Fuzz Test
Test Anatomy
Test File Anatomy
This section explains the key elements of the generated test files. This will enable you to make adjustments when needed quickly.
At the top of each file, we show when the test was generated and what command was used
Below, we import all relevant libraries and specify the URL for all test requests
We define a function per method that is tested. It consists of:
Invocation of Skyramp Client
Definition of the authentication header
Definition of the default request body (based on API schema or sample data)
Definition of all fuzzed body values
Definition of all expected response status codes for fuzzed body values (default = 40X)
Definition of all expected response status codes for
Nonebody valuesLoop through all fuzzed values. Each loop:
Creates a request with the fuzzed body value
Creates a request with the fuzzed value being
None
Status Code Assertion
Test Execution Behavior
The generated fuzz test will execute in the following way:
First, it will execute a request with the default body values from the API spec or sample data you provide
The test then iterates through each body value, changing the selected body value with a fuzzed value and
Nonewhile keeping the default values for all other keysLastly, it asserts the status codes of all requests. This is done at the end of the loop to avoid premature failure that would lead to unnecessary reruns of the test.
Default Fuzz Strategy
By default, Skyramp generates random data for all values in the request body and stores those in a separate dictionary. Additionally, the generated code contains a dictionary that stores the expected status codes for each fuzzed value. The default value is 40X. Below, we explain how to change those values to ensure your desired fuzz strategy quickly.
strings: All string values receive the value“0123456789"integer/float: Integers and floats are assigned the value-10boolean: The boolean value is changed to the opposite, e.g.truetofalse; if no default value is defined, we assignTrue.enum: A randomly generated string, that is not part of the enum, is assigned.
Test File Anatomy
This section explains the key elements of the generated test files. This will enable you to make adjustments when needed quickly.
At the top of each file, we show when the test was generated and what command was used
Below, we import all relevant libraries and specify the URL for all test requests
We define a function per method that is tested. It consists of:
Invocation of Skyramp Client
Definition of the authentication header
Definition of the default request body (based on API schema or sample data)
Definition of all fuzzed body values
Definition of all expected response status codes for fuzzed body values (default = 40X)
Definition of all expected response status codes for
Nonebody valuesLoop through all fuzzed values. Each loop:
Creates a request with the fuzzed body value
Creates a request with the fuzzed value being
None
Status Code Assertion
Test Execution Behavior
The generated fuzz test will execute in the following way:
First, it will execute a request with the default body values from the API spec or sample data you provide
The test then iterates through each body value, changing the selected body value with a fuzzed value and
Nonewhile keeping the default values for all other keysLastly, it asserts the status codes of all requests. This is done at the end of the loop to avoid premature failure that would lead to unnecessary reruns of the test.
Default Fuzz Strategy
By default, Skyramp generates random data for all values in the request body and stores those in a separate dictionary. Additionally, the generated code contains a dictionary that stores the expected status codes for each fuzzed value. The default value is 40X. Below, we explain how to change those values to ensure your desired fuzz strategy quickly.
strings: All string values receive the value“0123456789"integer/float: Integers and floats are assigned the value-10boolean: The boolean value is changed to the opposite, e.g.truetofalse; if no default value is defined, we assignTrue.enum: A randomly generated string, that is not part of the enum, is assigned.
Test File Anatomy
This section explains the key elements of the generated test files. This will enable you to make adjustments when needed quickly.
At the top of each file, we show when the test was generated and what command was used
Below, we import all relevant libraries and specify the URL for all test requests
We define a function per method that is tested. It consists of:
Invocation of Skyramp Client
Definition of the authentication header
Definition of the default request body (based on API schema or sample data)
Definition of all fuzzed body values
Definition of all expected response status codes for fuzzed body values (default = 40X)
Definition of all expected response status codes for
Nonebody valuesLoop through all fuzzed values. Each loop:
Creates a request with the fuzzed body value
Creates a request with the fuzzed value being
None
Status Code Assertion
Test Execution Behavior
The generated fuzz test will execute in the following way:
First, it will execute a request with the default body values from the API spec or sample data you provide
The test then iterates through each body value, changing the selected body value with a fuzzed value and
Nonewhile keeping the default values for all other keysLastly, it asserts the status codes of all requests. This is done at the end of the loop to avoid premature failure that would lead to unnecessary reruns of the test.
Default Fuzz Strategy
By default, Skyramp generates random data for all values in the request body and stores those in a separate dictionary. Additionally, the generated code contains a dictionary that stores the expected status codes for each fuzzed value. The default value is 40X. Below, we explain how to change those values to ensure your desired fuzz strategy quickly.
strings: All string values receive the value“0123456789"integer/float: Integers and floats are assigned the value-10boolean: The boolean value is changed to the opposite, e.g.truetofalse; if no default value is defined, we assignTrue.enum: A randomly generated string, that is not part of the enum, is assigned.
Python
Test Anatomy for All Methods of Endpoint
# Generated by Skyramp v1.2.11 on 2025-08-07 17:41:32.882693 -0400 EDT m=+1.149789668
# Command: skyramp generate fuzz rest https://demoshop.skyramp.dev/api/v1/products \
# --api-schema https://demoshop.skyramp.dev/openapi.json \
# --framework pytest \
# --language python \
# Import of required libraries
import skyramp
import os
import time
# URL for test requests
URL = "https://demoshop.skyramp.dev"
# Definition of authentication header
def get_header():
headers = {}
if os.getenv("SKYRAMP_TEST_TOKEN") is not None:
headers["Authorization"] = "Bearer " + os.getenv("SKYRAMP_TEST_TOKEN")
return headers
# fuzz test for /api/v1/products GET
def test_products_get():
# Invocation of Skyramp Client and calling of authentication header
client = skyramp.Client()
headers = get_header()
# Fuzz strategies
products_get_fuzzed_query = {
"limit": -9,
"offset": -10,
"order": "0123456789",
"orderBy": "0123456789"
}
# Fuzz status codes
expected_products_get_fuzzed_query_status_code = {
"limit": "40x",
"offset": "40x",
"order": "40x",
"orderBy": "40x"
}
# Execute Request
products_GET_response = client.send_request(
url=URL,
path="/api/v1/products",
method="GET",
headers=headers,
query_params={
"limit": 10,
"offset": 0,
"order": "asc",
"orderBy": None
},
expected_code="20x"
)
for key in products_get_fuzzed_query:
query_params = {
"limit": 10,
"offset": 0,
"order": "asc",
"orderBy": None
}
query_params[key] = products_get_fuzzed_query[key]
# Execute Request
products_GET_response = client.send_request(
url=URL,
path="/api/v1/products",
method="GET",
headers=headers,
query_params=query_params,
expected_code=expected_products_get_fuzzed_query_status_code[key],
description=f'Fuzzing query param { key } to { products_get_fuzzed_query[key] }'
)
query_params = {
"limit": 10,
"offset": 0,
"order": "asc",
"orderBy": None
}
query_params[key] = ""
# Execute Request
products_GET_response = client.send_request(
url=URL,
path="/api/v1/products",
method="GET",
headers=headers,
query_params=query_params,
expected_code=expected_products_get_fuzzed_query_status_code[key],
description=f'Fuzzing query param { key } to ""'
)
assert client.is_success()
# fuzz test for /api/v1/products POST
def test_products_post():
# Invocation of Skyramp Client and calling of authentication header
client = skyramp.Client()
headers = get_header()
# Request Body
products_POST_request_body = r'''{
"category": "Toys",
"description": "Bear Soft Toy",
"image_url": "https://images.app.goo.gl/cgcHpeehRdu5osot8",
"in_stock": true,
"name": "bigbear",
"price": 9.99
}'''
# Fuzz strategies
products_post_fuzzed_body = {
"category": "0123456789",
"description": "0123456789",
"image_url": "0123456789",
"in_stock": False,
"name": "0123456789",
"price": -10
}
# Fuzz status codes
expected_products_post_status_code = {
"category": "40x",
"description": "40x",
"image_url": "40x",
"in_stock": "40x",
"name": "40x",
"price": "40x"
}
# Fuzz status codes for Null values
expected_products_post_null_status_code = {
"category": "40x",
"description": "40x",
"image_url": "40x",
"in_stock": "40x",
"name": "40x",
"price": "40x"
}
# Execute Request
products_POST_response = client.send_request(
url=URL,
path="/api/v1/products",
method="POST",
body=products_POST_request_body,
headers=headers,
expected_code="20x"
)
for key in skyramp.iterate(products_post_fuzzed_body):
# Execute Request
products_POST_response = client.send_request(
url=URL,
path="/api/v1/products",
method="POST",
body=products_POST_request_body,
headers=headers,
data_override={key: skyramp.get_value(products_post_fuzzed_body, key)},
expected_code=skyramp.get_value(expected_products_post_status_code, key),
description=f'Fuzzing request body { key } to { skyramp.get_value(products_post_fuzzed_body, key) }'
)
# Execute Request
products_POST_response = client.send_request(
url=URL,
path="/api/v1/products",
method="POST",
body=products_POST_request_body,
headers=headers,
data_override={key: None},
expected_code=skyramp.get_value(expected_products_post_null_status_code, key),
description=f'Fuzzing request body { key } to None'
)
assert client.is_success()
# fuzz test for /api/v1/products/{product_id} GET
def test_products_product_id_get():
# Invocation of Skyramp Client and calling of authentication header
client = skyramp.Client()
headers = get_header()
# Declaration of variables
product_id = 0
# Execute Request
products_product_id_GET_response = client.send_request(
url=URL,
path="/api/v1/products/{product_id}",
method="GET",
headers=headers,
path_params={"product_id": product_id},
expected_code="20x"
)
assert client.is_success()
# fuzz test for /api/v1/products/{product_id} PUT
def test_products_product_id_put():
# Invocation of Skyramp Client and calling of authentication header
client = skyramp.Client()
headers = get_header()
# Declaration of variables
product_id = 0
# Request Body
products_product_id_PUT_request_body = r'''{
"category": "Toys",
"description": "Bear Soft Toy",
"image_url": "https://images.app.goo.gl/cgcHpeehRdu5osot8",
"in_stock": true,
"name": "bigbear",
"price": 9.99
}'''
# Fuzz strategies
products_product_id_put_fuzzed_body = {
"category": "0123456789",
"description": "0123456789",
"image_url": "0123456789",
"in_stock": False,
"name": "0123456789",
"price": -10
}
# Fuzz status codes
expected_products_product_id_put_status_code = {
"category": "40x",
"description": "40x",
"image_url": "40x",
"in_stock": "40x",
"name": "40x",
"price": "40x"
}
# Fuzz status codes for Null values
expected_products_product_id_put_null_status_code = {
"category": "40x",
"description": "40x",
"image_url": "40x",
"in_stock": "40x",
"name": "40x",
"price": "40x"
}
# Execute Request
products_product_id_PUT_response = client.send_request(
url=URL,
path="/api/v1/products/{product_id}",
method="PUT",
body=products_product_id_PUT_request_body,
headers=headers,
path_params={"product_id": product_id},
expected_code="20x"
)
for key in skyramp.iterate(products_product_id_put_fuzzed_body):
# Execute Request
products_product_id_PUT_response = client.send_request(
url=URL,
path="/api/v1/products/{product_id}",
method="PUT",
body=products_product_id_PUT_request_body,
headers=headers,
path_params={"product_id": product_id},
data_override={key: skyramp.get_value(products_product_id_put_fuzzed_body, key)},
expected_code=skyramp.get_value(expected_products_product_id_put_status_code, key),
description=f'Fuzzing request body { key } to { skyramp.get_value(products_product_id_put_fuzzed_body, key) }'
)
# Execute Request
products_product_id_PUT_response = client.send_request(
url=URL,
path="/api/v1/products/{product_id}",
method="PUT",
body=products_product_id_PUT_request_body,
headers=headers,
path_params={"product_id": product_id},
data_override={key: None},
expected_code=skyramp.get_value(expected_products_product_id_put_null_status_code, key),
description=f'Fuzzing request body { key } to None'
)
assert client.is_success()
# fuzz test for /api/v1/products/{product_id} DELETE
def test_products_product_id_delete():
# Invocation of Skyramp Client and calling of authentication header
client = skyramp.Client()
headers = get_header()
# Declaration of variables
product_id = 0
# Execute Request
products_product_id_DELETE_response = client.send_request(
url=URL,
path="/api/v1/products/{product_id}",
method="DELETE",
headers=headers,
path_params={"product_id": product_id},
expected_code="20x"
)
assert client.is_success()
if __name__ == "__main__":
test_products_get()
test_products_post()
test_products_product_id_get()
test_products_product_id_put()
test_products_product_id_delete()
Change fuzzed value(s)
You can easily change the generated fuzz values as well as the expected status codes.
Update Fuzz Strategies (line 120)
# Fuzz strategies
products_post_fuzzed_body = {
- "category": "0123456789",
- "description": "0123456789",
- "image_url": "0123456789",
- "in_stock": True,
- "name": "0123456789",
- "price": -10
+ "category": "01234565678789",
+ "description": "01256783456789",
+ "image_url": "01234567856789",
+ "in_stock": False,
+ "name": "0123782879456789",
+ "price": -3728
Update Expected Status Codes (line 129)
# Fuzz status codes
expected_products_post_status_code = {
- "category": "40x",
- "description": "40x",
- "image_url": "40x",
- "in_stock": "40x",
- "name": "40x",
+ "category": "20x",
+ "description": "20x",
+ "image_url": "20x",
+ "in_stock": "20x",
+ "name": "50x",
"price": "40x"
Python
Test Anatomy for All Methods of Endpoint
# Generated by Skyramp v1.2.11 on 2025-08-07 17:41:32.882693 -0400 EDT m=+1.149789668
# Command: skyramp generate fuzz rest https://demoshop.skyramp.dev/api/v1/products \
# --api-schema https://demoshop.skyramp.dev/openapi.json \
# --framework pytest \
# --language python \
# Import of required libraries
import skyramp
import os
import time
# URL for test requests
URL = "https://demoshop.skyramp.dev"
# Definition of authentication header
def get_header():
headers = {}
if os.getenv("SKYRAMP_TEST_TOKEN") is not None:
headers["Authorization"] = "Bearer " + os.getenv("SKYRAMP_TEST_TOKEN")
return headers
# fuzz test for /api/v1/products GET
def test_products_get():
# Invocation of Skyramp Client and calling of authentication header
client = skyramp.Client()
headers = get_header()
# Fuzz strategies
products_get_fuzzed_query = {
"limit": -9,
"offset": -10,
"order": "0123456789",
"orderBy": "0123456789"
}
# Fuzz status codes
expected_products_get_fuzzed_query_status_code = {
"limit": "40x",
"offset": "40x",
"order": "40x",
"orderBy": "40x"
}
# Execute Request
products_GET_response = client.send_request(
url=URL,
path="/api/v1/products",
method="GET",
headers=headers,
query_params={
"limit": 10,
"offset": 0,
"order": "asc",
"orderBy": None
},
expected_code="20x"
)
for key in products_get_fuzzed_query:
query_params = {
"limit": 10,
"offset": 0,
"order": "asc",
"orderBy": None
}
query_params[key] = products_get_fuzzed_query[key]
# Execute Request
products_GET_response = client.send_request(
url=URL,
path="/api/v1/products",
method="GET",
headers=headers,
query_params=query_params,
expected_code=expected_products_get_fuzzed_query_status_code[key],
description=f'Fuzzing query param { key } to { products_get_fuzzed_query[key] }'
)
query_params = {
"limit": 10,
"offset": 0,
"order": "asc",
"orderBy": None
}
query_params[key] = ""
# Execute Request
products_GET_response = client.send_request(
url=URL,
path="/api/v1/products",
method="GET",
headers=headers,
query_params=query_params,
expected_code=expected_products_get_fuzzed_query_status_code[key],
description=f'Fuzzing query param { key } to ""'
)
assert client.is_success()
# fuzz test for /api/v1/products POST
def test_products_post():
# Invocation of Skyramp Client and calling of authentication header
client = skyramp.Client()
headers = get_header()
# Request Body
products_POST_request_body = r'''{
"category": "Toys",
"description": "Bear Soft Toy",
"image_url": "https://images.app.goo.gl/cgcHpeehRdu5osot8",
"in_stock": true,
"name": "bigbear",
"price": 9.99
}'''
# Fuzz strategies
products_post_fuzzed_body = {
"category": "0123456789",
"description": "0123456789",
"image_url": "0123456789",
"in_stock": False,
"name": "0123456789",
"price": -10
}
# Fuzz status codes
expected_products_post_status_code = {
"category": "40x",
"description": "40x",
"image_url": "40x",
"in_stock": "40x",
"name": "40x",
"price": "40x"
}
# Fuzz status codes for Null values
expected_products_post_null_status_code = {
"category": "40x",
"description": "40x",
"image_url": "40x",
"in_stock": "40x",
"name": "40x",
"price": "40x"
}
# Execute Request
products_POST_response = client.send_request(
url=URL,
path="/api/v1/products",
method="POST",
body=products_POST_request_body,
headers=headers,
expected_code="20x"
)
for key in skyramp.iterate(products_post_fuzzed_body):
# Execute Request
products_POST_response = client.send_request(
url=URL,
path="/api/v1/products",
method="POST",
body=products_POST_request_body,
headers=headers,
data_override={key: skyramp.get_value(products_post_fuzzed_body, key)},
expected_code=skyramp.get_value(expected_products_post_status_code, key),
description=f'Fuzzing request body { key } to { skyramp.get_value(products_post_fuzzed_body, key) }'
)
# Execute Request
products_POST_response = client.send_request(
url=URL,
path="/api/v1/products",
method="POST",
body=products_POST_request_body,
headers=headers,
data_override={key: None},
expected_code=skyramp.get_value(expected_products_post_null_status_code, key),
description=f'Fuzzing request body { key } to None'
)
assert client.is_success()
# fuzz test for /api/v1/products/{product_id} GET
def test_products_product_id_get():
# Invocation of Skyramp Client and calling of authentication header
client = skyramp.Client()
headers = get_header()
# Declaration of variables
product_id = 0
# Execute Request
products_product_id_GET_response = client.send_request(
url=URL,
path="/api/v1/products/{product_id}",
method="GET",
headers=headers,
path_params={"product_id": product_id},
expected_code="20x"
)
assert client.is_success()
# fuzz test for /api/v1/products/{product_id} PUT
def test_products_product_id_put():
# Invocation of Skyramp Client and calling of authentication header
client = skyramp.Client()
headers = get_header()
# Declaration of variables
product_id = 0
# Request Body
products_product_id_PUT_request_body = r'''{
"category": "Toys",
"description": "Bear Soft Toy",
"image_url": "https://images.app.goo.gl/cgcHpeehRdu5osot8",
"in_stock": true,
"name": "bigbear",
"price": 9.99
}'''
# Fuzz strategies
products_product_id_put_fuzzed_body = {
"category": "0123456789",
"description": "0123456789",
"image_url": "0123456789",
"in_stock": False,
"name": "0123456789",
"price": -10
}
# Fuzz status codes
expected_products_product_id_put_status_code = {
"category": "40x",
"description": "40x",
"image_url": "40x",
"in_stock": "40x",
"name": "40x",
"price": "40x"
}
# Fuzz status codes for Null values
expected_products_product_id_put_null_status_code = {
"category": "40x",
"description": "40x",
"image_url": "40x",
"in_stock": "40x",
"name": "40x",
"price": "40x"
}
# Execute Request
products_product_id_PUT_response = client.send_request(
url=URL,
path="/api/v1/products/{product_id}",
method="PUT",
body=products_product_id_PUT_request_body,
headers=headers,
path_params={"product_id": product_id},
expected_code="20x"
)
for key in skyramp.iterate(products_product_id_put_fuzzed_body):
# Execute Request
products_product_id_PUT_response = client.send_request(
url=URL,
path="/api/v1/products/{product_id}",
method="PUT",
body=products_product_id_PUT_request_body,
headers=headers,
path_params={"product_id": product_id},
data_override={key: skyramp.get_value(products_product_id_put_fuzzed_body, key)},
expected_code=skyramp.get_value(expected_products_product_id_put_status_code, key),
description=f'Fuzzing request body { key } to { skyramp.get_value(products_product_id_put_fuzzed_body, key) }'
)
# Execute Request
products_product_id_PUT_response = client.send_request(
url=URL,
path="/api/v1/products/{product_id}",
method="PUT",
body=products_product_id_PUT_request_body,
headers=headers,
path_params={"product_id": product_id},
data_override={key: None},
expected_code=skyramp.get_value(expected_products_product_id_put_null_status_code, key),
description=f'Fuzzing request body { key } to None'
)
assert client.is_success()
# fuzz test for /api/v1/products/{product_id} DELETE
def test_products_product_id_delete():
# Invocation of Skyramp Client and calling of authentication header
client = skyramp.Client()
headers = get_header()
# Declaration of variables
product_id = 0
# Execute Request
products_product_id_DELETE_response = client.send_request(
url=URL,
path="/api/v1/products/{product_id}",
method="DELETE",
headers=headers,
path_params={"product_id": product_id},
expected_code="20x"
)
assert client.is_success()
if __name__ == "__main__":
test_products_get()
test_products_post()
test_products_product_id_get()
test_products_product_id_put()
test_products_product_id_delete()
Change fuzzed value(s)
You can easily change the generated fuzz values as well as the expected status codes.
Update Fuzz Strategies (line 120)
# Fuzz strategies
products_post_fuzzed_body = {
- "category": "0123456789",
- "description": "0123456789",
- "image_url": "0123456789",
- "in_stock": True,
- "name": "0123456789",
- "price": -10
+ "category": "01234565678789",
+ "description": "01256783456789",
+ "image_url": "01234567856789",
+ "in_stock": False,
+ "name": "0123782879456789",
+ "price": -3728
Update Expected Status Codes (line 129)
# Fuzz status codes
expected_products_post_status_code = {
- "category": "40x",
- "description": "40x",
- "image_url": "40x",
- "in_stock": "40x",
- "name": "40x",
+ "category": "20x",
+ "description": "20x",
+ "image_url": "20x",
+ "in_stock": "20x",
+ "name": "50x",
"price": "40x"
Python
Test Anatomy for All Methods of Endpoint
# Generated by Skyramp v1.2.11 on 2025-08-07 17:41:32.882693 -0400 EDT m=+1.149789668
# Command: skyramp generate fuzz rest https://demoshop.skyramp.dev/api/v1/products \
# --api-schema https://demoshop.skyramp.dev/openapi.json \
# --framework pytest \
# --language python \
# Import of required libraries
import skyramp
import os
import time
# URL for test requests
URL = "https://demoshop.skyramp.dev"
# Definition of authentication header
def get_header():
headers = {}
if os.getenv("SKYRAMP_TEST_TOKEN") is not None:
headers["Authorization"] = "Bearer " + os.getenv("SKYRAMP_TEST_TOKEN")
return headers
# fuzz test for /api/v1/products GET
def test_products_get():
# Invocation of Skyramp Client and calling of authentication header
client = skyramp.Client()
headers = get_header()
# Fuzz strategies
products_get_fuzzed_query = {
"limit": -9,
"offset": -10,
"order": "0123456789",
"orderBy": "0123456789"
}
# Fuzz status codes
expected_products_get_fuzzed_query_status_code = {
"limit": "40x",
"offset": "40x",
"order": "40x",
"orderBy": "40x"
}
# Execute Request
products_GET_response = client.send_request(
url=URL,
path="/api/v1/products",
method="GET",
headers=headers,
query_params={
"limit": 10,
"offset": 0,
"order": "asc",
"orderBy": None
},
expected_code="20x"
)
for key in products_get_fuzzed_query:
query_params = {
"limit": 10,
"offset": 0,
"order": "asc",
"orderBy": None
}
query_params[key] = products_get_fuzzed_query[key]
# Execute Request
products_GET_response = client.send_request(
url=URL,
path="/api/v1/products",
method="GET",
headers=headers,
query_params=query_params,
expected_code=expected_products_get_fuzzed_query_status_code[key],
description=f'Fuzzing query param { key } to { products_get_fuzzed_query[key] }'
)
query_params = {
"limit": 10,
"offset": 0,
"order": "asc",
"orderBy": None
}
query_params[key] = ""
# Execute Request
products_GET_response = client.send_request(
url=URL,
path="/api/v1/products",
method="GET",
headers=headers,
query_params=query_params,
expected_code=expected_products_get_fuzzed_query_status_code[key],
description=f'Fuzzing query param { key } to ""'
)
assert client.is_success()
# fuzz test for /api/v1/products POST
def test_products_post():
# Invocation of Skyramp Client and calling of authentication header
client = skyramp.Client()
headers = get_header()
# Request Body
products_POST_request_body = r'''{
"category": "Toys",
"description": "Bear Soft Toy",
"image_url": "https://images.app.goo.gl/cgcHpeehRdu5osot8",
"in_stock": true,
"name": "bigbear",
"price": 9.99
}'''
# Fuzz strategies
products_post_fuzzed_body = {
"category": "0123456789",
"description": "0123456789",
"image_url": "0123456789",
"in_stock": False,
"name": "0123456789",
"price": -10
}
# Fuzz status codes
expected_products_post_status_code = {
"category": "40x",
"description": "40x",
"image_url": "40x",
"in_stock": "40x",
"name": "40x",
"price": "40x"
}
# Fuzz status codes for Null values
expected_products_post_null_status_code = {
"category": "40x",
"description": "40x",
"image_url": "40x",
"in_stock": "40x",
"name": "40x",
"price": "40x"
}
# Execute Request
products_POST_response = client.send_request(
url=URL,
path="/api/v1/products",
method="POST",
body=products_POST_request_body,
headers=headers,
expected_code="20x"
)
for key in skyramp.iterate(products_post_fuzzed_body):
# Execute Request
products_POST_response = client.send_request(
url=URL,
path="/api/v1/products",
method="POST",
body=products_POST_request_body,
headers=headers,
data_override={key: skyramp.get_value(products_post_fuzzed_body, key)},
expected_code=skyramp.get_value(expected_products_post_status_code, key),
description=f'Fuzzing request body { key } to { skyramp.get_value(products_post_fuzzed_body, key) }'
)
# Execute Request
products_POST_response = client.send_request(
url=URL,
path="/api/v1/products",
method="POST",
body=products_POST_request_body,
headers=headers,
data_override={key: None},
expected_code=skyramp.get_value(expected_products_post_null_status_code, key),
description=f'Fuzzing request body { key } to None'
)
assert client.is_success()
# fuzz test for /api/v1/products/{product_id} GET
def test_products_product_id_get():
# Invocation of Skyramp Client and calling of authentication header
client = skyramp.Client()
headers = get_header()
# Declaration of variables
product_id = 0
# Execute Request
products_product_id_GET_response = client.send_request(
url=URL,
path="/api/v1/products/{product_id}",
method="GET",
headers=headers,
path_params={"product_id": product_id},
expected_code="20x"
)
assert client.is_success()
# fuzz test for /api/v1/products/{product_id} PUT
def test_products_product_id_put():
# Invocation of Skyramp Client and calling of authentication header
client = skyramp.Client()
headers = get_header()
# Declaration of variables
product_id = 0
# Request Body
products_product_id_PUT_request_body = r'''{
"category": "Toys",
"description": "Bear Soft Toy",
"image_url": "https://images.app.goo.gl/cgcHpeehRdu5osot8",
"in_stock": true,
"name": "bigbear",
"price": 9.99
}'''
# Fuzz strategies
products_product_id_put_fuzzed_body = {
"category": "0123456789",
"description": "0123456789",
"image_url": "0123456789",
"in_stock": False,
"name": "0123456789",
"price": -10
}
# Fuzz status codes
expected_products_product_id_put_status_code = {
"category": "40x",
"description": "40x",
"image_url": "40x",
"in_stock": "40x",
"name": "40x",
"price": "40x"
}
# Fuzz status codes for Null values
expected_products_product_id_put_null_status_code = {
"category": "40x",
"description": "40x",
"image_url": "40x",
"in_stock": "40x",
"name": "40x",
"price": "40x"
}
# Execute Request
products_product_id_PUT_response = client.send_request(
url=URL,
path="/api/v1/products/{product_id}",
method="PUT",
body=products_product_id_PUT_request_body,
headers=headers,
path_params={"product_id": product_id},
expected_code="20x"
)
for key in skyramp.iterate(products_product_id_put_fuzzed_body):
# Execute Request
products_product_id_PUT_response = client.send_request(
url=URL,
path="/api/v1/products/{product_id}",
method="PUT",
body=products_product_id_PUT_request_body,
headers=headers,
path_params={"product_id": product_id},
data_override={key: skyramp.get_value(products_product_id_put_fuzzed_body, key)},
expected_code=skyramp.get_value(expected_products_product_id_put_status_code, key),
description=f'Fuzzing request body { key } to { skyramp.get_value(products_product_id_put_fuzzed_body, key) }'
)
# Execute Request
products_product_id_PUT_response = client.send_request(
url=URL,
path="/api/v1/products/{product_id}",
method="PUT",
body=products_product_id_PUT_request_body,
headers=headers,
path_params={"product_id": product_id},
data_override={key: None},
expected_code=skyramp.get_value(expected_products_product_id_put_null_status_code, key),
description=f'Fuzzing request body { key } to None'
)
assert client.is_success()
# fuzz test for /api/v1/products/{product_id} DELETE
def test_products_product_id_delete():
# Invocation of Skyramp Client and calling of authentication header
client = skyramp.Client()
headers = get_header()
# Declaration of variables
product_id = 0
# Execute Request
products_product_id_DELETE_response = client.send_request(
url=URL,
path="/api/v1/products/{product_id}",
method="DELETE",
headers=headers,
path_params={"product_id": product_id},
expected_code="20x"
)
assert client.is_success()
if __name__ == "__main__":
test_products_get()
test_products_post()
test_products_product_id_get()
test_products_product_id_put()
test_products_product_id_delete()
Change fuzzed value(s)
You can easily change the generated fuzz values as well as the expected status codes.
Update Fuzz Strategies (line 120)
# Fuzz strategies
products_post_fuzzed_body = {
- "category": "0123456789",
- "description": "0123456789",
- "image_url": "0123456789",
- "in_stock": True,
- "name": "0123456789",
- "price": -10
+ "category": "01234565678789",
+ "description": "01256783456789",
+ "image_url": "01234567856789",
+ "in_stock": False,
+ "name": "0123782879456789",
+ "price": -3728
Update Expected Status Codes (line 129)
# Fuzz status codes
expected_products_post_status_code = {
- "category": "40x",
- "description": "40x",
- "image_url": "40x",
- "in_stock": "40x",
- "name": "40x",
+ "category": "20x",
+ "description": "20x",
+ "image_url": "20x",
+ "in_stock": "20x",
+ "name": "50x",
"price": "40x"