzzer was only generating random payloads from the spec, or was it able to reuse responses from the easy requests (ones that don't require a...
OpenAPI specification file: https://github.com/diem/diem/blob/main/api/doc/openapi.yaml Error: ``` thread 'main' panicked at 'not implemented: No support to dereference #/components/schemas/MoveAbility.', /Users/ilx/.cargo/registry/src/github.com-1ecc6299db9ec823/openapi_utils-0.2.1/src/reference.rs:69:17 note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace ``` Looked...
In some cases i`m interested in 404 or 200 responses. A flag would be great to tell the fuzzer to store all requests or (like the -i flag) to specify...
Hello! I tried to use this project to fuzz my API and it crashed. Here is the backtrace: ``` $ RUST_BACKTRACE=1 openapi-fuzzer -s spec-api.yaml -u https://test.local/api/v1 thread 'main' panicked at...
When trying to run the fuzzer with the following options: ``` RUST_BACKTRACE=1 openapi-fuzzer -s dist/bundled.json -u https://api.somehost.com ``` I will get the following output ``` thread 'main' panicked at 'No...
Hi, first - thank you for the project. It looks really nice. I will try it out soon. It would be nice if there would be some docker support so...
I have the following dummy openapi schema adapted from a json schema generated by a real API. This schema cannot be parsed by openapi-fuzzer 0.1.3 (built from master commit 7da1471)...
Not sure how we can use current cli in a CI build, if we could have a JUnit like test report in console, it simplifies the integration into a CI...
- https://docs.rs/snailquote/0.3.0/snailquote/fn.escape.html - https://doc.rust-lang.org/std/ascii/fn.escape_default.html - use `.escape_unicode()`
Hi! I'm trying to fuzz a public yaml: https://github.com/OAI/OpenAPI-Specification/blob/main/examples/v3.0/petstore.yaml with endpoint here https://petstore.swagger.io/v2 however, it fails with message (running with `RUST_BACKTRACE=1`) ``` $ openapi-fuzzer -s petstore.yaml -u https://petstore.swagger.io/v2/ thread 'main'...
