From 8eaf445d1310aa51136144d6cbe864979b094584 Mon Sep 17 00:00:00 2001 From: yuchou87 Date: Wed, 6 May 2026 21:58:34 +0800 Subject: [PATCH 1/3] feat(gen): batch LLM annotation with --annotation-batch flag MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add configurable batch annotation to reduce LLM round-trips during the semantic annotation pre-pass. Previously: 36 operations × ~15s per call = ~9 minutes sequential. With --annotation-batch=10: 4 batches × ~20s per call ≈ ~1–2 minutes. Design: - --annotation-batch N (default 0 = sequential, one call per op) - Each batch sends N operations in one prompt; LLM returns a JSON array keyed by operation_id (not array index) for reliable matching - Partial failure: if a batch returns fewer entries than requested, ops without a matching operation_id get no annotation — generation continues - Batch JSON error: ops in that batch get no annotation, warn logged - Engine.SetAnnotationBatch(n) for programmatic control Reliability: - operation_id-keyed responses survive LLM reordering or omissions - parseBatchAnnotations silently drops entries missing operation_id - Invalid JSON returns nil map → all ops in batch get no annotation - No cascading retry per op (annotation is best-effort by design) Tests: - TestEngine_BatchAnnotation_EmitsOneEventPerOp: TUI progress unaffected - TestEngine_BatchAnnotation_AnnotatesOpsCorrectly: key-based matching - TestEngine_BatchAnnotation_BatchFailureIsGraceful: invalid JSON safe - TestEngine_BatchAnnotation_SplitsIntoBatches: 5 ops / batch=3 → 2 calls - TestParseBatchAnnotations_*: unit tests for the parser - AT-252: --annotation-batch flag registered in gen --help --- ...in_audit_logs_get_auth_chain_4b81d9bb.hurl | 44 + ..._row_10_action_user_disabled_e73ed081.hurl | 15 + ...e_row_11_action_team_created_a820fea5.hurl | 15 + ...tion_tree_row_1_action_login_80f9a912.hurl | 15 + ...e_row_2_action_spec_uploaded_ee7cf268.hurl | 15 + ...ee_row_3_action_spec_updated_df4697d4.hurl | 15 + ...row_4_action_service_deleted_ba4c28cb.hurl | 15 + ...e_row_5_action_grant_created_2874616a.hurl | 15 + ...e_row_6_action_grant_revoked_4511e41f.hurl | 15 + ...e_row_7_action_token_created_e290ff04.hurl | 15 + ...e_row_8_action_token_revoked_5a6e9137.hurl | 15 + ...ee_row_9_action_user_created_e92e324e.hurl | 15 + ...p_api2_broken_authentication_eb7a16db.hurl | 12 + ..._level_authorization_missing_b02abc71.hurl | 13 + ...pi7_injection_path_traversal_a1c2c8cc.hurl | 15 + ...et_owasp_api7_injection_sqli_605a4d60.hurl | 15 + ...get_owasp_api7_injection_xss_0d70db14.hurl | 15 + ...est_with_all_required_fields_04940e9f.hurl | 19 + ..._cors_security_configuration_744c12cf.hurl | 16 + ...ent_second_call_must_be_safe_1f6fc417.hurl | 33 + ..._id_delete_idor_id_0_zero_id_c0c54349.hurl | 16 + ..._delete_idor_id_99999_alt_id_b20f3be6.hurl | 16 + ...te_missing_required_param_id_57e2f5d8.hurl | 12 + ...pi1_bola_unauthorized_access_d8d75c69.hurl | 12 + ...p_api2_broken_authentication_2b26b1b2.hurl | 12 + ..._level_authorization_missing_640109d2.hurl | 13 + ...pi7_injection_path_traversal_5cfaf557.hurl | 15 + ...te_owasp_api7_injection_sqli_3883f876.hurl | 15 + ...ete_owasp_api7_injection_xss_7e26f4e3.hurl | 15 + ...est_with_all_required_fields_03c20c58.hurl | 16 + ..._cors_security_configuration_ff243297.hurl | 16 + ..._cors_security_configuration_4b672517.hurl | 16 + ...ent_second_call_must_be_safe_dc1513dd.hurl | 45 + ...s_assignment_financial_probe_297a0e33.hurl | 22 + ...ss_assignment_identity_probe_c9fe2f6f.hurl | 22 + ...s_assignment_privilege_probe_c8fb1c8e.hurl | 22 + ...mass_assignment_status_probe_6072976c.hurl | 22 + ...issing_required_field_teamid_8397ba83.hurl | 16 + ...issing_required_field_teamid_bc585ae5.hurl | 16 + ...ing_required_param_serviceid_3dc3ff8a.hurl | 12 + ...mutation_teamid_empty_string_717311a7.hurl | 22 + ...id_integer_instead_of_string_cea11786.hurl | 22 + ...t_mutation_teamid_null_value_3c6b4929.hurl | 22 + ...d_oversized_string_300_chars_452218de.hurl | 22 + ...pi1_bola_unauthorized_access_b7125bf5.hurl | 12 + ...p_api2_broken_authentication_6bc9b636.hurl | 12 + ..._bopla_property_level_access_26712b87.hurl | 24 + ...ction_level_authorization_mi_544e90d2.hurl | 13 + ...t_owasp_api6_mass_assignment_29a92605.hurl | 26 + ...pi7_injection_path_traversal_b621722f.hurl | 15 + ...ut_owasp_api7_injection_sqli_53f0e55f.hurl | 15 + ...put_owasp_api7_injection_xss_3ad867af.hurl | 15 + ...uired_omission_teamid_absent_d24b98db.hurl | 20 + ...tion_teamid_missing_required_c8b11e1e.hurl | 16 + ...tation_nullable_field_teamid_f06bfa27.hurl | 22 + ...on_teamid_wrong_type_boolean_5b55ebea.hurl | 18 + ...on_teamid_wrong_type_integer_87eccc15.hurl | 18 + ...fuzzing_teamid_bidi_override_e30f1b9e.hurl | 18 + ..._fuzzing_teamid_control_char_00caba6f.hurl | 18 + ...code_fuzzing_teamid_overlong_5dc313b9.hurl | 18 + ...unicode_fuzzing_teamid_zalgo_c1fa3472.hurl | 18 + ...de_fuzzing_teamid_zero_width_1c0a1d4a.hurl | 18 + ...est_with_all_required_fields_c8662867.hurl | 22 + ...rong_content_type_text_plain_16d39238.hurl | 18 + ...i_admin_teams_get_auth_chain_3977085e.hurl | 44 + ...p_api2_broken_authentication_1e347647.hurl | 12 + ..._level_authorization_missing_a9276ccc.hurl | 13 + ...est_with_all_required_fields_978ae5a8.hurl | 16 + ...ent_second_call_must_be_safe_2d2c1dda.hurl | 33 + ..._id_delete_idor_id_0_zero_id_04e9a0f9.hurl | 16 + ..._delete_idor_id_99999_alt_id_0d533645.hurl | 16 + ...te_missing_required_param_id_d700a9bc.hurl | 12 + ...pi1_bola_unauthorized_access_a23b7745.hurl | 12 + ...p_api2_broken_authentication_f7305717.hurl | 12 + ..._level_authorization_missing_1f9d5ef0.hurl | 13 + ...pi7_injection_path_traversal_726d486c.hurl | 15 + ...te_owasp_api7_injection_sqli_e0aa0be4.hurl | 15 + ...ete_owasp_api7_injection_xss_cdcba009.hurl | 15 + ...est_with_all_required_fields_2f56068b.hurl | 16 + ...grants_get_idor_id_0_zero_id_625bb61d.hurl | 16 + ...nts_get_idor_id_99999_alt_id_1e7138b3.hurl | 16 + ...et_missing_required_param_id_aa4a85d2.hurl | 12 + ...pi1_bola_unauthorized_access_9c3bba1f.hurl | 12 + ...p_api2_broken_authentication_2dae98a0.hurl | 12 + ..._level_authorization_missing_8f5433a6.hurl | 13 + ...pi7_injection_path_traversal_b5400171.hurl | 15 + ...et_owasp_api7_injection_sqli_a7917f13.hurl | 15 + ...get_owasp_api7_injection_xss_269d7a97.hurl | 15 + ...est_with_all_required_fields_d5427a01.hurl | 17 + ..._cors_security_configuration_8b59e761.hurl | 16 + ...ent_second_call_must_be_safe_810053e8.hurl | 57 + ...rants_post_idor_id_0_zero_id_82f1376b.hurl | 16 + ...ts_post_idor_id_99999_alt_id_14f8c7cc.hurl | 16 + ...s_assignment_financial_probe_8b55910b.hurl | 28 + ...ss_assignment_identity_probe_74060ffe.hurl | 28 + ...s_assignment_privilege_probe_eaaad8f0.hurl | 28 + ...mass_assignment_status_probe_54b93b94.hurl | 28 + ...ing_required_field_serviceid_33636c2c.hurl | 23 + ...ing_required_field_serviceid_62d899fa.hurl | 23 + ...st_missing_required_param_id_aee10eee.hurl | 12 + ...mutation_branches_null_value_3f1f0acd.hurl | 26 + ...ches_object_instead_of_array_c0bd2a08.hurl | 26 + ...ches_string_instead_of_array_963f2d23.hurl | 26 + ...ation_expiresat_empty_string_2894700e.hurl | 28 + ...at_integer_instead_of_string_c03df9f9.hurl | 28 + ...xpiresat_invalid_date_format_6260c870.hurl | 28 + ...utation_expiresat_null_value_759658e7.hurl | 28 + ...t_oversized_string_300_chars_0ee96c4d.hurl | 28 + ...n_granteeteamid_empty_string_7d06efc6.hurl | 28 + ...ion_granteeteamid_null_value_0064709a.hurl | 28 + ...post_null_injection_branches_e32391c6.hurl | 22 + ...ost_null_injection_expiresat_df39db3e.hurl | 24 + ...null_injection_granteeteamid_63fd31b7.hurl | 24 + ...null_injection_granteeuserid_593b0773.hurl | 24 + ...ost_null_injection_serviceid_2571eb1b.hurl | 24 + ...pi1_bola_unauthorized_access_750fd5ab.hurl | 12 + ...p_api2_broken_authentication_a5db835c.hurl | 12 + ..._level_authorization_missing_4c520692.hurl | 13 + ...t_owasp_api6_mass_assignment_e74b3c2c.hurl | 32 + ...pi7_injection_path_traversal_aa0b7128.hurl | 15 + ...st_owasp_api7_injection_sqli_ea6fd919.hurl | 15 + ...ost_owasp_api7_injection_xss_c288f174.hurl | 15 + ...ed_omission_serviceid_absent_eb992221.hurl | 27 + ...resat_invalid_format_date_ti_9509a04a.hurl | 24 + ...n_serviceid_missing_required_4b79a206.hurl | 23 + ...n_branches_wrong_type_string_291b984a.hurl | 22 + ...expiresat_wrong_type_boolean_d73bcfa6.hurl | 24 + ...expiresat_wrong_type_integer_4440c404.hurl | 24 + ...teeteamid_wrong_type_boolean_8920e31f.hurl | 24 + ...teeteamid_wrong_type_integer_50132b05.hurl | 24 + ...teeuserid_wrong_type_boolean_1566fad3.hurl | 24 + ...teeuserid_wrong_type_integer_3f9db72b.hurl | 24 + ...serviceid_wrong_type_boolean_f4852904.hurl | 24 + ...serviceid_wrong_type_integer_e98b7c31.hurl | 24 + ...zing_expiresat_bidi_override_691f2024.hurl | 24 + ...zzing_expiresat_control_char_ed7d403f.hurl | 24 + ...e_fuzzing_expiresat_overlong_e80f6e77.hurl | 24 + ...code_fuzzing_expiresat_zalgo_e8fa18b3.hurl | 24 + ...fuzzing_expiresat_zero_width_c67b22d4.hurl | 24 + ..._granteeteamid_bidi_override_d197e84d.hurl | 24 + ...g_granteeteamid_control_char_d5595214.hurl | 24 + ...zzing_granteeteamid_overlong_4df41e59.hurl | 24 + ..._fuzzing_granteeteamid_zalgo_603eeaa8.hurl | 24 + ...ing_granteeteamid_zero_width_28a0c8b4.hurl | 24 + ..._granteeuserid_bidi_override_57831769.hurl | 24 + ...g_granteeuserid_control_char_bb1058c5.hurl | 24 + ...zzing_granteeuserid_overlong_81f35d0c.hurl | 24 + ..._fuzzing_granteeuserid_zalgo_7682a2d7.hurl | 24 + ...ing_granteeuserid_zero_width_7f787ffd.hurl | 24 + ...zing_serviceid_bidi_override_894450de.hurl | 24 + ...zzing_serviceid_control_char_aea6968a.hurl | 24 + ...e_fuzzing_serviceid_overlong_ae4ea893.hurl | 24 + ...code_fuzzing_serviceid_zalgo_3b372657.hurl | 24 + ...fuzzing_serviceid_zero_width_c9798ccb.hurl | 24 + ...est_with_all_required_fields_62bccfec.hurl | 28 + ...rong_content_type_text_plain_a9ed456f.hurl | 24 + ...n_delete_api_admin_grants_id_fae601d3.hurl | 48 + ...in_delete_api_admin_users_id_1e93f696.hurl | 48 + ...t_api_admin_teams_id_members_7710bdae.hurl | 48 + ..._api_admin_teams_id_services_fd7cb142.hurl | 48 + ...t_api_admin_teams_id_members_136f3cd3.hurl | 55 + ...dmin_services_serviceid_team_cafaccf6.hurl | 54 + ...chain_put_api_admin_users_id_636e3912.hurl | 55 + ...embers_get_idor_id_0_zero_id_8d769a8b.hurl | 16 + ...ers_get_idor_id_99999_alt_id_4af55f13.hurl | 16 + ...et_missing_required_param_id_724cd05d.hurl | 12 + ...pi1_bola_unauthorized_access_be93ffb9.hurl | 12 + ...p_api2_broken_authentication_942888a7.hurl | 12 + ...pi7_injection_path_traversal_c5fcb2bd.hurl | 15 + ...et_owasp_api7_injection_sqli_05eacd8d.hurl | 15 + ...get_owasp_api7_injection_xss_9935c2df.hurl | 15 + ...est_with_all_required_fields_f1d4a7ff.hurl | 16 + ..._cors_security_configuration_02ec7afc.hurl | 16 + ...ent_second_call_must_be_safe_fce8d8db.hurl | 47 + ...mbers_post_idor_id_0_zero_id_07948765.hurl | 16 + ...rs_post_idor_id_99999_alt_id_d1a0e9c6.hurl | 16 + ...valid_role_value_not_in_enum_54b6ea73.hurl | 19 + ...s_assignment_financial_probe_31f44a55.hurl | 23 + ...ss_assignment_identity_probe_09f9b8eb.hurl | 22 + ...s_assignment_privilege_probe_850dd902.hurl | 22 + ...mass_assignment_status_probe_edb444ec.hurl | 23 + ...issing_required_field_userid_4eda623b.hurl | 18 + ...issing_required_field_userid_aea81fb1.hurl | 18 + ...st_missing_required_param_id_e44fc900.hurl | 12 + ...t_mutation_role_empty_string_0cb69d90.hurl | 23 + ...le_integer_instead_of_string_dc8849f5.hurl | 23 + ...ost_mutation_role_null_value_aff2608e.hurl | 23 + ...e_oversized_string_300_chars_977e71fa.hurl | 23 + ...mutation_userid_empty_string_b3beebbb.hurl | 23 + ...id_integer_instead_of_string_d8212bc8.hurl | 23 + ...t_mutation_userid_null_value_8e4fd867.hurl | 23 + ...d_oversized_string_300_chars_5739a85b.hurl | 23 + ...ers_post_null_injection_role_a2c2e196.hurl | 19 + ...s_post_null_injection_userid_1b45482b.hurl | 19 + ...pi1_bola_unauthorized_access_bc997516.hurl | 12 + ...p_api2_broken_authentication_d1200108.hurl | 12 + ...t_owasp_api6_mass_assignment_5a01a3ba.hurl | 27 + ...pi7_injection_path_traversal_60a70815.hurl | 15 + ...st_owasp_api7_injection_sqli_5a3931f1.hurl | 15 + ...ost_owasp_api7_injection_xss_dd4d8c19.hurl | 15 + ...uired_omission_userid_absent_1da7a2c3.hurl | 22 + ..._violation_role_invalid_enum_1d2b8bb8.hurl | 19 + ...tion_userid_missing_required_71efcd62.hurl | 18 + ...cion_role_wrong_type_boolean_2a4f0269.hurl | 19 + ...cion_role_wrong_type_integer_95fd239a.hurl | 19 + ...on_userid_wrong_type_boolean_8aeef740.hurl | 19 + ...on_userid_wrong_type_integer_76bfddd4.hurl | 19 + ...e_fuzzing_role_bidi_override_aa47e2dd.hurl | 19 + ...de_fuzzing_role_control_char_39e9a695.hurl | 19 + ...nicode_fuzzing_role_overlong_7473f431.hurl | 19 + ...t_unicode_fuzzing_role_zalgo_83be4bd5.hurl | 19 + ...code_fuzzing_role_zero_width_241bc1b4.hurl | 19 + ...fuzzing_userid_bidi_override_e839caab.hurl | 19 + ..._fuzzing_userid_control_char_382c05ef.hurl | 19 + ...code_fuzzing_userid_overlong_cbe2af65.hurl | 19 + ...unicode_fuzzing_userid_zalgo_9cd03a11.hurl | 19 + ...de_fuzzing_userid_zero_width_bdeeed04.hurl | 19 + ...est_with_all_required_fields_17f7b78e.hurl | 23 + ...rong_content_type_text_plain_0f904569.hurl | 19 + ...ent_second_call_must_be_safe_e8a5f757.hurl | 33 + ...rid_delete_idor_id_0_zero_id_eb538efa.hurl | 16 + ..._delete_idor_id_99999_alt_id_c4642225.hurl | 16 + ...te_missing_required_param_id_4661322e.hurl | 12 + ...issing_required_param_userid_636a79c8.hurl | 12 + ...pi1_bola_unauthorized_access_042e8f38.hurl | 12 + ...p_api2_broken_authentication_46113a78.hurl | 12 + ...pi7_injection_path_traversal_511147be.hurl | 15 + ...te_owasp_api7_injection_sqli_0cf3a030.hurl | 15 + ...ete_owasp_api7_injection_xss_a4c3899a.hurl | 15 + ...est_with_all_required_fields_8384ae85.hurl | 16 + ..._cors_security_configuration_86b21409.hurl | 16 + ...ent_second_call_must_be_safe_7fb55548.hurl | 45 + ...userid_put_idor_id_0_zero_id_3ecaa43f.hurl | 16 + ...rid_put_idor_id_99999_alt_id_5ee92e8d.hurl | 16 + ...valid_role_value_not_in_enum_1385a015.hurl | 18 + ...s_assignment_financial_probe_e346a0c6.hurl | 22 + ...ss_assignment_identity_probe_c5b345ac.hurl | 22 + ...s_assignment_privilege_probe_830ae193.hurl | 21 + ...mass_assignment_status_probe_08a1d397.hurl | 22 + ..._missing_required_field_role_02cdac38.hurl | 16 + ..._missing_required_field_role_7f67bdd2.hurl | 16 + ...ut_missing_required_param_id_c90499c8.hurl | 12 + ...issing_required_param_userid_a0b457a0.hurl | 12 + ...t_mutation_role_empty_string_9334c130.hurl | 22 + ...le_integer_instead_of_string_c930d5b2.hurl | 22 + ...put_mutation_role_null_value_8380cf38.hurl | 22 + ...e_oversized_string_300_chars_c4c6cb7f.hurl | 22 + ...erid_put_null_injection_role_92d17333.hurl | 18 + ...pi1_bola_unauthorized_access_37084d5c.hurl | 12 + ...p_api2_broken_authentication_19b34217.hurl | 12 + ..._bopla_property_level_access_4c06b345.hurl | 23 + ...t_owasp_api6_mass_assignment_ffe14e02.hurl | 26 + ...pi7_injection_path_traversal_df6e5f44.hurl | 15 + ...ut_owasp_api7_injection_sqli_16482ca3.hurl | 15 + ...put_owasp_api7_injection_xss_d065e277.hurl | 15 + ...equired_omission_role_absent_b8039024.hurl | 20 + ..._violation_role_invalid_enum_128b22a3.hurl | 18 + ...lation_role_missing_required_e51f7c6d.hurl | 16 + ...cion_role_wrong_type_boolean_c33ffd8f.hurl | 18 + ...cion_role_wrong_type_integer_23b49146.hurl | 18 + ...e_fuzzing_role_bidi_override_0b0faf09.hurl | 18 + ...de_fuzzing_role_control_char_a8d734a8.hurl | 18 + ...nicode_fuzzing_role_overlong_1e651ae0.hurl | 18 + ...t_unicode_fuzzing_role_zalgo_f7cf562e.hurl | 18 + ...code_fuzzing_role_zero_width_2815807e.hurl | 18 + ...est_with_all_required_fields_b950209e.hurl | 22 + ...rong_content_type_text_plain_55f30d0f.hurl | 18 + ..._cors_security_configuration_6bbc18bd.hurl | 16 + ...ent_second_call_must_be_safe_1ca0ed36.hurl | 47 + ...ams_id_put_idor_id_0_zero_id_3c4cc44b.hurl | 16 + ..._id_put_idor_id_99999_alt_id_d4dddc4b.hurl | 16 + ...s_assignment_financial_probe_4c631268.hurl | 23 + ...ss_assignment_identity_probe_ed4e87e7.hurl | 23 + ...s_assignment_privilege_probe_1b5cbca5.hurl | 23 + ...mass_assignment_status_probe_c574427d.hurl | 23 + ...ut_missing_required_param_id_09825850.hurl | 12 + ...ion_description_empty_string_eb263846.hurl | 23 + ...on_integer_instead_of_string_f0d62caa.hurl | 23 + ...ation_description_null_value_df8e9c3a.hurl | 23 + ...n_oversized_string_300_chars_68ace4a3.hurl | 23 + ...ion_displayname_empty_string_13a9f6ae.hurl | 23 + ...me_integer_instead_of_string_05b44595.hurl | 23 + ...ation_displayname_null_value_c587ff33.hurl | 23 + ...e_oversized_string_300_chars_7def0ad8.hurl | 23 + ...t_null_injection_description_794499ad.hurl | 19 + ...t_null_injection_displayname_6c433e61.hurl | 19 + ...pi1_bola_unauthorized_access_50ace962.hurl | 12 + ...p_api2_broken_authentication_fea6c4f7.hurl | 12 + ..._bopla_property_level_access_d147b4f6.hurl | 25 + ..._level_authorization_missing_06b71a7c.hurl | 13 + ...t_owasp_api6_mass_assignment_6357ae57.hurl | 27 + ...pi7_injection_path_traversal_894772da.hurl | 15 + ...ut_owasp_api7_injection_sqli_c7f786e4.hurl | 15 + ...put_owasp_api7_injection_xss_d3681129.hurl | 15 + ...scription_wrong_type_boolean_6dd640a7.hurl | 19 + ...scription_wrong_type_integer_3296a87f.hurl | 19 + ...splayname_wrong_type_boolean_ccdc6ae5.hurl | 19 + ...splayname_wrong_type_integer_3ade9411.hurl | 19 + ...ng_description_bidi_override_c42ef106.hurl | 19 + ...ing_description_control_char_d9200d81.hurl | 19 + ...fuzzing_description_overlong_a87f58e7.hurl | 19 + ...de_fuzzing_description_zalgo_e354e0de.hurl | 19 + ...zzing_description_zero_width_1f9507e6.hurl | 19 + ...ng_displayname_bidi_override_7c97c5e9.hurl | 19 + ...ing_displayname_control_char_39195267.hurl | 19 + ...fuzzing_displayname_overlong_cb9e326e.hurl | 19 + ...de_fuzzing_displayname_zalgo_5add01e6.hurl | 19 + ...zzing_displayname_zero_width_a1cdc859.hurl | 19 + ...est_with_all_required_fields_92de58a1.hurl | 29 + ...rong_content_type_text_plain_a77a2981.hurl | 19 + ...rvices_get_idor_id_0_zero_id_405d2163.hurl | 16 + ...ces_get_idor_id_99999_alt_id_09f2f077.hurl | 16 + ...et_missing_required_param_id_bbd8e250.hurl | 12 + ...pi1_bola_unauthorized_access_ce61c6bf.hurl | 12 + ...p_api2_broken_authentication_29194ed9.hurl | 12 + ..._level_authorization_missing_edc7b8fe.hurl | 13 + ...pi7_injection_path_traversal_961479c7.hurl | 15 + ...et_owasp_api7_injection_sqli_2e72efb4.hurl | 15 + ...get_owasp_api7_injection_xss_80ccb269.hurl | 15 + ...est_with_all_required_fields_1b69193c.hurl | 16 + ..._cors_security_configuration_84a2058d.hurl | 16 + ..._cors_security_configuration_ad2f2f8a.hurl | 16 + ..._admin_teams_post_auth_chain_4c68c418.hurl | 52 + ...ndary_name_invalid_below_min_f9b893d9.hurl | 24 + ...ield_boundary_name_valid_min_787507a6.hurl | 24 + ...ent_second_call_must_be_safe_bee426f4.hurl | 49 + ..._string_violates_minlength_1_97aa6ff1.hurl | 20 + ...s_assignment_financial_probe_3c2025cc.hurl | 24 + ...ss_assignment_identity_probe_82f380ef.hurl | 24 + ...s_assignment_privilege_probe_ed2bac60.hurl | 24 + ...mass_assignment_status_probe_9b89bdf9.hurl | 24 + ..._missing_required_field_name_11fe758b.hurl | 19 + ..._missing_required_field_name_80c70bf8.hurl | 19 + ...ion_description_empty_string_569a3993.hurl | 24 + ...on_integer_instead_of_string_4d295fcc.hurl | 24 + ...ation_description_null_value_672e2bba.hurl | 24 + ...n_oversized_string_300_chars_20eb5b64.hurl | 24 + ...ion_displayname_empty_string_34993282.hurl | 24 + ...me_integer_instead_of_string_c361779d.hurl | 24 + ...ation_displayname_null_value_782f4da8.hurl | 24 + ...e_oversized_string_300_chars_b00969d7.hurl | 24 + ...t_mutation_name_empty_string_e4058fd4.hurl | 24 + ...ost_mutation_name_null_value_ec9e6e43.hurl | 24 + ...ax_plus_one_invalid_boundary_5330751c.hurl | 20 + ...t_name_at_max_valid_boundary_b9c84944.hurl | 23 + ...n_minus_one_invalid_boundary_2ccbadc2.hurl | 20 + ...t_name_at_min_valid_boundary_084178e7.hurl | 23 + ...t_null_injection_description_5294fe7b.hurl | 20 + ...t_null_injection_displayname_acaa7cdb.hurl | 20 + ...ams_post_null_injection_name_abe4e3e2.hurl | 20 + ...p_api2_broken_authentication_0f5c6cec.hurl | 12 + ..._level_authorization_missing_2df9f5ad.hurl | 13 + ...t_owasp_api6_mass_assignment_e17876cf.hurl | 28 + ...pi7_injection_path_traversal_a1f1c968.hurl | 18 + ...st_owasp_api7_injection_sqli_3e99ea9b.hurl | 18 + ...ost_owasp_api7_injection_xss_a582e336.hurl | 18 + ...equired_omission_name_absent_7a6a3b1a.hurl | 23 + ...lation_name_missing_required_144ca893.hurl | 19 + ...ema_violation_name_too_short_2d1be97b.hurl | 20 + ...scription_wrong_type_boolean_bf50b6f1.hurl | 20 + ...scription_wrong_type_integer_1aea557e.hurl | 20 + ...splayname_wrong_type_boolean_97c4c8ca.hurl | 20 + ...splayname_wrong_type_integer_759d30e5.hurl | 20 + ...cion_name_wrong_type_boolean_b516cdc6.hurl | 20 + ...cion_name_wrong_type_integer_05c0d231.hurl | 20 + ...ng_description_bidi_override_d96ca637.hurl | 20 + ...ing_description_control_char_8656dd0b.hurl | 20 + ...fuzzing_description_overlong_432c6afa.hurl | 20 + ...de_fuzzing_description_zalgo_760794e2.hurl | 20 + ...zzing_description_zero_width_5161dc9c.hurl | 20 + ...ng_displayname_bidi_override_693c8224.hurl | 20 + ...ing_displayname_control_char_7ead4ab7.hurl | 20 + ...fuzzing_displayname_overlong_3d12d252.hurl | 20 + ...de_fuzzing_displayname_zalgo_6474b9c1.hurl | 20 + ...zzing_displayname_zero_width_8b028ce1.hurl | 20 + ...e_fuzzing_name_bidi_override_19447855.hurl | 20 + ...de_fuzzing_name_control_char_4e8b3875.hurl | 20 + ...nicode_fuzzing_name_overlong_ee78ddc5.hurl | 20 + ...t_unicode_fuzzing_name_zalgo_b42d8584.hurl | 20 + ...code_fuzzing_name_zero_width_76a6b2ca.hurl | 20 + ...est_with_all_required_fields_17f73440.hurl | 30 + ...rong_content_type_text_plain_bd5b4e9e.hurl | 20 + ...n_delete_api_admin_grants_id_70b060a1.hurl | 44 + ...in_delete_api_admin_users_id_f0f67b06.hurl | 44 + ...et_api_admin_teams_id_grants_6aeda09f.hurl | 44 + ...t_api_admin_teams_id_members_0cb6ef87.hurl | 44 + ..._api_admin_teams_id_services_3642a068.hurl | 44 + ...st_api_admin_teams_id_grants_1b66938a.hurl | 56 + ...t_api_admin_teams_id_members_210690e6.hurl | 51 + ...dmin_services_serviceid_team_8cbdf061.hurl | 50 + ...chain_put_api_admin_users_id_2d5ea99d.hurl | 51 + ...i_admin_users_get_auth_chain_e4ef12fa.hurl | 44 + ...p_api2_broken_authentication_aaffe36c.hurl | 12 + ..._level_authorization_missing_3724bb26.hurl | 13 + ...est_with_all_required_fields_e7fb82c9.hurl | 16 + ...ent_second_call_must_be_safe_380dcf78.hurl | 33 + ..._id_delete_idor_id_0_zero_id_f8eac138.hurl | 16 + ..._delete_idor_id_99999_alt_id_f53c958f.hurl | 16 + ...te_missing_required_param_id_abfeb37c.hurl | 12 + ...pi1_bola_unauthorized_access_073a78a5.hurl | 12 + ...p_api2_broken_authentication_5cc69e63.hurl | 12 + ..._level_authorization_missing_4c861285.hurl | 13 + ...pi7_injection_path_traversal_9a54d420.hurl | 15 + ...te_owasp_api7_injection_sqli_35704eb4.hurl | 15 + ...ete_owasp_api7_injection_xss_ae1228c7.hurl | 15 + ...est_with_all_required_fields_fd2d7e20.hurl | 16 + ..._cors_security_configuration_e0b5b44a.hurl | 16 + ...ent_second_call_must_be_safe_383d2878.hurl | 47 + ...ers_id_put_idor_id_0_zero_id_1420839c.hurl | 16 + ..._id_put_idor_id_99999_alt_id_b306fbb7.hurl | 16 + ...rong_type_string_for_boolean_9a696767.hurl | 19 + ...valid_role_value_not_in_enum_be8b477d.hurl | 19 + ..._users_id_put_isactive_false_307b2101.hurl | 22 + ...n_users_id_put_isactive_true_920617a8.hurl | 22 + ...s_assignment_financial_probe_9e2cf67b.hurl | 23 + ...ss_assignment_identity_probe_4fb556e6.hurl | 23 + ...s_assignment_privilege_probe_a6a6cd31.hurl | 22 + ...mass_assignment_status_probe_1054f864.hurl | 23 + ...ut_missing_required_param_id_fe77f880.hurl | 12 + ...e_integer_instead_of_boolean_56c3f6cc.hurl | 23 + ...mutation_isactive_null_value_48706298.hurl | 23 + ...ve_string_instead_of_boolean_c83a8b69.hurl | 23 + ...t_mutation_role_empty_string_f4802a98.hurl | 23 + ...le_integer_instead_of_string_1d2d0cbd.hurl | 23 + ...put_mutation_role_null_value_091acd05.hurl | 23 + ...e_oversized_string_300_chars_786de8b3.hurl | 23 + ..._put_null_injection_isactive_c8deaf48.hurl | 19 + ...s_id_put_null_injection_role_e890383a.hurl | 19 + ...pi1_bola_unauthorized_access_91b47863.hurl | 12 + ...p_api2_broken_authentication_3552a6c6.hurl | 12 + ..._bopla_property_level_access_4ae5244a.hurl | 24 + ..._level_authorization_missing_8f0d7884.hurl | 13 + ...t_owasp_api6_mass_assignment_38dd166b.hurl | 27 + ...pi7_injection_path_traversal_e9f5a9c9.hurl | 15 + ...ut_owasp_api7_injection_sqli_c653b26d.hurl | 15 + ...put_owasp_api7_injection_xss_51b9a625.hurl | 15 + ...dmin_users_id_put_role_guest_d671319d.hurl | 22 + ...sers_id_put_role_super_admin_72c28c85.hurl | 22 + ...sers_id_put_role_team_member_c19312b9.hurl | 22 + ...users_id_put_role_team_owner_c8807eae.hurl | 22 + ...iolation_isactive_wrong_type_891572b6.hurl | 19 + ..._violation_role_invalid_enum_3765a2be.hurl | 19 + ..._isactive_wrong_type_integer_308337db.hurl | 19 + ...n_isactive_wrong_type_string_4a329fab.hurl | 19 + ...cion_role_wrong_type_boolean_c4d77768.hurl | 19 + ...cion_role_wrong_type_integer_60c61680.hurl | 19 + ...e_fuzzing_role_bidi_override_a2217373.hurl | 19 + ...de_fuzzing_role_control_char_be44c91e.hurl | 19 + ...nicode_fuzzing_role_overlong_4c95b987.hurl | 19 + ...t_unicode_fuzzing_role_zalgo_d015a170.hurl | 19 + ...code_fuzzing_role_zero_width_b1e60615.hurl | 19 + ...est_with_all_required_fields_d7979f2a.hurl | 23 + ...rong_content_type_text_plain_69ba511c.hurl | 19 + ..._cors_security_configuration_d0d06277.hurl | 16 + ...dmin_webhooks_get_auth_chain_c741d9e1.hurl | 44 + ...p_api2_broken_authentication_ec46e5a8.hurl | 12 + ..._level_authorization_missing_a2ef426c.hurl | 13 + ...est_with_all_required_fields_c3e5fa48.hurl | 16 + ...ent_second_call_must_be_safe_854a404a.hurl | 33 + ...000_0000_000000000000_nil_uu_2c9e3616.hurl | 16 + ...000_0000_000000000001_alt_uu_101b67d9.hurl | 16 + ...te_missing_required_param_id_25ba00ae.hurl | 12 + ...p_api2_broken_authentication_23cf0c86.hurl | 12 + ..._level_authorization_missing_01a13cd8.hurl | 13 + ...pi7_injection_path_traversal_bdc77229.hurl | 15 + ...te_owasp_api7_injection_sqli_7e499729.hurl | 15 + ...ete_owasp_api7_injection_xss_06da467b.hurl | 15 + ...est_with_all_required_fields_f50edea5.hurl | 15 + ..._cors_security_configuration_c34b22b5.hurl | 16 + ...00_0000_000000000000_nil_uui_93edf6a3.hurl | 16 + ...00_0000_000000000001_alt_uui_e5555fc8.hurl | 16 + ...rong_type_string_for_boolean_fbeea8b1.hurl | 23 + ...s_assignment_financial_probe_ed85e04f.hurl | 27 + ...ss_assignment_identity_probe_1274d148.hurl | 27 + ...s_assignment_privilege_probe_d0ddffec.hurl | 27 + ...mass_assignment_status_probe_16deab72.hurl | 27 + ...ch_missing_required_param_id_8a80112e.hurl | 12 + ...h_mutation_events_null_value_2d09c873.hurl | 25 + ...ents_object_instead_of_array_309789e7.hurl | 25 + ...ents_string_instead_of_array_9439ce9e.hurl | 25 + ...e_integer_instead_of_boolean_161755de.hurl | 27 + ...mutation_isactive_null_value_c42eb537.hurl | 27 + ...ve_string_instead_of_boolean_be6cb74f.hurl | 27 + ...h_mutation_name_empty_string_48b3b8ee.hurl | 27 + ...me_integer_instead_of_string_ec8ffbaa.hurl | 27 + ...tch_mutation_name_null_value_07005fc1.hurl | 27 + ...e_oversized_string_300_chars_bc9e284b.hurl | 27 + ..._patch_null_injection_events_e5f0413f.hurl | 21 + ...atch_null_injection_isactive_f681cd0b.hurl | 23 + ...id_patch_null_injection_name_abff0001.hurl | 23 + ..._id_patch_null_injection_url_6597f138.hurl | 23 + ...ks_id_patch_owasp_api10_ssrf_432c0bdd.hurl | 18 + ...p_api2_broken_authentication_3a1afdb6.hurl | 12 + ..._bopla_property_level_access_d7a97bb7.hurl | 29 + ..._level_authorization_missing_6c16dac4.hurl | 13 + ...pi7_injection_path_traversal_b84f711a.hurl | 15 + ...ch_owasp_api7_injection_sqli_e249a62c.hurl | 15 + ...tch_owasp_api7_injection_xss_e86a894c.hurl | 15 + ...iolation_isactive_wrong_type_a0047765.hurl | 23 + ...ion_events_wrong_type_string_ce35cd41.hurl | 21 + ..._isactive_wrong_type_integer_4c590e85.hurl | 23 + ...n_isactive_wrong_type_string_db8dd398.hurl | 23 + ...cion_name_wrong_type_boolean_e2d843b1.hurl | 23 + ...cion_name_wrong_type_integer_849247d2.hurl | 23 + ...rcion_url_wrong_type_boolean_d9bfd2d8.hurl | 23 + ...rcion_url_wrong_type_integer_5b388493.hurl | 23 + ...e_fuzzing_name_bidi_override_61073126.hurl | 23 + ...de_fuzzing_name_control_char_9fed73af.hurl | 23 + ...nicode_fuzzing_name_overlong_ff322daa.hurl | 23 + ...h_unicode_fuzzing_name_zalgo_a31d1299.hurl | 23 + ...code_fuzzing_name_zero_width_6bdb26ba.hurl | 23 + ...de_fuzzing_url_bidi_override_36430217.hurl | 23 + ...ode_fuzzing_url_control_char_ed68863e.hurl | 23 + ...unicode_fuzzing_url_overlong_d7318097.hurl | 23 + ...ch_unicode_fuzzing_url_zalgo_0a72a45e.hurl | 23 + ...icode_fuzzing_url_zero_width_61e8a563.hurl | 23 + ...est_with_all_required_fields_415f32a9.hurl | 35 + ...rong_content_type_text_plain_94225ad6.hurl | 23 + ..._cors_security_configuration_19ddcfe4.hurl | 16 + ...ent_second_call_must_be_safe_ff996bd3.hurl | 33 + ...0_0000_0000_000000000000_nil_33f46434.hurl | 16 + ...0_0000_0000_000000000001_alt_eb0b8c82.hurl | 16 + ...st_missing_required_param_id_8f3b353e.hurl | 12 + ...p_api2_broken_authentication_7054030e.hurl | 12 + ..._level_authorization_missing_908d0d93.hurl | 13 + ...pi7_injection_path_traversal_6c16c87b.hurl | 15 + ...st_owasp_api7_injection_sqli_7a0227b0.hurl | 15 + ...ost_owasp_api7_injection_xss_e8743ba7.hurl | 15 + ...est_with_all_required_fields_ae0a2dc3.hurl | 16 + ..._cors_security_configuration_3f16f7ab.hurl | 16 + ...min_webhooks_post_auth_chain_f4c0b7fc.hurl | 56 + ...ndary_name_invalid_below_min_7b9e5b4d.hurl | 28 + ...ield_boundary_name_valid_min_85b28596.hurl | 28 + ...ent_second_call_must_be_safe_06e188f6.hurl | 57 + ...ty_array_violates_minitems_1_41ef09da.hurl | 22 + ..._string_violates_minlength_1_86292ddb.hurl | 24 + ...s_assignment_financial_probe_241955ee.hurl | 28 + ...ss_assignment_identity_probe_30b18c5f.hurl | 28 + ...s_assignment_privilege_probe_f5c743f7.hurl | 28 + ...mass_assignment_status_probe_33b56375.hurl | 28 + ...issing_required_field_events_d6a5b0c7.hurl | 21 + ...issing_required_field_events_dfcc1c56.hurl | 21 + ..._missing_required_field_name_45423b82.hurl | 23 + ..._missing_required_field_name_6c83435b.hurl | 23 + ...t_missing_required_field_url_6ed0d9f4.hurl | 23 + ...t_missing_required_field_url_f322285b.hurl | 23 + ...t_mutation_events_null_value_2c34fbf1.hurl | 26 + ...ents_object_instead_of_array_4a653004.hurl | 26 + ...ents_string_instead_of_array_19783d1d.hurl | 26 + ...t_mutation_name_empty_string_f615d2a9.hurl | 28 + ...me_integer_instead_of_string_cf6c122c.hurl | 28 + ...ost_mutation_name_null_value_b75000cd.hurl | 28 + ...e_oversized_string_300_chars_5be879ce.hurl | 28 + ...on_providertype_empty_string_9b991c26.hurl | 28 + ...pe_integer_instead_of_string_83e13d1b.hurl | 28 + ...tion_providertype_null_value_595d67fc.hurl | 28 + ...ax_plus_one_invalid_boundary_94214268.hurl | 24 + ...t_name_at_max_valid_boundary_d8fb6781.hurl | 27 + ...n_minus_one_invalid_boundary_5b4327aa.hurl | 24 + ...t_name_at_min_valid_boundary_72f21135.hurl | 27 + ...s_post_null_injection_events_35254559.hurl | 22 + ...oks_post_null_injection_name_169dbf8c.hurl | 24 + ..._null_injection_providertype_d40094c4.hurl | 24 + ...s_post_null_injection_teamid_4f42ea82.hurl | 24 + ...ooks_post_null_injection_url_52359f32.hurl | 24 + ...bhooks_post_owasp_api10_ssrf_fa3b21f3.hurl | 18 + ...p_api2_broken_authentication_f690ca7e.hurl | 12 + ..._level_authorization_missing_d8d5bdac.hurl | 13 + ...t_owasp_api6_mass_assignment_1b59ba48.hurl | 32 + ...pi7_injection_path_traversal_a39cab42.hurl | 18 + ...st_owasp_api7_injection_sqli_03accab7.hurl | 18 + ...ost_owasp_api7_injection_xss_a1a1e257.hurl | 18 + ...uired_omission_events_absent_09946d4c.hurl | 25 + ...equired_omission_name_absent_d0373487.hurl | 27 + ...required_omission_url_absent_6d3bc221.hurl | 27 + ...tion_events_missing_required_e4df148d.hurl | 21 + ...olation_events_too_few_items_a0bdf58b.hurl | 22 + ...lation_name_missing_required_7b8cab12.hurl | 23 + ...ema_violation_name_too_short_b49ea6fa.hurl | 24 + ...olation_url_missing_required_4d32f3c3.hurl | 23 + ...ion_events_wrong_type_string_07b6f191.hurl | 22 + ...cion_name_wrong_type_boolean_49b71fc3.hurl | 24 + ...cion_name_wrong_type_integer_39c60504.hurl | 24 + ...vidertype_wrong_type_boolean_2f2c0975.hurl | 24 + ...vidertype_wrong_type_integer_e227c019.hurl | 24 + ...on_teamid_wrong_type_boolean_b27447cc.hurl | 24 + ...on_teamid_wrong_type_integer_5db01d88.hurl | 24 + ...rcion_url_wrong_type_boolean_2d482d43.hurl | 24 + ...rcion_url_wrong_type_integer_ea2aab8e.hurl | 24 + ...e_fuzzing_name_bidi_override_07e9eae2.hurl | 24 + ...de_fuzzing_name_control_char_5943393b.hurl | 24 + ...nicode_fuzzing_name_overlong_bee28f66.hurl | 24 + ...t_unicode_fuzzing_name_zalgo_a7f8f480.hurl | 24 + ...code_fuzzing_name_zero_width_2a6bf0cb.hurl | 24 + ...g_providertype_bidi_override_8724a676.hurl | 24 + ...ng_providertype_control_char_dc945e0e.hurl | 24 + ...uzzing_providertype_overlong_2cc3a01a.hurl | 24 + ...e_fuzzing_providertype_zalgo_07152569.hurl | 24 + ...zing_providertype_zero_width_e32282d7.hurl | 24 + ...fuzzing_teamid_bidi_override_0c229c2d.hurl | 24 + ..._fuzzing_teamid_control_char_f031554f.hurl | 24 + ...code_fuzzing_teamid_overlong_7de8af57.hurl | 24 + ...unicode_fuzzing_teamid_zalgo_bba333a6.hurl | 24 + ...de_fuzzing_teamid_zero_width_3128deb0.hurl | 24 + ...de_fuzzing_url_bidi_override_caf839d6.hurl | 24 + ...ode_fuzzing_url_control_char_c4479bd1.hurl | 24 + ...unicode_fuzzing_url_overlong_132333e4.hurl | 24 + ...st_unicode_fuzzing_url_zalgo_6343c227.hurl | 24 + ...icode_fuzzing_url_zero_width_d101973c.hurl | 24 + ...est_with_all_required_fields_42a4fab4.hurl | 36 + ...rong_content_type_text_plain_7a40055b.hurl | 24 + ...n_delete_api_admin_grants_id_8ef3fbbb.hurl | 48 + ...in_delete_api_admin_users_id_763b85b6.hurl | 48 + ...et_api_admin_teams_id_grants_83289d9f.hurl | 48 + ...t_api_admin_teams_id_members_969a9fae.hurl | 48 + ..._api_admin_teams_id_services_ce956549.hurl | 48 + ...st_api_admin_teams_id_grants_02ba968a.hurl | 60 + ...t_api_admin_teams_id_members_393f686a.hurl | 55 + ...dmin_services_serviceid_team_256209eb.hurl | 54 + ...chain_put_api_admin_users_id_88a6983e.hurl | 55 + .../api_catalog_get_auth_chain_bde6cda3.hurl | 44 + ...p_api2_broken_authentication_e1fa3406.hurl | 12 + ...est_with_all_required_fields_c9b53fc1.hurl | 16 + ..._cors_security_configuration_e3ff3623.hurl | 16 + ...ent_second_call_must_be_safe_84233d9e.hurl | 33 + ..._0000_0000_0000_000000000000_c4621de0.hurl | 16 + ..._0000_0000_0000_000000000001_e72a9984.hurl | 16 + ...ing_required_param_serviceid_3209e4f6.hurl | 12 + ...p_api2_broken_authentication_be467598.hurl | 12 + ..._level_authorization_missing_c88f572b.hurl | 13 + ...pi7_injection_path_traversal_c37e4439.hurl | 15 + ...te_owasp_api7_injection_sqli_d27beca6.hurl | 15 + ...ete_owasp_api7_injection_xss_bfdae539.hurl | 15 + ...est_with_all_required_fields_b2745533.hurl | 16 + ..._cors_security_configuration_dc211e18.hurl | 16 + cases/api_diff_get_auth_chain_6af54553.hurl | 44 + ..._missing_required_param_from_436315da.hurl | 12 + ...et_missing_required_param_to_592a212d.hurl | 12 + ...p_api2_broken_authentication_f6e6d81e.hurl | 12 + ...pi7_injection_path_traversal_d2e88748.hurl | 15 + ...et_owasp_api7_injection_sqli_2add12cf.hurl | 15 + ...get_owasp_api7_injection_xss_1fb05370.hurl | 15 + ...est_with_all_required_fields_f98b2b82.hurl | 18 + ..._cors_security_configuration_95a63795.hurl | 16 + cases/api_me_get_auth_chain_646f48bb.hurl | 44 + ...p_api2_broken_authentication_16f4aef5.hurl | 12 + ...est_with_all_required_fields_cb06322f.hurl | 19 + ..._cors_security_configuration_8d947b43.hurl | 16 + cases/api_search_get_auth_chain_e66b7d53.hurl | 44 + ...get_missing_required_param_q_128363b8.hurl | 12 + ...p_api2_broken_authentication_6e192176.hurl | 12 + ...pi7_injection_path_traversal_30f18b95.hurl | 15 + ...et_owasp_api7_injection_sqli_b0d05c32.hurl | 15 + ...get_owasp_api7_injection_xss_b1a5ce9b.hurl | 15 + ...est_with_all_required_fields_65fdbcb4.hurl | 16 + ..._cors_security_configuration_e799f553.hurl | 16 + ...issing_required_param_branch_dd4faa6a.hurl | 12 + ...ssing_required_param_service_14b52fbb.hurl | 12 + ...p_api2_broken_authentication_5b840153.hurl | 12 + ...pi7_injection_path_traversal_217a31ae.hurl | 15 + ...et_owasp_api7_injection_sqli_3e62652b.hurl | 15 + ...get_owasp_api7_injection_xss_69cf35a6.hurl | 15 + ...est_with_all_required_fields_e159fefe.hurl | 15 + ...api8_cors_security_configura_ecd6daec.hurl | 16 + ...issing_required_param_branch_e71dd727.hurl | 12 + ...ssing_required_param_service_95c1cee7.hurl | 12 + ...p_api2_broken_authentication_9b5eb037.hurl | 12 + ...pi7_injection_path_traversal_106c80c0.hurl | 15 + ...et_owasp_api7_injection_sqli_ffc707f5.hurl | 15 + ...get_owasp_api7_injection_xss_cf42e9f4.hurl | 15 + ...est_with_all_required_fields_f8bdece6.hurl | 16 + ..._cors_security_configuration_d622eda3.hurl | 16 + cases/api_tokens_get_auth_chain_9d529cfb.hurl | 44 + ...p_api2_broken_authentication_dcecca87.hurl | 12 + ...est_with_all_required_fields_abcd14ab.hurl | 16 + ...ent_second_call_must_be_safe_ea338ec1.hurl | 33 + ..._id_delete_idor_id_0_zero_id_d0e0481e.hurl | 16 + ..._delete_idor_id_99999_alt_id_502920f7.hurl | 16 + ...te_missing_required_param_id_c2abfd5e.hurl | 12 + ...pi1_bola_unauthorized_access_2d207a0d.hurl | 12 + ...p_api2_broken_authentication_599ddef6.hurl | 12 + ..._level_authorization_missing_fbedb9f1.hurl | 13 + ...pi7_injection_path_traversal_85b86fe3.hurl | 15 + ...te_owasp_api7_injection_sqli_e54ea4ce.hurl | 15 + ...ete_owasp_api7_injection_xss_ebab5e69.hurl | 15 + ...est_with_all_required_fields_138640de.hurl | 16 + ..._cors_security_configuration_ba604e45.hurl | 16 + ..._cors_security_configuration_b009aaa0.hurl | 16 + ...ndary_name_invalid_below_min_107263c8.hurl | 23 + ...ield_boundary_name_valid_min_041bf0da.hurl | 23 + ...ent_second_call_must_be_safe_85621889.hurl | 47 + ..._string_violates_minlength_1_b579ade9.hurl | 19 + ...alid_scope_value_not_in_enum_a9cdb025.hurl | 19 + ...s_assignment_financial_probe_b896a4fe.hurl | 23 + ...ss_assignment_identity_probe_b46880dc.hurl | 23 + ...s_assignment_privilege_probe_2411ba2b.hurl | 23 + ...mass_assignment_status_probe_248852e9.hurl | 23 + ..._missing_required_field_name_5566a91f.hurl | 18 + ..._missing_required_field_name_75703d6a.hurl | 18 + ...missing_required_field_scope_6284c90d.hurl | 18 + ...missing_required_field_scope_aa18d499.hurl | 18 + ...t_mutation_name_empty_string_188465c8.hurl | 23 + ...me_integer_instead_of_string_30aabbdc.hurl | 23 + ...ost_mutation_name_null_value_816809db.hurl | 23 + ...e_oversized_string_300_chars_8c9976d8.hurl | 23 + ..._mutation_scope_empty_string_c8cd2aed.hurl | 23 + ...pe_integer_instead_of_string_745ea604.hurl | 23 + ...st_mutation_scope_null_value_75bc6e95.hurl | 23 + ...e_oversized_string_300_chars_4d189659.hurl | 23 + ...ax_plus_one_invalid_boundary_7b3217ba.hurl | 19 + ...t_name_at_max_valid_boundary_a0247f03.hurl | 22 + ...n_minus_one_invalid_boundary_d08f5a90.hurl | 19 + ...t_name_at_min_valid_boundary_1c063dd5.hurl | 22 + ...ens_post_null_injection_name_97bd0c77.hurl | 19 + ...ns_post_null_injection_scope_0b4d216c.hurl | 19 + ...p_api2_broken_authentication_9e6576d2.hurl | 12 + ...t_owasp_api6_mass_assignment_d9979992.hurl | 27 + ...pi7_injection_path_traversal_26975d5c.hurl | 18 + ...st_owasp_api7_injection_sqli_1df31a27.hurl | 18 + ...ost_owasp_api7_injection_xss_8157a3a5.hurl | 18 + ...equired_omission_name_absent_b998dc1a.hurl | 22 + ...quired_omission_scope_absent_fcb3e065.hurl | 22 + ...lation_name_missing_required_c2cef5a1.hurl | 18 + ...ema_violation_name_too_short_bf65e63e.hurl | 19 + ...violation_scope_invalid_enum_a6a38420.hurl | 19 + ...ation_scope_missing_required_ad285328.hurl | 18 + ...cion_name_wrong_type_boolean_bd1e61be.hurl | 19 + ...cion_name_wrong_type_integer_9bc60d9a.hurl | 19 + ...ion_scope_wrong_type_boolean_28d94662.hurl | 19 + ...ion_scope_wrong_type_integer_9bf5d669.hurl | 19 + ...e_fuzzing_name_bidi_override_33a5a9d7.hurl | 19 + ...de_fuzzing_name_control_char_fc869137.hurl | 19 + ...nicode_fuzzing_name_overlong_4faf49f0.hurl | 19 + ...t_unicode_fuzzing_name_zalgo_431d2bbf.hurl | 19 + ...code_fuzzing_name_zero_width_6f9f1e83.hurl | 19 + ..._fuzzing_scope_bidi_override_8643ca22.hurl | 19 + ...e_fuzzing_scope_control_char_0d728fca.hurl | 19 + ...icode_fuzzing_scope_overlong_8adfe998.hurl | 19 + ..._unicode_fuzzing_scope_zalgo_734aea93.hurl | 19 + ...ode_fuzzing_scope_zero_width_6b8f84d1.hurl | 19 + ...est_with_all_required_fields_6a65bf78.hurl | 28 + ...rong_content_type_text_plain_b0b71990.hurl | 19 + ...n_delete_api_admin_grants_id_e1324ddf.hurl | 43 + ...in_delete_api_admin_users_id_60268ad8.hurl | 43 + ...et_api_admin_teams_id_grants_f107e18d.hurl | 43 + ...t_api_admin_teams_id_members_90e7f90e.hurl | 43 + ..._api_admin_teams_id_services_bda7e5b2.hurl | 43 + ...st_api_admin_teams_id_grants_ba99a719.hurl | 55 + ...t_api_admin_teams_id_members_714b8b84.hurl | 50 + ...dmin_services_serviceid_team_110b6d72.hurl | 49 + ...chain_put_api_admin_users_id_3028e37b.hurl | 50 + ..._cors_security_configuration_65631595.hurl | 16 + .../api_upload_post_auth_chain_c60cf805.hurl | 53 + ...ax_plus_one_invalid_boundary_62157365.hurl | 21 + ...branch_at_max_valid_boundary_97d88ce9.hurl | 24 + ...n_minus_one_invalid_boundary_fa914b29.hurl | 21 + ...branch_at_min_valid_boundary_4ca9c46c.hurl | 24 + ...ary_branch_invalid_below_min_e5764a68.hurl | 25 + ...ld_boundary_branch_valid_min_b8ed4386.hurl | 25 + ...ry_service_invalid_below_min_a957f4b8.hurl | 25 + ...d_boundary_service_valid_min_db5c5368.hurl | 25 + ...peccontent_invalid_below_min_ac1b6e26.hurl | 25 + ...undary_speccontent_valid_min_82713518.hurl | 25 + ...ent_second_call_must_be_safe_dd638159.hurl | 51 + ..._string_violates_minlength_1_5eb7446c.hurl | 21 + ..._string_violates_minlength_1_8389dd21.hurl | 21 + ..._string_violates_minlength_1_86ff6bd8.hurl | 21 + ...s_assignment_financial_probe_9794cdb0.hurl | 25 + ...ss_assignment_identity_probe_398f4294.hurl | 25 + ...s_assignment_privilege_probe_eb8249c9.hurl | 25 + ...mass_assignment_status_probe_0310fa1a.hurl | 25 + ...issing_required_field_branch_33947120.hurl | 20 + ...issing_required_field_branch_d756c10c.hurl | 20 + ...ssing_required_field_service_89850cfa.hurl | 20 + ...ssing_required_field_service_8f85caae.hurl | 20 + ...g_required_field_speccontent_1de0eefc.hurl | 20 + ...g_required_field_speccontent_fccdadb2.hurl | 20 + ...mutation_branch_empty_string_cac690c1.hurl | 25 + ...ch_integer_instead_of_string_416a96c1.hurl | 25 + ...t_mutation_branch_null_value_9f510ed7.hurl | 25 + ...h_oversized_string_300_chars_75d60dab.hurl | 25 + ...ation_commitsha_empty_string_f30e852c.hurl | 25 + ...ha_integer_instead_of_string_b1212f34.hurl | 25 + ...utation_commitsha_null_value_0c1c92bd.hurl | 25 + ...a_oversized_string_300_chars_fdaf954a.hurl | 25 + ...utation_service_empty_string_6f0a4261.hurl | 25 + ..._mutation_service_null_value_7805eead.hurl | 25 + ...d_post_null_injection_branch_5151a7d3.hurl | 21 + ...ost_null_injection_commitsha_e9eaa8fd.hurl | 21 + ..._post_null_injection_service_b8cf0920.hurl | 21 + ...t_null_injection_speccontent_fef2ed50.hurl | 21 + ...p_api2_broken_authentication_4c9fd28e.hurl | 12 + ...t_owasp_api6_mass_assignment_bcf8922c.hurl | 29 + ...pi7_injection_path_traversal_553f4f51.hurl | 18 + ...st_owasp_api7_injection_sqli_b528a6e6.hurl | 18 + ...ost_owasp_api7_injection_xss_81a2a747.hurl | 18 + ...uired_omission_branch_absent_893f33e4.hurl | 24 + ...ired_omission_service_absent_f4726c9d.hurl | 24 + ..._omission_speccontent_absent_196e600f.hurl | 24 + ...tion_branch_missing_required_381d4381.hurl | 20 + ...a_violation_branch_too_short_76d8b912.hurl | 21 + ...ion_service_missing_required_72938c30.hurl | 20 + ..._violation_service_too_short_40be94ec.hurl | 21 + ...speccontent_missing_required_555257e2.hurl | 20 + ...lation_speccontent_too_short_af512611.hurl | 21 + ...ax_plus_one_invalid_boundary_ad5debd5.hurl | 21 + ...ervice_at_max_valid_boundary_3cd9de74.hurl | 24 + ...n_minus_one_invalid_boundary_c9639729.hurl | 21 + ...ervice_at_min_valid_boundary_fa5f2879.hurl | 24 + ...ax_plus_one_invalid_boundary_dbbfdc22.hurl | 21 + ...ontent_at_max_valid_boundary_201ba23b.hurl | 24 + ...n_minus_one_invalid_boundary_b6f8003e.hurl | 21 + ...ontent_at_min_valid_boundary_edc8ded2.hurl | 24 + ...on_branch_wrong_type_boolean_e00401a8.hurl | 21 + ...on_branch_wrong_type_integer_6a08feec.hurl | 21 + ...commitsha_wrong_type_boolean_16cf9e5b.hurl | 21 + ...commitsha_wrong_type_integer_b806224f.hurl | 21 + ...n_service_wrong_type_boolean_240bdc53.hurl | 21 + ...n_service_wrong_type_integer_07462c7f.hurl | 21 + ...eccontent_wrong_type_boolean_4a28e8ae.hurl | 21 + ...eccontent_wrong_type_integer_bbde20a6.hurl | 21 + ...fuzzing_branch_bidi_override_09b46ba6.hurl | 21 + ..._fuzzing_branch_control_char_eb8a46bc.hurl | 21 + ...code_fuzzing_branch_overlong_8ecf3f52.hurl | 21 + ...unicode_fuzzing_branch_zalgo_3c16d4b3.hurl | 21 + ...de_fuzzing_branch_zero_width_d4d96d5e.hurl | 21 + ...zing_commitsha_bidi_override_471fcaef.hurl | 21 + ...zzing_commitsha_control_char_1e3b28af.hurl | 21 + ...e_fuzzing_commitsha_overlong_d3d69da1.hurl | 21 + ...code_fuzzing_commitsha_zalgo_f298d13c.hurl | 21 + ...fuzzing_commitsha_zero_width_e4c96b76.hurl | 21 + ...uzzing_service_bidi_override_71d03103.hurl | 21 + ...fuzzing_service_control_char_76fd376c.hurl | 21 + ...ode_fuzzing_service_overlong_4e0cc0d2.hurl | 21 + ...nicode_fuzzing_service_zalgo_7d8cc30e.hurl | 21 + ...e_fuzzing_service_zero_width_f8f99bf7.hurl | 21 + ...ng_speccontent_bidi_override_131ad5f4.hurl | 21 + ...ing_speccontent_control_char_7ff8ca85.hurl | 21 + ...fuzzing_speccontent_overlong_40f1423f.hurl | 21 + ...de_fuzzing_speccontent_zalgo_6b2db722.hurl | 21 + ...zzing_speccontent_zero_width_7ac120c3.hurl | 21 + ...est_with_all_required_fields_e3da0de9.hurl | 30 + ...rong_content_type_text_plain_863dd501.hurl | 21 + ..._service_branch_openapi_json_8c25506c.hurl | 45 + ...dmin_services_serviceid_team_f88dc931.hurl | 51 + ..._cors_security_configuration_09111fdc.hurl | 16 + ...ent_second_call_must_be_safe_dc706f80.hurl | 47 + ...d_email_invalid_email_format_2286db52.hurl | 19 + ...s_assignment_financial_probe_5bcafac5.hurl | 23 + ...ss_assignment_identity_probe_4c0c3203.hurl | 23 + ...s_assignment_privilege_probe_f4f54666.hurl | 23 + ...mass_assignment_status_probe_f197447f.hurl | 23 + ...missing_required_field_email_4cc99b0c.hurl | 18 + ...missing_required_field_email_9b253ab6.hurl | 18 + ...sing_required_field_password_70187e79.hurl | 18 + ...sing_required_field_password_a6bbbeb7.hurl | 18 + ..._mutation_email_empty_string_81062c2f.hurl | 23 + ...il_integer_instead_of_string_d7ccf79e.hurl | 23 + ...n_email_invalid_email_format_6926df81.hurl | 23 + ...st_mutation_email_null_value_b5693707.hurl | 23 + ...l_oversized_string_300_chars_7f53df98.hurl | 23 + ...tation_password_empty_string_a0ca01b6.hurl | 23 + ...rd_integer_instead_of_string_f16c5d8d.hurl | 23 + ...mutation_password_null_value_b531d0ea.hurl | 23 + ...d_oversized_string_300_chars_acbb9354.hurl | 23 + ...in_post_null_injection_email_a1de0446.hurl | 19 + ...post_null_injection_password_191c3a5b.hurl | 19 + ...t_owasp_api6_mass_assignment_09c747ae.hurl | 27 + ...pi7_injection_path_traversal_c3fc26dc.hurl | 18 + ...st_owasp_api7_injection_sqli_504b6c9e.hurl | 18 + ...ost_owasp_api7_injection_xss_d41b3855.hurl | 18 + ...quired_omission_email_absent_3eaacfef.hurl | 22 + ...red_omission_password_absent_0a64a19d.hurl | 22 + ...n_email_invalid_format_email_891b32a4.hurl | 19 + ...ation_email_missing_required_46bb3d69.hurl | 18 + ...on_password_missing_required_5bddd51c.hurl | 18 + ...ion_email_wrong_type_boolean_91a4d98b.hurl | 19 + ...ion_email_wrong_type_integer_2e0174b6.hurl | 19 + ..._password_wrong_type_boolean_5c25d6d2.hurl | 19 + ..._password_wrong_type_integer_28167496.hurl | 19 + ..._fuzzing_email_bidi_override_08bd8265.hurl | 19 + ...e_fuzzing_email_control_char_ce646cde.hurl | 19 + ...icode_fuzzing_email_overlong_1951562a.hurl | 19 + ..._unicode_fuzzing_email_zalgo_1091cce6.hurl | 19 + ...ode_fuzzing_email_zero_width_e4c515d2.hurl | 19 + ...zzing_password_bidi_override_dc3d45d4.hurl | 19 + ...uzzing_password_control_char_3fbdbf7e.hurl | 19 + ...de_fuzzing_password_overlong_b2225a4c.hurl | 19 + ...icode_fuzzing_password_zalgo_7329e86c.hurl | 19 + ..._fuzzing_password_zero_width_4e879dad.hurl | 19 + ...est_with_all_required_fields_486e8c2a.hurl | 25 + ...rong_content_type_text_plain_ea0be7b9.hurl | 19 + ...n_delete_api_admin_grants_id_2db91768.hurl | 43 + ...in_delete_api_admin_users_id_8192e6ba.hurl | 43 + ...et_api_admin_teams_id_grants_4f853ed4.hurl | 43 + ...t_api_admin_teams_id_members_315cb6bf.hurl | 43 + ..._api_admin_teams_id_services_ccf62dd8.hurl | 43 + ...st_api_admin_teams_id_grants_ba58927e.hurl | 55 + ...t_api_admin_teams_id_members_b9578186.hurl | 50 + ...chain_put_api_admin_users_id_4e754ff4.hurl | 50 + ..._cors_security_configuration_86522697.hurl | 16 + ...ent_second_call_must_be_safe_cf0be90a.hurl | 33 + ...est_with_all_required_fields_a517ccf9.hurl | 16 + ..._cors_security_configuration_2f9039a1.hurl | 16 + ...uth_register_post_auth_chain_46922b8d.hurl | 51 + ...y_password_invalid_below_min_29d13f96.hurl | 23 + ..._boundary_password_valid_min_31e0ac94.hurl | 23 + ...ent_second_call_must_be_safe_d4349959.hurl | 47 + ...d_email_invalid_email_format_8449b518.hurl | 19 + ..._string_violates_minlength_8_cf64a6d3.hurl | 19 + ...s_assignment_financial_probe_9b577a9f.hurl | 23 + ...ss_assignment_identity_probe_be5d4ca2.hurl | 23 + ...s_assignment_privilege_probe_065d2087.hurl | 23 + ...mass_assignment_status_probe_cabe7291.hurl | 23 + ...missing_required_field_email_445d8b1f.hurl | 18 + ...missing_required_field_email_cae39bb3.hurl | 18 + ...sing_required_field_password_31707ae5.hurl | 18 + ...sing_required_field_password_72f7ecb7.hurl | 18 + ..._mutation_email_empty_string_b9e7832e.hurl | 23 + ...il_integer_instead_of_string_00b95383.hurl | 23 + ...n_email_invalid_email_format_7c859b9c.hurl | 23 + ...st_mutation_email_null_value_6da4f717.hurl | 23 + ...l_oversized_string_300_chars_3dfbbb02.hurl | 23 + ...tation_password_empty_string_f66d6ba8.hurl | 23 + ...rd_integer_instead_of_string_85af6488.hurl | 23 + ...mutation_password_null_value_8df134ff.hurl | 23 + ...d_oversized_string_300_chars_ffcd46cb.hurl | 23 + ...er_post_null_injection_email_031620b5.hurl | 19 + ...post_null_injection_password_dc0c76f3.hurl | 19 + ...p_api2_broken_authentication_e8a47f18.hurl | 12 + ...t_owasp_api6_mass_assignment_900b6a9f.hurl | 27 + ...pi7_injection_path_traversal_2f3c6761.hurl | 18 + ...st_owasp_api7_injection_sqli_ff6e6a6b.hurl | 18 + ...ost_owasp_api7_injection_xss_368fd7b5.hurl | 18 + ...ax_plus_one_invalid_boundary_0de23fb9.hurl | 19 + ...ssword_at_max_valid_boundary_b381fdb9.hurl | 22 + ...n_minus_one_invalid_boundary_15e47d10.hurl | 19 + ...ssword_at_min_valid_boundary_0f0b429e.hurl | 22 + ...quired_omission_email_absent_b724df31.hurl | 22 + ...red_omission_password_absent_3d6d9a7d.hurl | 22 + ...n_email_invalid_format_email_75e2908b.hurl | 19 + ...ation_email_missing_required_95b20a12.hurl | 18 + ...on_password_missing_required_88fb391a.hurl | 18 + ...violation_password_too_short_225366e2.hurl | 19 + ...ion_email_wrong_type_boolean_cff3b5ee.hurl | 19 + ...ion_email_wrong_type_integer_c40fa64f.hurl | 19 + ..._password_wrong_type_boolean_4af1b36a.hurl | 19 + ..._password_wrong_type_integer_4a32c12b.hurl | 19 + ..._fuzzing_email_bidi_override_cd50c303.hurl | 19 + ...e_fuzzing_email_control_char_619e4131.hurl | 19 + ...icode_fuzzing_email_overlong_aea85ac5.hurl | 19 + ..._unicode_fuzzing_email_zalgo_67eec10b.hurl | 19 + ...ode_fuzzing_email_zero_width_c30816fe.hurl | 19 + ...zzing_password_bidi_override_28ca4955.hurl | 19 + ...uzzing_password_control_char_cd54b4b0.hurl | 19 + ...de_fuzzing_password_overlong_3ac12861.hurl | 19 + ...icode_fuzzing_password_zalgo_ab0475dc.hurl | 19 + ..._fuzzing_password_zero_width_e4e8966c.hurl | 19 + ...est_with_all_required_fields_787a33be.hurl | 23 + ...rong_content_type_text_plain_9cf203de.hurl | 19 + ...n_delete_api_admin_grants_id_465a3cf5.hurl | 43 + ...in_delete_api_admin_users_id_b3bffa74.hurl | 43 + ...et_api_admin_teams_id_grants_a05de11b.hurl | 43 + ...t_api_admin_teams_id_members_b5dca30c.hurl | 43 + ..._api_admin_teams_id_services_344df791.hurl | 43 + ...st_api_admin_teams_id_grants_10533daf.hurl | 55 + ...t_api_admin_teams_id_members_98e576b1.hurl | 50 + ...chain_put_api_admin_users_id_0c6076ab.hurl | 50 + cases/index.json | 43397 ++++++++++++++++ cmd/cases/index.json | 270 + ...ost_create_and_retrieve_user_8a91cfff.hurl | 32 + ...s_post_create_duplicate_user_62e19623.hurl | 40 + ...ate_user_with_existing_email_7c11147b.hurl | 40 + ..._create_user_and_retrieve_it_f9ba7a73.hurl | 33 + ...user_missing_required_fields_053ab84f.hurl | 17 + ...user_missing_required_fields_8b269035.hurl | 17 + ...user_missing_required_fields_d374ddbf.hurl | 18 + ...user_missing_required_fields_e321037a.hurl | 18 + ..._missing_required_name_field_20f71db2.hurl | 18 + ...successfully_with_valid_data_6bdcfc62.hurl | 19 + ...successfully_with_valid_data_d6d2f9b6.hurl | 19 + ...successfully_with_valid_data_ed41be39.hurl | 19 + ...ser_with_all_required_fields_ca607f38.hurl | 19 + ...te_user_with_duplicate_email_0be9ec08.hurl | 40 + ...te_user_with_duplicate_email_14bec37e.hurl | 40 + ...te_user_with_duplicate_email_16b5e1af.hurl | 19 + ...te_user_with_duplicate_email_2143a276.hurl | 40 + ...te_user_with_duplicate_email_4540500f.hurl | 40 + ...te_user_with_duplicate_email_847c5ec7.hurl | 40 + ...te_user_with_duplicate_email_855ae92d.hurl | 40 + ...te_user_with_duplicate_email_d50aa5de.hurl | 40 + ...te_user_with_duplicate_email_ec600d0b.hurl | 40 + ..._create_user_with_empty_body_563fc76d.hurl | 15 + ...user_with_empty_request_body_1f9b1832.hurl | 15 + ...user_with_empty_request_body_403e1b49.hurl | 15 + ...user_with_empty_request_body_5b591edb.hurl | 15 + ...user_with_empty_request_body_5d3eb006.hurl | 15 + ...user_with_empty_request_body_6d5b6c22.hurl | 15 + ...user_with_empty_request_body_ae7a9790.hurl | 15 + ...user_with_empty_request_body_b9201ec1.hurl | 15 + ...user_with_empty_request_body_d4ebbcfb.hurl | 15 + ...user_with_empty_request_body_dca30578.hurl | 15 + ...er_with_invalid_email_format_12d150e0.hurl | 19 + ...er_with_invalid_email_format_1b915f1c.hurl | 19 + ...er_with_invalid_email_format_3c84dd5d.hurl | 19 + ...er_with_invalid_email_format_4987e0c9.hurl | 19 + ...er_with_invalid_email_format_802bab4d.hurl | 19 + ...er_with_invalid_email_format_a76df09a.hurl | 19 + ...er_with_invalid_email_format_c4f2a558.hurl | 19 + ...er_with_invalid_email_format_c93fd0f2.hurl | 19 + ...er_with_invalid_email_format_e753478f.hurl | 19 + ...er_with_invalid_email_format_ebabbba7.hurl | 19 + ...er_with_invalid_email_format_ee2ea20f.hurl | 19 + ...ate_user_with_minimal_fields_4626dbf0.hurl | 17 + ...with_minimal_required_fields_272780ec.hurl | 18 + ...with_minimal_required_fields_6cad6219.hurl | 18 + ...with_minimal_required_fields_9bb38a6e.hurl | 18 + ...with_missing_required_fields_088af62f.hurl | 17 + ...with_missing_required_fields_3e271201.hurl | 18 + ...with_missing_required_fields_a1a407ac.hurl | 18 + ...with_missing_required_fields_cca11513.hurl | 15 + ...with_missing_required_fields_d11763fa.hurl | 18 + ...with_missing_required_fields_f2b440ff.hurl | 17 + ...user_with_password_too_short_6585f31e.hurl | 19 + ..._create_user_with_valid_data_0add7ad1.hurl | 19 + ..._create_user_with_valid_data_0b80c623.hurl | 19 + ..._create_user_with_valid_data_168ded86.hurl | 19 + ..._create_user_with_valid_data_1bc07161.hurl | 19 + ..._create_user_with_valid_data_23ae4070.hurl | 19 + ..._create_user_with_valid_data_2a7542be.hurl | 19 + ..._create_user_with_valid_data_405b1cc7.hurl | 19 + ..._create_user_with_valid_data_42336db4.hurl | 19 + ..._create_user_with_valid_data_66eaac33.hurl | 19 + ..._create_user_with_valid_data_7bd9e5f4.hurl | 19 + ..._create_user_with_valid_data_8d1e56af.hurl | 19 + ..._create_user_with_valid_data_d820dbc4.hurl | 19 + ..._create_user_with_valid_data_ef5c32e1.hurl | 19 + ..._create_user_with_valid_data_f4fc91e0.hurl | 19 + ...eate_user_with_weak_password_066b5eb6.hurl | 19 + ...eate_user_with_weak_password_4414257a.hurl | 19 + ...eate_user_with_weak_password_61182975.hurl | 19 + ...eate_user_with_weak_password_927b5196.hurl | 19 + ...eate_user_with_weak_password_ad27efeb.hurl | 19 + ...eate_user_with_weak_password_e00f7c68.hurl | 19 + ...eate_user_with_weak_password_e83267a6.hurl | 19 + ...eate_user_with_weak_password_f80ddbdb.hurl | 19 + ...without_authentication_token_dd3e5af5.hurl | 19 + ...ail_to_create_duplicate_user_027c26b3.hurl | 38 + ...ail_to_create_duplicate_user_9b4f9a72.hurl | 40 + ...ate_user_with_existing_email_6c2e4ea0.hurl | 40 + ...ate_user_with_existing_email_78c9e99f.hurl | 39 + ...ate_user_with_existing_email_b9e88eb8.hurl | 40 + ...te_user_with_duplicate_email_004d19bc.hurl | 40 + ...te_user_with_duplicate_email_865cada7.hurl | 40 + ...user_with_empty_request_body_84405873.hurl | 15 + ...user_with_empty_request_body_9787221a.hurl | 15 + ...user_with_empty_request_body_9fa1c233.hurl | 15 + ...user_with_empty_request_body_cea3990a.hurl | 15 + ...er_with_invalid_email_format_1ba1acf6.hurl | 19 + ...er_with_invalid_email_format_2bd6ea23.hurl | 19 + ...er_with_invalid_email_format_354a4ea6.hurl | 19 + ...er_with_invalid_email_format_5204b57a.hurl | 18 + ...er_with_invalid_email_format_71d8d257.hurl | 19 + ...er_with_invalid_email_format_984e56e9.hurl | 19 + ...er_with_invalid_email_format_a2bd888d.hurl | 19 + ...eate_user_with_missing_email_9984528c.hurl | 18 + ...eate_user_with_missing_email_e1e9b7f8.hurl | 18 + ...with_missing_required_fields_00b8cf47.hurl | 18 + ...with_missing_required_fields_8a424b35.hurl | 18 + ...with_missing_required_fields_8eba8f6c.hurl | 18 + ...with_missing_required_fields_9be782de.hurl | 18 + ...with_missing_required_fields_c122d03b.hurl | 15 + ...eate_user_with_weak_password_3cf31478.hurl | 19 + ...eate_user_with_weak_password_5278686c.hurl | 19 + ...eate_user_with_weak_password_91adc9f5.hurl | 19 + ...eate_user_with_weak_password_a8b3ff8c.hurl | 19 + ...eate_user_with_weak_password_ac0b807a.hurl | 19 + ..._user_without_authentication_127085f6.hurl | 19 + cmd/gen.go | 11 +- cmd/gen_e2e_test.go | 1 + cmd/reports/dea-report.json | 7 + docs/acceptance/acceptance-tests.md | 1 + internal/methodology/engine.go | 126 +- internal/methodology/engine_test.go | 156 + scripts/acceptance.sh | 4 + 1085 files changed, 67723 insertions(+), 11 deletions(-) create mode 100644 cases/api_admin_audit_logs_get_auth_chain_4b81d9bb.hurl create mode 100644 cases/api_admin_audit_logs_get_classification_tree_row_10_action_user_disabled_e73ed081.hurl create mode 100644 cases/api_admin_audit_logs_get_classification_tree_row_11_action_team_created_a820fea5.hurl create mode 100644 cases/api_admin_audit_logs_get_classification_tree_row_1_action_login_80f9a912.hurl create mode 100644 cases/api_admin_audit_logs_get_classification_tree_row_2_action_spec_uploaded_ee7cf268.hurl create mode 100644 cases/api_admin_audit_logs_get_classification_tree_row_3_action_spec_updated_df4697d4.hurl create mode 100644 cases/api_admin_audit_logs_get_classification_tree_row_4_action_service_deleted_ba4c28cb.hurl create mode 100644 cases/api_admin_audit_logs_get_classification_tree_row_5_action_grant_created_2874616a.hurl create mode 100644 cases/api_admin_audit_logs_get_classification_tree_row_6_action_grant_revoked_4511e41f.hurl create mode 100644 cases/api_admin_audit_logs_get_classification_tree_row_7_action_token_created_e290ff04.hurl create mode 100644 cases/api_admin_audit_logs_get_classification_tree_row_8_action_token_revoked_5a6e9137.hurl create mode 100644 cases/api_admin_audit_logs_get_classification_tree_row_9_action_user_created_e92e324e.hurl create mode 100644 cases/api_admin_audit_logs_get_owasp_api2_broken_authentication_eb7a16db.hurl create mode 100644 cases/api_admin_audit_logs_get_owasp_api5_function_level_authorization_missing_b02abc71.hurl create mode 100644 cases/api_admin_audit_logs_get_owasp_api7_injection_path_traversal_a1c2c8cc.hurl create mode 100644 cases/api_admin_audit_logs_get_owasp_api7_injection_sqli_605a4d60.hurl create mode 100644 cases/api_admin_audit_logs_get_owasp_api7_injection_xss_0d70db14.hurl create mode 100644 cases/api_admin_audit_logs_get_valid_request_with_all_required_fields_04940e9f.hurl create mode 100644 cases/api_admin_audit_logs_options_owasp_api8_cors_security_configuration_744c12cf.hurl create mode 100644 cases/api_admin_grants_id_delete_idempotent_second_call_must_be_safe_1f6fc417.hurl create mode 100644 cases/api_admin_grants_id_delete_idor_id_0_zero_id_c0c54349.hurl create mode 100644 cases/api_admin_grants_id_delete_idor_id_99999_alt_id_b20f3be6.hurl create mode 100644 cases/api_admin_grants_id_delete_missing_required_param_id_57e2f5d8.hurl create mode 100644 cases/api_admin_grants_id_delete_owasp_api1_bola_unauthorized_access_d8d75c69.hurl create mode 100644 cases/api_admin_grants_id_delete_owasp_api2_broken_authentication_2b26b1b2.hurl create mode 100644 cases/api_admin_grants_id_delete_owasp_api5_function_level_authorization_missing_640109d2.hurl create mode 100644 cases/api_admin_grants_id_delete_owasp_api7_injection_path_traversal_5cfaf557.hurl create mode 100644 cases/api_admin_grants_id_delete_owasp_api7_injection_sqli_3883f876.hurl create mode 100644 cases/api_admin_grants_id_delete_owasp_api7_injection_xss_7e26f4e3.hurl create mode 100644 cases/api_admin_grants_id_delete_valid_request_with_all_required_fields_03c20c58.hurl create mode 100644 cases/api_admin_grants_id_options_owasp_api8_cors_security_configuration_ff243297.hurl create mode 100644 cases/api_admin_services_serviceid_team_options_owasp_api8_cors_security_configuration_4b672517.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_idempotent_second_call_must_be_safe_dc1513dd.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_mass_assignment_financial_probe_297a0e33.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_mass_assignment_identity_probe_c9fe2f6f.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_mass_assignment_privilege_probe_c8fb1c8e.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_mass_assignment_status_probe_6072976c.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_missing_required_field_teamid_8397ba83.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_missing_required_field_teamid_bc585ae5.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_missing_required_param_serviceid_3dc3ff8a.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_mutation_teamid_empty_string_717311a7.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_mutation_teamid_integer_instead_of_string_cea11786.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_mutation_teamid_null_value_3c6b4929.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_mutation_teamid_oversized_string_300_chars_452218de.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_owasp_api1_bola_unauthorized_access_b7125bf5.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_owasp_api2_broken_authentication_6bc9b636.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_owasp_api3_bopla_property_level_access_26712b87.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_owasp_api5_function_level_authorization_mi_544e90d2.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_owasp_api6_mass_assignment_29a92605.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_owasp_api7_injection_path_traversal_b621722f.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_owasp_api7_injection_sqli_53f0e55f.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_owasp_api7_injection_xss_3ad867af.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_required_omission_teamid_absent_d24b98db.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_schema_violation_teamid_missing_required_c8b11e1e.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_semantic_annotation_nullable_field_teamid_f06bfa27.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_type_coercion_teamid_wrong_type_boolean_5b55ebea.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_type_coercion_teamid_wrong_type_integer_87eccc15.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_bidi_override_e30f1b9e.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_control_char_00caba6f.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_overlong_5dc313b9.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_zalgo_c1fa3472.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_zero_width_1c0a1d4a.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_valid_request_with_all_required_fields_c8662867.hurl create mode 100644 cases/api_admin_services_serviceid_team_put_wrong_content_type_text_plain_16d39238.hurl create mode 100644 cases/api_admin_teams_get_auth_chain_3977085e.hurl create mode 100644 cases/api_admin_teams_get_owasp_api2_broken_authentication_1e347647.hurl create mode 100644 cases/api_admin_teams_get_owasp_api5_function_level_authorization_missing_a9276ccc.hurl create mode 100644 cases/api_admin_teams_get_valid_request_with_all_required_fields_978ae5a8.hurl create mode 100644 cases/api_admin_teams_id_delete_idempotent_second_call_must_be_safe_2d2c1dda.hurl create mode 100644 cases/api_admin_teams_id_delete_idor_id_0_zero_id_04e9a0f9.hurl create mode 100644 cases/api_admin_teams_id_delete_idor_id_99999_alt_id_0d533645.hurl create mode 100644 cases/api_admin_teams_id_delete_missing_required_param_id_d700a9bc.hurl create mode 100644 cases/api_admin_teams_id_delete_owasp_api1_bola_unauthorized_access_a23b7745.hurl create mode 100644 cases/api_admin_teams_id_delete_owasp_api2_broken_authentication_f7305717.hurl create mode 100644 cases/api_admin_teams_id_delete_owasp_api5_function_level_authorization_missing_1f9d5ef0.hurl create mode 100644 cases/api_admin_teams_id_delete_owasp_api7_injection_path_traversal_726d486c.hurl create mode 100644 cases/api_admin_teams_id_delete_owasp_api7_injection_sqli_e0aa0be4.hurl create mode 100644 cases/api_admin_teams_id_delete_owasp_api7_injection_xss_cdcba009.hurl create mode 100644 cases/api_admin_teams_id_delete_valid_request_with_all_required_fields_2f56068b.hurl create mode 100644 cases/api_admin_teams_id_grants_get_idor_id_0_zero_id_625bb61d.hurl create mode 100644 cases/api_admin_teams_id_grants_get_idor_id_99999_alt_id_1e7138b3.hurl create mode 100644 cases/api_admin_teams_id_grants_get_missing_required_param_id_aa4a85d2.hurl create mode 100644 cases/api_admin_teams_id_grants_get_owasp_api1_bola_unauthorized_access_9c3bba1f.hurl create mode 100644 cases/api_admin_teams_id_grants_get_owasp_api2_broken_authentication_2dae98a0.hurl create mode 100644 cases/api_admin_teams_id_grants_get_owasp_api5_function_level_authorization_missing_8f5433a6.hurl create mode 100644 cases/api_admin_teams_id_grants_get_owasp_api7_injection_path_traversal_b5400171.hurl create mode 100644 cases/api_admin_teams_id_grants_get_owasp_api7_injection_sqli_a7917f13.hurl create mode 100644 cases/api_admin_teams_id_grants_get_owasp_api7_injection_xss_269d7a97.hurl create mode 100644 cases/api_admin_teams_id_grants_get_valid_request_with_all_required_fields_d5427a01.hurl create mode 100644 cases/api_admin_teams_id_grants_options_owasp_api8_cors_security_configuration_8b59e761.hurl create mode 100644 cases/api_admin_teams_id_grants_post_idempotent_second_call_must_be_safe_810053e8.hurl create mode 100644 cases/api_admin_teams_id_grants_post_idor_id_0_zero_id_82f1376b.hurl create mode 100644 cases/api_admin_teams_id_grants_post_idor_id_99999_alt_id_14f8c7cc.hurl create mode 100644 cases/api_admin_teams_id_grants_post_mass_assignment_financial_probe_8b55910b.hurl create mode 100644 cases/api_admin_teams_id_grants_post_mass_assignment_identity_probe_74060ffe.hurl create mode 100644 cases/api_admin_teams_id_grants_post_mass_assignment_privilege_probe_eaaad8f0.hurl create mode 100644 cases/api_admin_teams_id_grants_post_mass_assignment_status_probe_54b93b94.hurl create mode 100644 cases/api_admin_teams_id_grants_post_missing_required_field_serviceid_33636c2c.hurl create mode 100644 cases/api_admin_teams_id_grants_post_missing_required_field_serviceid_62d899fa.hurl create mode 100644 cases/api_admin_teams_id_grants_post_missing_required_param_id_aee10eee.hurl create mode 100644 cases/api_admin_teams_id_grants_post_mutation_branches_null_value_3f1f0acd.hurl create mode 100644 cases/api_admin_teams_id_grants_post_mutation_branches_object_instead_of_array_c0bd2a08.hurl create mode 100644 cases/api_admin_teams_id_grants_post_mutation_branches_string_instead_of_array_963f2d23.hurl create mode 100644 cases/api_admin_teams_id_grants_post_mutation_expiresat_empty_string_2894700e.hurl create mode 100644 cases/api_admin_teams_id_grants_post_mutation_expiresat_integer_instead_of_string_c03df9f9.hurl create mode 100644 cases/api_admin_teams_id_grants_post_mutation_expiresat_invalid_date_format_6260c870.hurl create mode 100644 cases/api_admin_teams_id_grants_post_mutation_expiresat_null_value_759658e7.hurl create mode 100644 cases/api_admin_teams_id_grants_post_mutation_expiresat_oversized_string_300_chars_0ee96c4d.hurl create mode 100644 cases/api_admin_teams_id_grants_post_mutation_granteeteamid_empty_string_7d06efc6.hurl create mode 100644 cases/api_admin_teams_id_grants_post_mutation_granteeteamid_null_value_0064709a.hurl create mode 100644 cases/api_admin_teams_id_grants_post_null_injection_branches_e32391c6.hurl create mode 100644 cases/api_admin_teams_id_grants_post_null_injection_expiresat_df39db3e.hurl create mode 100644 cases/api_admin_teams_id_grants_post_null_injection_granteeteamid_63fd31b7.hurl create mode 100644 cases/api_admin_teams_id_grants_post_null_injection_granteeuserid_593b0773.hurl create mode 100644 cases/api_admin_teams_id_grants_post_null_injection_serviceid_2571eb1b.hurl create mode 100644 cases/api_admin_teams_id_grants_post_owasp_api1_bola_unauthorized_access_750fd5ab.hurl create mode 100644 cases/api_admin_teams_id_grants_post_owasp_api2_broken_authentication_a5db835c.hurl create mode 100644 cases/api_admin_teams_id_grants_post_owasp_api5_function_level_authorization_missing_4c520692.hurl create mode 100644 cases/api_admin_teams_id_grants_post_owasp_api6_mass_assignment_e74b3c2c.hurl create mode 100644 cases/api_admin_teams_id_grants_post_owasp_api7_injection_path_traversal_aa0b7128.hurl create mode 100644 cases/api_admin_teams_id_grants_post_owasp_api7_injection_sqli_ea6fd919.hurl create mode 100644 cases/api_admin_teams_id_grants_post_owasp_api7_injection_xss_c288f174.hurl create mode 100644 cases/api_admin_teams_id_grants_post_required_omission_serviceid_absent_eb992221.hurl create mode 100644 cases/api_admin_teams_id_grants_post_schema_violation_expiresat_invalid_format_date_ti_9509a04a.hurl create mode 100644 cases/api_admin_teams_id_grants_post_schema_violation_serviceid_missing_required_4b79a206.hurl create mode 100644 cases/api_admin_teams_id_grants_post_type_coercion_branches_wrong_type_string_291b984a.hurl create mode 100644 cases/api_admin_teams_id_grants_post_type_coercion_expiresat_wrong_type_boolean_d73bcfa6.hurl create mode 100644 cases/api_admin_teams_id_grants_post_type_coercion_expiresat_wrong_type_integer_4440c404.hurl create mode 100644 cases/api_admin_teams_id_grants_post_type_coercion_granteeteamid_wrong_type_boolean_8920e31f.hurl create mode 100644 cases/api_admin_teams_id_grants_post_type_coercion_granteeteamid_wrong_type_integer_50132b05.hurl create mode 100644 cases/api_admin_teams_id_grants_post_type_coercion_granteeuserid_wrong_type_boolean_1566fad3.hurl create mode 100644 cases/api_admin_teams_id_grants_post_type_coercion_granteeuserid_wrong_type_integer_3f9db72b.hurl create mode 100644 cases/api_admin_teams_id_grants_post_type_coercion_serviceid_wrong_type_boolean_f4852904.hurl create mode 100644 cases/api_admin_teams_id_grants_post_type_coercion_serviceid_wrong_type_integer_e98b7c31.hurl create mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_bidi_override_691f2024.hurl create mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_control_char_ed7d403f.hurl create mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_overlong_e80f6e77.hurl create mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_zalgo_e8fa18b3.hurl create mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_zero_width_c67b22d4.hurl create mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_bidi_override_d197e84d.hurl create mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_control_char_d5595214.hurl create mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_overlong_4df41e59.hurl create mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_zalgo_603eeaa8.hurl create mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_zero_width_28a0c8b4.hurl create mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_bidi_override_57831769.hurl create mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_control_char_bb1058c5.hurl create mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_overlong_81f35d0c.hurl create mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_zalgo_7682a2d7.hurl create mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_zero_width_7f787ffd.hurl create mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_bidi_override_894450de.hurl create mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_control_char_aea6968a.hurl create mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_overlong_ae4ea893.hurl create mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_zalgo_3b372657.hurl create mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_zero_width_c9798ccb.hurl create mode 100644 cases/api_admin_teams_id_grants_post_valid_request_with_all_required_fields_62bccfec.hurl create mode 100644 cases/api_admin_teams_id_grants_post_wrong_content_type_text_plain_a9ed456f.hurl create mode 100644 cases/api_admin_teams_id_grants_sequence_chain_delete_api_admin_grants_id_fae601d3.hurl create mode 100644 cases/api_admin_teams_id_grants_sequence_chain_delete_api_admin_users_id_1e93f696.hurl create mode 100644 cases/api_admin_teams_id_grants_sequence_chain_get_api_admin_teams_id_members_7710bdae.hurl create mode 100644 cases/api_admin_teams_id_grants_sequence_chain_get_api_admin_teams_id_services_fd7cb142.hurl create mode 100644 cases/api_admin_teams_id_grants_sequence_chain_post_api_admin_teams_id_members_136f3cd3.hurl create mode 100644 cases/api_admin_teams_id_grants_sequence_chain_put_api_admin_services_serviceid_team_cafaccf6.hurl create mode 100644 cases/api_admin_teams_id_grants_sequence_chain_put_api_admin_users_id_636e3912.hurl create mode 100644 cases/api_admin_teams_id_members_get_idor_id_0_zero_id_8d769a8b.hurl create mode 100644 cases/api_admin_teams_id_members_get_idor_id_99999_alt_id_4af55f13.hurl create mode 100644 cases/api_admin_teams_id_members_get_missing_required_param_id_724cd05d.hurl create mode 100644 cases/api_admin_teams_id_members_get_owasp_api1_bola_unauthorized_access_be93ffb9.hurl create mode 100644 cases/api_admin_teams_id_members_get_owasp_api2_broken_authentication_942888a7.hurl create mode 100644 cases/api_admin_teams_id_members_get_owasp_api7_injection_path_traversal_c5fcb2bd.hurl create mode 100644 cases/api_admin_teams_id_members_get_owasp_api7_injection_sqli_05eacd8d.hurl create mode 100644 cases/api_admin_teams_id_members_get_owasp_api7_injection_xss_9935c2df.hurl create mode 100644 cases/api_admin_teams_id_members_get_valid_request_with_all_required_fields_f1d4a7ff.hurl create mode 100644 cases/api_admin_teams_id_members_options_owasp_api8_cors_security_configuration_02ec7afc.hurl create mode 100644 cases/api_admin_teams_id_members_post_idempotent_second_call_must_be_safe_fce8d8db.hurl create mode 100644 cases/api_admin_teams_id_members_post_idor_id_0_zero_id_07948765.hurl create mode 100644 cases/api_admin_teams_id_members_post_idor_id_99999_alt_id_d1a0e9c6.hurl create mode 100644 cases/api_admin_teams_id_members_post_invalid_role_value_not_in_enum_54b6ea73.hurl create mode 100644 cases/api_admin_teams_id_members_post_mass_assignment_financial_probe_31f44a55.hurl create mode 100644 cases/api_admin_teams_id_members_post_mass_assignment_identity_probe_09f9b8eb.hurl create mode 100644 cases/api_admin_teams_id_members_post_mass_assignment_privilege_probe_850dd902.hurl create mode 100644 cases/api_admin_teams_id_members_post_mass_assignment_status_probe_edb444ec.hurl create mode 100644 cases/api_admin_teams_id_members_post_missing_required_field_userid_4eda623b.hurl create mode 100644 cases/api_admin_teams_id_members_post_missing_required_field_userid_aea81fb1.hurl create mode 100644 cases/api_admin_teams_id_members_post_missing_required_param_id_e44fc900.hurl create mode 100644 cases/api_admin_teams_id_members_post_mutation_role_empty_string_0cb69d90.hurl create mode 100644 cases/api_admin_teams_id_members_post_mutation_role_integer_instead_of_string_dc8849f5.hurl create mode 100644 cases/api_admin_teams_id_members_post_mutation_role_null_value_aff2608e.hurl create mode 100644 cases/api_admin_teams_id_members_post_mutation_role_oversized_string_300_chars_977e71fa.hurl create mode 100644 cases/api_admin_teams_id_members_post_mutation_userid_empty_string_b3beebbb.hurl create mode 100644 cases/api_admin_teams_id_members_post_mutation_userid_integer_instead_of_string_d8212bc8.hurl create mode 100644 cases/api_admin_teams_id_members_post_mutation_userid_null_value_8e4fd867.hurl create mode 100644 cases/api_admin_teams_id_members_post_mutation_userid_oversized_string_300_chars_5739a85b.hurl create mode 100644 cases/api_admin_teams_id_members_post_null_injection_role_a2c2e196.hurl create mode 100644 cases/api_admin_teams_id_members_post_null_injection_userid_1b45482b.hurl create mode 100644 cases/api_admin_teams_id_members_post_owasp_api1_bola_unauthorized_access_bc997516.hurl create mode 100644 cases/api_admin_teams_id_members_post_owasp_api2_broken_authentication_d1200108.hurl create mode 100644 cases/api_admin_teams_id_members_post_owasp_api6_mass_assignment_5a01a3ba.hurl create mode 100644 cases/api_admin_teams_id_members_post_owasp_api7_injection_path_traversal_60a70815.hurl create mode 100644 cases/api_admin_teams_id_members_post_owasp_api7_injection_sqli_5a3931f1.hurl create mode 100644 cases/api_admin_teams_id_members_post_owasp_api7_injection_xss_dd4d8c19.hurl create mode 100644 cases/api_admin_teams_id_members_post_required_omission_userid_absent_1da7a2c3.hurl create mode 100644 cases/api_admin_teams_id_members_post_schema_violation_role_invalid_enum_1d2b8bb8.hurl create mode 100644 cases/api_admin_teams_id_members_post_schema_violation_userid_missing_required_71efcd62.hurl create mode 100644 cases/api_admin_teams_id_members_post_type_coercion_role_wrong_type_boolean_2a4f0269.hurl create mode 100644 cases/api_admin_teams_id_members_post_type_coercion_role_wrong_type_integer_95fd239a.hurl create mode 100644 cases/api_admin_teams_id_members_post_type_coercion_userid_wrong_type_boolean_8aeef740.hurl create mode 100644 cases/api_admin_teams_id_members_post_type_coercion_userid_wrong_type_integer_76bfddd4.hurl create mode 100644 cases/api_admin_teams_id_members_post_unicode_fuzzing_role_bidi_override_aa47e2dd.hurl create mode 100644 cases/api_admin_teams_id_members_post_unicode_fuzzing_role_control_char_39e9a695.hurl create mode 100644 cases/api_admin_teams_id_members_post_unicode_fuzzing_role_overlong_7473f431.hurl create mode 100644 cases/api_admin_teams_id_members_post_unicode_fuzzing_role_zalgo_83be4bd5.hurl create mode 100644 cases/api_admin_teams_id_members_post_unicode_fuzzing_role_zero_width_241bc1b4.hurl create mode 100644 cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_bidi_override_e839caab.hurl create mode 100644 cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_control_char_382c05ef.hurl create mode 100644 cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_overlong_cbe2af65.hurl create mode 100644 cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_zalgo_9cd03a11.hurl create mode 100644 cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_zero_width_bdeeed04.hurl create mode 100644 cases/api_admin_teams_id_members_post_valid_request_with_all_required_fields_17f7b78e.hurl create mode 100644 cases/api_admin_teams_id_members_post_wrong_content_type_text_plain_0f904569.hurl create mode 100644 cases/api_admin_teams_id_members_userid_delete_idempotent_second_call_must_be_safe_e8a5f757.hurl create mode 100644 cases/api_admin_teams_id_members_userid_delete_idor_id_0_zero_id_eb538efa.hurl create mode 100644 cases/api_admin_teams_id_members_userid_delete_idor_id_99999_alt_id_c4642225.hurl create mode 100644 cases/api_admin_teams_id_members_userid_delete_missing_required_param_id_4661322e.hurl create mode 100644 cases/api_admin_teams_id_members_userid_delete_missing_required_param_userid_636a79c8.hurl create mode 100644 cases/api_admin_teams_id_members_userid_delete_owasp_api1_bola_unauthorized_access_042e8f38.hurl create mode 100644 cases/api_admin_teams_id_members_userid_delete_owasp_api2_broken_authentication_46113a78.hurl create mode 100644 cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_path_traversal_511147be.hurl create mode 100644 cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_sqli_0cf3a030.hurl create mode 100644 cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_xss_a4c3899a.hurl create mode 100644 cases/api_admin_teams_id_members_userid_delete_valid_request_with_all_required_fields_8384ae85.hurl create mode 100644 cases/api_admin_teams_id_members_userid_options_owasp_api8_cors_security_configuration_86b21409.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_idempotent_second_call_must_be_safe_7fb55548.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_idor_id_0_zero_id_3ecaa43f.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_idor_id_99999_alt_id_5ee92e8d.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_invalid_role_value_not_in_enum_1385a015.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_mass_assignment_financial_probe_e346a0c6.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_mass_assignment_identity_probe_c5b345ac.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_mass_assignment_privilege_probe_830ae193.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_mass_assignment_status_probe_08a1d397.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_missing_required_field_role_02cdac38.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_missing_required_field_role_7f67bdd2.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_missing_required_param_id_c90499c8.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_missing_required_param_userid_a0b457a0.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_mutation_role_empty_string_9334c130.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_mutation_role_integer_instead_of_string_c930d5b2.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_mutation_role_null_value_8380cf38.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_mutation_role_oversized_string_300_chars_c4c6cb7f.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_null_injection_role_92d17333.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_owasp_api1_bola_unauthorized_access_37084d5c.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_owasp_api2_broken_authentication_19b34217.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_owasp_api3_bopla_property_level_access_4c06b345.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_owasp_api6_mass_assignment_ffe14e02.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_path_traversal_df6e5f44.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_sqli_16482ca3.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_xss_d065e277.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_required_omission_role_absent_b8039024.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_schema_violation_role_invalid_enum_128b22a3.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_schema_violation_role_missing_required_e51f7c6d.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_type_coercion_role_wrong_type_boolean_c33ffd8f.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_type_coercion_role_wrong_type_integer_23b49146.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_bidi_override_0b0faf09.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_control_char_a8d734a8.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_overlong_1e651ae0.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_zalgo_f7cf562e.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_zero_width_2815807e.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_valid_request_with_all_required_fields_b950209e.hurl create mode 100644 cases/api_admin_teams_id_members_userid_put_wrong_content_type_text_plain_55f30d0f.hurl create mode 100644 cases/api_admin_teams_id_options_owasp_api8_cors_security_configuration_6bbc18bd.hurl create mode 100644 cases/api_admin_teams_id_put_idempotent_second_call_must_be_safe_1ca0ed36.hurl create mode 100644 cases/api_admin_teams_id_put_idor_id_0_zero_id_3c4cc44b.hurl create mode 100644 cases/api_admin_teams_id_put_idor_id_99999_alt_id_d4dddc4b.hurl create mode 100644 cases/api_admin_teams_id_put_mass_assignment_financial_probe_4c631268.hurl create mode 100644 cases/api_admin_teams_id_put_mass_assignment_identity_probe_ed4e87e7.hurl create mode 100644 cases/api_admin_teams_id_put_mass_assignment_privilege_probe_1b5cbca5.hurl create mode 100644 cases/api_admin_teams_id_put_mass_assignment_status_probe_c574427d.hurl create mode 100644 cases/api_admin_teams_id_put_missing_required_param_id_09825850.hurl create mode 100644 cases/api_admin_teams_id_put_mutation_description_empty_string_eb263846.hurl create mode 100644 cases/api_admin_teams_id_put_mutation_description_integer_instead_of_string_f0d62caa.hurl create mode 100644 cases/api_admin_teams_id_put_mutation_description_null_value_df8e9c3a.hurl create mode 100644 cases/api_admin_teams_id_put_mutation_description_oversized_string_300_chars_68ace4a3.hurl create mode 100644 cases/api_admin_teams_id_put_mutation_displayname_empty_string_13a9f6ae.hurl create mode 100644 cases/api_admin_teams_id_put_mutation_displayname_integer_instead_of_string_05b44595.hurl create mode 100644 cases/api_admin_teams_id_put_mutation_displayname_null_value_c587ff33.hurl create mode 100644 cases/api_admin_teams_id_put_mutation_displayname_oversized_string_300_chars_7def0ad8.hurl create mode 100644 cases/api_admin_teams_id_put_null_injection_description_794499ad.hurl create mode 100644 cases/api_admin_teams_id_put_null_injection_displayname_6c433e61.hurl create mode 100644 cases/api_admin_teams_id_put_owasp_api1_bola_unauthorized_access_50ace962.hurl create mode 100644 cases/api_admin_teams_id_put_owasp_api2_broken_authentication_fea6c4f7.hurl create mode 100644 cases/api_admin_teams_id_put_owasp_api3_bopla_property_level_access_d147b4f6.hurl create mode 100644 cases/api_admin_teams_id_put_owasp_api5_function_level_authorization_missing_06b71a7c.hurl create mode 100644 cases/api_admin_teams_id_put_owasp_api6_mass_assignment_6357ae57.hurl create mode 100644 cases/api_admin_teams_id_put_owasp_api7_injection_path_traversal_894772da.hurl create mode 100644 cases/api_admin_teams_id_put_owasp_api7_injection_sqli_c7f786e4.hurl create mode 100644 cases/api_admin_teams_id_put_owasp_api7_injection_xss_d3681129.hurl create mode 100644 cases/api_admin_teams_id_put_type_coercion_description_wrong_type_boolean_6dd640a7.hurl create mode 100644 cases/api_admin_teams_id_put_type_coercion_description_wrong_type_integer_3296a87f.hurl create mode 100644 cases/api_admin_teams_id_put_type_coercion_displayname_wrong_type_boolean_ccdc6ae5.hurl create mode 100644 cases/api_admin_teams_id_put_type_coercion_displayname_wrong_type_integer_3ade9411.hurl create mode 100644 cases/api_admin_teams_id_put_unicode_fuzzing_description_bidi_override_c42ef106.hurl create mode 100644 cases/api_admin_teams_id_put_unicode_fuzzing_description_control_char_d9200d81.hurl create mode 100644 cases/api_admin_teams_id_put_unicode_fuzzing_description_overlong_a87f58e7.hurl create mode 100644 cases/api_admin_teams_id_put_unicode_fuzzing_description_zalgo_e354e0de.hurl create mode 100644 cases/api_admin_teams_id_put_unicode_fuzzing_description_zero_width_1f9507e6.hurl create mode 100644 cases/api_admin_teams_id_put_unicode_fuzzing_displayname_bidi_override_7c97c5e9.hurl create mode 100644 cases/api_admin_teams_id_put_unicode_fuzzing_displayname_control_char_39195267.hurl create mode 100644 cases/api_admin_teams_id_put_unicode_fuzzing_displayname_overlong_cb9e326e.hurl create mode 100644 cases/api_admin_teams_id_put_unicode_fuzzing_displayname_zalgo_5add01e6.hurl create mode 100644 cases/api_admin_teams_id_put_unicode_fuzzing_displayname_zero_width_a1cdc859.hurl create mode 100644 cases/api_admin_teams_id_put_valid_request_with_all_required_fields_92de58a1.hurl create mode 100644 cases/api_admin_teams_id_put_wrong_content_type_text_plain_a77a2981.hurl create mode 100644 cases/api_admin_teams_id_services_get_idor_id_0_zero_id_405d2163.hurl create mode 100644 cases/api_admin_teams_id_services_get_idor_id_99999_alt_id_09f2f077.hurl create mode 100644 cases/api_admin_teams_id_services_get_missing_required_param_id_bbd8e250.hurl create mode 100644 cases/api_admin_teams_id_services_get_owasp_api1_bola_unauthorized_access_ce61c6bf.hurl create mode 100644 cases/api_admin_teams_id_services_get_owasp_api2_broken_authentication_29194ed9.hurl create mode 100644 cases/api_admin_teams_id_services_get_owasp_api5_function_level_authorization_missing_edc7b8fe.hurl create mode 100644 cases/api_admin_teams_id_services_get_owasp_api7_injection_path_traversal_961479c7.hurl create mode 100644 cases/api_admin_teams_id_services_get_owasp_api7_injection_sqli_2e72efb4.hurl create mode 100644 cases/api_admin_teams_id_services_get_owasp_api7_injection_xss_80ccb269.hurl create mode 100644 cases/api_admin_teams_id_services_get_valid_request_with_all_required_fields_1b69193c.hurl create mode 100644 cases/api_admin_teams_id_services_options_owasp_api8_cors_security_configuration_84a2058d.hurl create mode 100644 cases/api_admin_teams_options_owasp_api8_cors_security_configuration_ad2f2f8a.hurl create mode 100644 cases/api_admin_teams_post_auth_chain_4c68c418.hurl create mode 100644 cases/api_admin_teams_post_field_boundary_name_invalid_below_min_f9b893d9.hurl create mode 100644 cases/api_admin_teams_post_field_boundary_name_valid_min_787507a6.hurl create mode 100644 cases/api_admin_teams_post_idempotent_second_call_must_be_safe_bee426f4.hurl create mode 100644 cases/api_admin_teams_post_invalid_name_empty_string_violates_minlength_1_97aa6ff1.hurl create mode 100644 cases/api_admin_teams_post_mass_assignment_financial_probe_3c2025cc.hurl create mode 100644 cases/api_admin_teams_post_mass_assignment_identity_probe_82f380ef.hurl create mode 100644 cases/api_admin_teams_post_mass_assignment_privilege_probe_ed2bac60.hurl create mode 100644 cases/api_admin_teams_post_mass_assignment_status_probe_9b89bdf9.hurl create mode 100644 cases/api_admin_teams_post_missing_required_field_name_11fe758b.hurl create mode 100644 cases/api_admin_teams_post_missing_required_field_name_80c70bf8.hurl create mode 100644 cases/api_admin_teams_post_mutation_description_empty_string_569a3993.hurl create mode 100644 cases/api_admin_teams_post_mutation_description_integer_instead_of_string_4d295fcc.hurl create mode 100644 cases/api_admin_teams_post_mutation_description_null_value_672e2bba.hurl create mode 100644 cases/api_admin_teams_post_mutation_description_oversized_string_300_chars_20eb5b64.hurl create mode 100644 cases/api_admin_teams_post_mutation_displayname_empty_string_34993282.hurl create mode 100644 cases/api_admin_teams_post_mutation_displayname_integer_instead_of_string_c361779d.hurl create mode 100644 cases/api_admin_teams_post_mutation_displayname_null_value_782f4da8.hurl create mode 100644 cases/api_admin_teams_post_mutation_displayname_oversized_string_300_chars_b00969d7.hurl create mode 100644 cases/api_admin_teams_post_mutation_name_empty_string_e4058fd4.hurl create mode 100644 cases/api_admin_teams_post_mutation_name_null_value_ec9e6e43.hurl create mode 100644 cases/api_admin_teams_post_name_at_max_plus_one_invalid_boundary_5330751c.hurl create mode 100644 cases/api_admin_teams_post_name_at_max_valid_boundary_b9c84944.hurl create mode 100644 cases/api_admin_teams_post_name_at_min_minus_one_invalid_boundary_2ccbadc2.hurl create mode 100644 cases/api_admin_teams_post_name_at_min_valid_boundary_084178e7.hurl create mode 100644 cases/api_admin_teams_post_null_injection_description_5294fe7b.hurl create mode 100644 cases/api_admin_teams_post_null_injection_displayname_acaa7cdb.hurl create mode 100644 cases/api_admin_teams_post_null_injection_name_abe4e3e2.hurl create mode 100644 cases/api_admin_teams_post_owasp_api2_broken_authentication_0f5c6cec.hurl create mode 100644 cases/api_admin_teams_post_owasp_api5_function_level_authorization_missing_2df9f5ad.hurl create mode 100644 cases/api_admin_teams_post_owasp_api6_mass_assignment_e17876cf.hurl create mode 100644 cases/api_admin_teams_post_owasp_api7_injection_path_traversal_a1f1c968.hurl create mode 100644 cases/api_admin_teams_post_owasp_api7_injection_sqli_3e99ea9b.hurl create mode 100644 cases/api_admin_teams_post_owasp_api7_injection_xss_a582e336.hurl create mode 100644 cases/api_admin_teams_post_required_omission_name_absent_7a6a3b1a.hurl create mode 100644 cases/api_admin_teams_post_schema_violation_name_missing_required_144ca893.hurl create mode 100644 cases/api_admin_teams_post_schema_violation_name_too_short_2d1be97b.hurl create mode 100644 cases/api_admin_teams_post_type_coercion_description_wrong_type_boolean_bf50b6f1.hurl create mode 100644 cases/api_admin_teams_post_type_coercion_description_wrong_type_integer_1aea557e.hurl create mode 100644 cases/api_admin_teams_post_type_coercion_displayname_wrong_type_boolean_97c4c8ca.hurl create mode 100644 cases/api_admin_teams_post_type_coercion_displayname_wrong_type_integer_759d30e5.hurl create mode 100644 cases/api_admin_teams_post_type_coercion_name_wrong_type_boolean_b516cdc6.hurl create mode 100644 cases/api_admin_teams_post_type_coercion_name_wrong_type_integer_05c0d231.hurl create mode 100644 cases/api_admin_teams_post_unicode_fuzzing_description_bidi_override_d96ca637.hurl create mode 100644 cases/api_admin_teams_post_unicode_fuzzing_description_control_char_8656dd0b.hurl create mode 100644 cases/api_admin_teams_post_unicode_fuzzing_description_overlong_432c6afa.hurl create mode 100644 cases/api_admin_teams_post_unicode_fuzzing_description_zalgo_760794e2.hurl create mode 100644 cases/api_admin_teams_post_unicode_fuzzing_description_zero_width_5161dc9c.hurl create mode 100644 cases/api_admin_teams_post_unicode_fuzzing_displayname_bidi_override_693c8224.hurl create mode 100644 cases/api_admin_teams_post_unicode_fuzzing_displayname_control_char_7ead4ab7.hurl create mode 100644 cases/api_admin_teams_post_unicode_fuzzing_displayname_overlong_3d12d252.hurl create mode 100644 cases/api_admin_teams_post_unicode_fuzzing_displayname_zalgo_6474b9c1.hurl create mode 100644 cases/api_admin_teams_post_unicode_fuzzing_displayname_zero_width_8b028ce1.hurl create mode 100644 cases/api_admin_teams_post_unicode_fuzzing_name_bidi_override_19447855.hurl create mode 100644 cases/api_admin_teams_post_unicode_fuzzing_name_control_char_4e8b3875.hurl create mode 100644 cases/api_admin_teams_post_unicode_fuzzing_name_overlong_ee78ddc5.hurl create mode 100644 cases/api_admin_teams_post_unicode_fuzzing_name_zalgo_b42d8584.hurl create mode 100644 cases/api_admin_teams_post_unicode_fuzzing_name_zero_width_76a6b2ca.hurl create mode 100644 cases/api_admin_teams_post_valid_request_with_all_required_fields_17f73440.hurl create mode 100644 cases/api_admin_teams_post_wrong_content_type_text_plain_bd5b4e9e.hurl create mode 100644 cases/api_admin_teams_sequence_chain_delete_api_admin_grants_id_70b060a1.hurl create mode 100644 cases/api_admin_teams_sequence_chain_delete_api_admin_users_id_f0f67b06.hurl create mode 100644 cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_grants_6aeda09f.hurl create mode 100644 cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_members_0cb6ef87.hurl create mode 100644 cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_services_3642a068.hurl create mode 100644 cases/api_admin_teams_sequence_chain_post_api_admin_teams_id_grants_1b66938a.hurl create mode 100644 cases/api_admin_teams_sequence_chain_post_api_admin_teams_id_members_210690e6.hurl create mode 100644 cases/api_admin_teams_sequence_chain_put_api_admin_services_serviceid_team_8cbdf061.hurl create mode 100644 cases/api_admin_teams_sequence_chain_put_api_admin_users_id_2d5ea99d.hurl create mode 100644 cases/api_admin_users_get_auth_chain_e4ef12fa.hurl create mode 100644 cases/api_admin_users_get_owasp_api2_broken_authentication_aaffe36c.hurl create mode 100644 cases/api_admin_users_get_owasp_api5_function_level_authorization_missing_3724bb26.hurl create mode 100644 cases/api_admin_users_get_valid_request_with_all_required_fields_e7fb82c9.hurl create mode 100644 cases/api_admin_users_id_delete_idempotent_second_call_must_be_safe_380dcf78.hurl create mode 100644 cases/api_admin_users_id_delete_idor_id_0_zero_id_f8eac138.hurl create mode 100644 cases/api_admin_users_id_delete_idor_id_99999_alt_id_f53c958f.hurl create mode 100644 cases/api_admin_users_id_delete_missing_required_param_id_abfeb37c.hurl create mode 100644 cases/api_admin_users_id_delete_owasp_api1_bola_unauthorized_access_073a78a5.hurl create mode 100644 cases/api_admin_users_id_delete_owasp_api2_broken_authentication_5cc69e63.hurl create mode 100644 cases/api_admin_users_id_delete_owasp_api5_function_level_authorization_missing_4c861285.hurl create mode 100644 cases/api_admin_users_id_delete_owasp_api7_injection_path_traversal_9a54d420.hurl create mode 100644 cases/api_admin_users_id_delete_owasp_api7_injection_sqli_35704eb4.hurl create mode 100644 cases/api_admin_users_id_delete_owasp_api7_injection_xss_ae1228c7.hurl create mode 100644 cases/api_admin_users_id_delete_valid_request_with_all_required_fields_fd2d7e20.hurl create mode 100644 cases/api_admin_users_id_options_owasp_api8_cors_security_configuration_e0b5b44a.hurl create mode 100644 cases/api_admin_users_id_put_idempotent_second_call_must_be_safe_383d2878.hurl create mode 100644 cases/api_admin_users_id_put_idor_id_0_zero_id_1420839c.hurl create mode 100644 cases/api_admin_users_id_put_idor_id_99999_alt_id_b306fbb7.hurl create mode 100644 cases/api_admin_users_id_put_invalid_isactive_wrong_type_string_for_boolean_9a696767.hurl create mode 100644 cases/api_admin_users_id_put_invalid_role_value_not_in_enum_be8b477d.hurl create mode 100644 cases/api_admin_users_id_put_isactive_false_307b2101.hurl create mode 100644 cases/api_admin_users_id_put_isactive_true_920617a8.hurl create mode 100644 cases/api_admin_users_id_put_mass_assignment_financial_probe_9e2cf67b.hurl create mode 100644 cases/api_admin_users_id_put_mass_assignment_identity_probe_4fb556e6.hurl create mode 100644 cases/api_admin_users_id_put_mass_assignment_privilege_probe_a6a6cd31.hurl create mode 100644 cases/api_admin_users_id_put_mass_assignment_status_probe_1054f864.hurl create mode 100644 cases/api_admin_users_id_put_missing_required_param_id_fe77f880.hurl create mode 100644 cases/api_admin_users_id_put_mutation_isactive_integer_instead_of_boolean_56c3f6cc.hurl create mode 100644 cases/api_admin_users_id_put_mutation_isactive_null_value_48706298.hurl create mode 100644 cases/api_admin_users_id_put_mutation_isactive_string_instead_of_boolean_c83a8b69.hurl create mode 100644 cases/api_admin_users_id_put_mutation_role_empty_string_f4802a98.hurl create mode 100644 cases/api_admin_users_id_put_mutation_role_integer_instead_of_string_1d2d0cbd.hurl create mode 100644 cases/api_admin_users_id_put_mutation_role_null_value_091acd05.hurl create mode 100644 cases/api_admin_users_id_put_mutation_role_oversized_string_300_chars_786de8b3.hurl create mode 100644 cases/api_admin_users_id_put_null_injection_isactive_c8deaf48.hurl create mode 100644 cases/api_admin_users_id_put_null_injection_role_e890383a.hurl create mode 100644 cases/api_admin_users_id_put_owasp_api1_bola_unauthorized_access_91b47863.hurl create mode 100644 cases/api_admin_users_id_put_owasp_api2_broken_authentication_3552a6c6.hurl create mode 100644 cases/api_admin_users_id_put_owasp_api3_bopla_property_level_access_4ae5244a.hurl create mode 100644 cases/api_admin_users_id_put_owasp_api5_function_level_authorization_missing_8f0d7884.hurl create mode 100644 cases/api_admin_users_id_put_owasp_api6_mass_assignment_38dd166b.hurl create mode 100644 cases/api_admin_users_id_put_owasp_api7_injection_path_traversal_e9f5a9c9.hurl create mode 100644 cases/api_admin_users_id_put_owasp_api7_injection_sqli_c653b26d.hurl create mode 100644 cases/api_admin_users_id_put_owasp_api7_injection_xss_51b9a625.hurl create mode 100644 cases/api_admin_users_id_put_role_guest_d671319d.hurl create mode 100644 cases/api_admin_users_id_put_role_super_admin_72c28c85.hurl create mode 100644 cases/api_admin_users_id_put_role_team_member_c19312b9.hurl create mode 100644 cases/api_admin_users_id_put_role_team_owner_c8807eae.hurl create mode 100644 cases/api_admin_users_id_put_schema_violation_isactive_wrong_type_891572b6.hurl create mode 100644 cases/api_admin_users_id_put_schema_violation_role_invalid_enum_3765a2be.hurl create mode 100644 cases/api_admin_users_id_put_type_coercion_isactive_wrong_type_integer_308337db.hurl create mode 100644 cases/api_admin_users_id_put_type_coercion_isactive_wrong_type_string_4a329fab.hurl create mode 100644 cases/api_admin_users_id_put_type_coercion_role_wrong_type_boolean_c4d77768.hurl create mode 100644 cases/api_admin_users_id_put_type_coercion_role_wrong_type_integer_60c61680.hurl create mode 100644 cases/api_admin_users_id_put_unicode_fuzzing_role_bidi_override_a2217373.hurl create mode 100644 cases/api_admin_users_id_put_unicode_fuzzing_role_control_char_be44c91e.hurl create mode 100644 cases/api_admin_users_id_put_unicode_fuzzing_role_overlong_4c95b987.hurl create mode 100644 cases/api_admin_users_id_put_unicode_fuzzing_role_zalgo_d015a170.hurl create mode 100644 cases/api_admin_users_id_put_unicode_fuzzing_role_zero_width_b1e60615.hurl create mode 100644 cases/api_admin_users_id_put_valid_request_with_all_required_fields_d7979f2a.hurl create mode 100644 cases/api_admin_users_id_put_wrong_content_type_text_plain_69ba511c.hurl create mode 100644 cases/api_admin_users_options_owasp_api8_cors_security_configuration_d0d06277.hurl create mode 100644 cases/api_admin_webhooks_get_auth_chain_c741d9e1.hurl create mode 100644 cases/api_admin_webhooks_get_owasp_api2_broken_authentication_ec46e5a8.hurl create mode 100644 cases/api_admin_webhooks_get_owasp_api5_function_level_authorization_missing_a2ef426c.hurl create mode 100644 cases/api_admin_webhooks_get_valid_request_with_all_required_fields_c3e5fa48.hurl create mode 100644 cases/api_admin_webhooks_id_delete_idempotent_second_call_must_be_safe_854a404a.hurl create mode 100644 cases/api_admin_webhooks_id_delete_idor_id_00000000_0000_0000_0000_000000000000_nil_uu_2c9e3616.hurl create mode 100644 cases/api_admin_webhooks_id_delete_idor_id_00000000_0000_0000_0000_000000000001_alt_uu_101b67d9.hurl create mode 100644 cases/api_admin_webhooks_id_delete_missing_required_param_id_25ba00ae.hurl create mode 100644 cases/api_admin_webhooks_id_delete_owasp_api2_broken_authentication_23cf0c86.hurl create mode 100644 cases/api_admin_webhooks_id_delete_owasp_api5_function_level_authorization_missing_01a13cd8.hurl create mode 100644 cases/api_admin_webhooks_id_delete_owasp_api7_injection_path_traversal_bdc77229.hurl create mode 100644 cases/api_admin_webhooks_id_delete_owasp_api7_injection_sqli_7e499729.hurl create mode 100644 cases/api_admin_webhooks_id_delete_owasp_api7_injection_xss_06da467b.hurl create mode 100644 cases/api_admin_webhooks_id_delete_valid_request_with_all_required_fields_f50edea5.hurl create mode 100644 cases/api_admin_webhooks_id_options_owasp_api8_cors_security_configuration_c34b22b5.hurl create mode 100644 cases/api_admin_webhooks_id_patch_idor_id_00000000_0000_0000_0000_000000000000_nil_uui_93edf6a3.hurl create mode 100644 cases/api_admin_webhooks_id_patch_idor_id_00000000_0000_0000_0000_000000000001_alt_uui_e5555fc8.hurl create mode 100644 cases/api_admin_webhooks_id_patch_invalid_isactive_wrong_type_string_for_boolean_fbeea8b1.hurl create mode 100644 cases/api_admin_webhooks_id_patch_mass_assignment_financial_probe_ed85e04f.hurl create mode 100644 cases/api_admin_webhooks_id_patch_mass_assignment_identity_probe_1274d148.hurl create mode 100644 cases/api_admin_webhooks_id_patch_mass_assignment_privilege_probe_d0ddffec.hurl create mode 100644 cases/api_admin_webhooks_id_patch_mass_assignment_status_probe_16deab72.hurl create mode 100644 cases/api_admin_webhooks_id_patch_missing_required_param_id_8a80112e.hurl create mode 100644 cases/api_admin_webhooks_id_patch_mutation_events_null_value_2d09c873.hurl create mode 100644 cases/api_admin_webhooks_id_patch_mutation_events_object_instead_of_array_309789e7.hurl create mode 100644 cases/api_admin_webhooks_id_patch_mutation_events_string_instead_of_array_9439ce9e.hurl create mode 100644 cases/api_admin_webhooks_id_patch_mutation_isactive_integer_instead_of_boolean_161755de.hurl create mode 100644 cases/api_admin_webhooks_id_patch_mutation_isactive_null_value_c42eb537.hurl create mode 100644 cases/api_admin_webhooks_id_patch_mutation_isactive_string_instead_of_boolean_be6cb74f.hurl create mode 100644 cases/api_admin_webhooks_id_patch_mutation_name_empty_string_48b3b8ee.hurl create mode 100644 cases/api_admin_webhooks_id_patch_mutation_name_integer_instead_of_string_ec8ffbaa.hurl create mode 100644 cases/api_admin_webhooks_id_patch_mutation_name_null_value_07005fc1.hurl create mode 100644 cases/api_admin_webhooks_id_patch_mutation_name_oversized_string_300_chars_bc9e284b.hurl create mode 100644 cases/api_admin_webhooks_id_patch_null_injection_events_e5f0413f.hurl create mode 100644 cases/api_admin_webhooks_id_patch_null_injection_isactive_f681cd0b.hurl create mode 100644 cases/api_admin_webhooks_id_patch_null_injection_name_abff0001.hurl create mode 100644 cases/api_admin_webhooks_id_patch_null_injection_url_6597f138.hurl create mode 100644 cases/api_admin_webhooks_id_patch_owasp_api10_ssrf_432c0bdd.hurl create mode 100644 cases/api_admin_webhooks_id_patch_owasp_api2_broken_authentication_3a1afdb6.hurl create mode 100644 cases/api_admin_webhooks_id_patch_owasp_api3_bopla_property_level_access_d7a97bb7.hurl create mode 100644 cases/api_admin_webhooks_id_patch_owasp_api5_function_level_authorization_missing_6c16dac4.hurl create mode 100644 cases/api_admin_webhooks_id_patch_owasp_api7_injection_path_traversal_b84f711a.hurl create mode 100644 cases/api_admin_webhooks_id_patch_owasp_api7_injection_sqli_e249a62c.hurl create mode 100644 cases/api_admin_webhooks_id_patch_owasp_api7_injection_xss_e86a894c.hurl create mode 100644 cases/api_admin_webhooks_id_patch_schema_violation_isactive_wrong_type_a0047765.hurl create mode 100644 cases/api_admin_webhooks_id_patch_type_coercion_events_wrong_type_string_ce35cd41.hurl create mode 100644 cases/api_admin_webhooks_id_patch_type_coercion_isactive_wrong_type_integer_4c590e85.hurl create mode 100644 cases/api_admin_webhooks_id_patch_type_coercion_isactive_wrong_type_string_db8dd398.hurl create mode 100644 cases/api_admin_webhooks_id_patch_type_coercion_name_wrong_type_boolean_e2d843b1.hurl create mode 100644 cases/api_admin_webhooks_id_patch_type_coercion_name_wrong_type_integer_849247d2.hurl create mode 100644 cases/api_admin_webhooks_id_patch_type_coercion_url_wrong_type_boolean_d9bfd2d8.hurl create mode 100644 cases/api_admin_webhooks_id_patch_type_coercion_url_wrong_type_integer_5b388493.hurl create mode 100644 cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_bidi_override_61073126.hurl create mode 100644 cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_control_char_9fed73af.hurl create mode 100644 cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_overlong_ff322daa.hurl create mode 100644 cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_zalgo_a31d1299.hurl create mode 100644 cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_zero_width_6bdb26ba.hurl create mode 100644 cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_bidi_override_36430217.hurl create mode 100644 cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_control_char_ed68863e.hurl create mode 100644 cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_overlong_d7318097.hurl create mode 100644 cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_zalgo_0a72a45e.hurl create mode 100644 cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_zero_width_61e8a563.hurl create mode 100644 cases/api_admin_webhooks_id_patch_valid_request_with_all_required_fields_415f32a9.hurl create mode 100644 cases/api_admin_webhooks_id_patch_wrong_content_type_text_plain_94225ad6.hurl create mode 100644 cases/api_admin_webhooks_id_test_options_owasp_api8_cors_security_configuration_19ddcfe4.hurl create mode 100644 cases/api_admin_webhooks_id_test_post_idempotent_second_call_must_be_safe_ff996bd3.hurl create mode 100644 cases/api_admin_webhooks_id_test_post_idor_id_00000000_0000_0000_0000_000000000000_nil_33f46434.hurl create mode 100644 cases/api_admin_webhooks_id_test_post_idor_id_00000000_0000_0000_0000_000000000001_alt_eb0b8c82.hurl create mode 100644 cases/api_admin_webhooks_id_test_post_missing_required_param_id_8f3b353e.hurl create mode 100644 cases/api_admin_webhooks_id_test_post_owasp_api2_broken_authentication_7054030e.hurl create mode 100644 cases/api_admin_webhooks_id_test_post_owasp_api5_function_level_authorization_missing_908d0d93.hurl create mode 100644 cases/api_admin_webhooks_id_test_post_owasp_api7_injection_path_traversal_6c16c87b.hurl create mode 100644 cases/api_admin_webhooks_id_test_post_owasp_api7_injection_sqli_7a0227b0.hurl create mode 100644 cases/api_admin_webhooks_id_test_post_owasp_api7_injection_xss_e8743ba7.hurl create mode 100644 cases/api_admin_webhooks_id_test_post_valid_request_with_all_required_fields_ae0a2dc3.hurl create mode 100644 cases/api_admin_webhooks_options_owasp_api8_cors_security_configuration_3f16f7ab.hurl create mode 100644 cases/api_admin_webhooks_post_auth_chain_f4c0b7fc.hurl create mode 100644 cases/api_admin_webhooks_post_field_boundary_name_invalid_below_min_7b9e5b4d.hurl create mode 100644 cases/api_admin_webhooks_post_field_boundary_name_valid_min_85b28596.hurl create mode 100644 cases/api_admin_webhooks_post_idempotent_second_call_must_be_safe_06e188f6.hurl create mode 100644 cases/api_admin_webhooks_post_invalid_events_empty_array_violates_minitems_1_41ef09da.hurl create mode 100644 cases/api_admin_webhooks_post_invalid_name_empty_string_violates_minlength_1_86292ddb.hurl create mode 100644 cases/api_admin_webhooks_post_mass_assignment_financial_probe_241955ee.hurl create mode 100644 cases/api_admin_webhooks_post_mass_assignment_identity_probe_30b18c5f.hurl create mode 100644 cases/api_admin_webhooks_post_mass_assignment_privilege_probe_f5c743f7.hurl create mode 100644 cases/api_admin_webhooks_post_mass_assignment_status_probe_33b56375.hurl create mode 100644 cases/api_admin_webhooks_post_missing_required_field_events_d6a5b0c7.hurl create mode 100644 cases/api_admin_webhooks_post_missing_required_field_events_dfcc1c56.hurl create mode 100644 cases/api_admin_webhooks_post_missing_required_field_name_45423b82.hurl create mode 100644 cases/api_admin_webhooks_post_missing_required_field_name_6c83435b.hurl create mode 100644 cases/api_admin_webhooks_post_missing_required_field_url_6ed0d9f4.hurl create mode 100644 cases/api_admin_webhooks_post_missing_required_field_url_f322285b.hurl create mode 100644 cases/api_admin_webhooks_post_mutation_events_null_value_2c34fbf1.hurl create mode 100644 cases/api_admin_webhooks_post_mutation_events_object_instead_of_array_4a653004.hurl create mode 100644 cases/api_admin_webhooks_post_mutation_events_string_instead_of_array_19783d1d.hurl create mode 100644 cases/api_admin_webhooks_post_mutation_name_empty_string_f615d2a9.hurl create mode 100644 cases/api_admin_webhooks_post_mutation_name_integer_instead_of_string_cf6c122c.hurl create mode 100644 cases/api_admin_webhooks_post_mutation_name_null_value_b75000cd.hurl create mode 100644 cases/api_admin_webhooks_post_mutation_name_oversized_string_300_chars_5be879ce.hurl create mode 100644 cases/api_admin_webhooks_post_mutation_providertype_empty_string_9b991c26.hurl create mode 100644 cases/api_admin_webhooks_post_mutation_providertype_integer_instead_of_string_83e13d1b.hurl create mode 100644 cases/api_admin_webhooks_post_mutation_providertype_null_value_595d67fc.hurl create mode 100644 cases/api_admin_webhooks_post_name_at_max_plus_one_invalid_boundary_94214268.hurl create mode 100644 cases/api_admin_webhooks_post_name_at_max_valid_boundary_d8fb6781.hurl create mode 100644 cases/api_admin_webhooks_post_name_at_min_minus_one_invalid_boundary_5b4327aa.hurl create mode 100644 cases/api_admin_webhooks_post_name_at_min_valid_boundary_72f21135.hurl create mode 100644 cases/api_admin_webhooks_post_null_injection_events_35254559.hurl create mode 100644 cases/api_admin_webhooks_post_null_injection_name_169dbf8c.hurl create mode 100644 cases/api_admin_webhooks_post_null_injection_providertype_d40094c4.hurl create mode 100644 cases/api_admin_webhooks_post_null_injection_teamid_4f42ea82.hurl create mode 100644 cases/api_admin_webhooks_post_null_injection_url_52359f32.hurl create mode 100644 cases/api_admin_webhooks_post_owasp_api10_ssrf_fa3b21f3.hurl create mode 100644 cases/api_admin_webhooks_post_owasp_api2_broken_authentication_f690ca7e.hurl create mode 100644 cases/api_admin_webhooks_post_owasp_api5_function_level_authorization_missing_d8d5bdac.hurl create mode 100644 cases/api_admin_webhooks_post_owasp_api6_mass_assignment_1b59ba48.hurl create mode 100644 cases/api_admin_webhooks_post_owasp_api7_injection_path_traversal_a39cab42.hurl create mode 100644 cases/api_admin_webhooks_post_owasp_api7_injection_sqli_03accab7.hurl create mode 100644 cases/api_admin_webhooks_post_owasp_api7_injection_xss_a1a1e257.hurl create mode 100644 cases/api_admin_webhooks_post_required_omission_events_absent_09946d4c.hurl create mode 100644 cases/api_admin_webhooks_post_required_omission_name_absent_d0373487.hurl create mode 100644 cases/api_admin_webhooks_post_required_omission_url_absent_6d3bc221.hurl create mode 100644 cases/api_admin_webhooks_post_schema_violation_events_missing_required_e4df148d.hurl create mode 100644 cases/api_admin_webhooks_post_schema_violation_events_too_few_items_a0bdf58b.hurl create mode 100644 cases/api_admin_webhooks_post_schema_violation_name_missing_required_7b8cab12.hurl create mode 100644 cases/api_admin_webhooks_post_schema_violation_name_too_short_b49ea6fa.hurl create mode 100644 cases/api_admin_webhooks_post_schema_violation_url_missing_required_4d32f3c3.hurl create mode 100644 cases/api_admin_webhooks_post_type_coercion_events_wrong_type_string_07b6f191.hurl create mode 100644 cases/api_admin_webhooks_post_type_coercion_name_wrong_type_boolean_49b71fc3.hurl create mode 100644 cases/api_admin_webhooks_post_type_coercion_name_wrong_type_integer_39c60504.hurl create mode 100644 cases/api_admin_webhooks_post_type_coercion_providertype_wrong_type_boolean_2f2c0975.hurl create mode 100644 cases/api_admin_webhooks_post_type_coercion_providertype_wrong_type_integer_e227c019.hurl create mode 100644 cases/api_admin_webhooks_post_type_coercion_teamid_wrong_type_boolean_b27447cc.hurl create mode 100644 cases/api_admin_webhooks_post_type_coercion_teamid_wrong_type_integer_5db01d88.hurl create mode 100644 cases/api_admin_webhooks_post_type_coercion_url_wrong_type_boolean_2d482d43.hurl create mode 100644 cases/api_admin_webhooks_post_type_coercion_url_wrong_type_integer_ea2aab8e.hurl create mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_name_bidi_override_07e9eae2.hurl create mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_name_control_char_5943393b.hurl create mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_name_overlong_bee28f66.hurl create mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_name_zalgo_a7f8f480.hurl create mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_name_zero_width_2a6bf0cb.hurl create mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_providertype_bidi_override_8724a676.hurl create mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_providertype_control_char_dc945e0e.hurl create mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_providertype_overlong_2cc3a01a.hurl create mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_providertype_zalgo_07152569.hurl create mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_providertype_zero_width_e32282d7.hurl create mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_teamid_bidi_override_0c229c2d.hurl create mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_teamid_control_char_f031554f.hurl create mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_teamid_overlong_7de8af57.hurl create mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_teamid_zalgo_bba333a6.hurl create mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_teamid_zero_width_3128deb0.hurl create mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_url_bidi_override_caf839d6.hurl create mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_url_control_char_c4479bd1.hurl create mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_url_overlong_132333e4.hurl create mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_url_zalgo_6343c227.hurl create mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_url_zero_width_d101973c.hurl create mode 100644 cases/api_admin_webhooks_post_valid_request_with_all_required_fields_42a4fab4.hurl create mode 100644 cases/api_admin_webhooks_post_wrong_content_type_text_plain_7a40055b.hurl create mode 100644 cases/api_admin_webhooks_sequence_chain_delete_api_admin_grants_id_8ef3fbbb.hurl create mode 100644 cases/api_admin_webhooks_sequence_chain_delete_api_admin_users_id_763b85b6.hurl create mode 100644 cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_grants_83289d9f.hurl create mode 100644 cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_members_969a9fae.hurl create mode 100644 cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_services_ce956549.hurl create mode 100644 cases/api_admin_webhooks_sequence_chain_post_api_admin_teams_id_grants_02ba968a.hurl create mode 100644 cases/api_admin_webhooks_sequence_chain_post_api_admin_teams_id_members_393f686a.hurl create mode 100644 cases/api_admin_webhooks_sequence_chain_put_api_admin_services_serviceid_team_256209eb.hurl create mode 100644 cases/api_admin_webhooks_sequence_chain_put_api_admin_users_id_88a6983e.hurl create mode 100644 cases/api_catalog_get_auth_chain_bde6cda3.hurl create mode 100644 cases/api_catalog_get_owasp_api2_broken_authentication_e1fa3406.hurl create mode 100644 cases/api_catalog_get_valid_request_with_all_required_fields_c9b53fc1.hurl create mode 100644 cases/api_catalog_options_owasp_api8_cors_security_configuration_e3ff3623.hurl create mode 100644 cases/api_catalog_serviceid_delete_idempotent_second_call_must_be_safe_84233d9e.hurl create mode 100644 cases/api_catalog_serviceid_delete_idor_serviceid_00000000_0000_0000_0000_000000000000_c4621de0.hurl create mode 100644 cases/api_catalog_serviceid_delete_idor_serviceid_00000000_0000_0000_0000_000000000001_e72a9984.hurl create mode 100644 cases/api_catalog_serviceid_delete_missing_required_param_serviceid_3209e4f6.hurl create mode 100644 cases/api_catalog_serviceid_delete_owasp_api2_broken_authentication_be467598.hurl create mode 100644 cases/api_catalog_serviceid_delete_owasp_api5_function_level_authorization_missing_c88f572b.hurl create mode 100644 cases/api_catalog_serviceid_delete_owasp_api7_injection_path_traversal_c37e4439.hurl create mode 100644 cases/api_catalog_serviceid_delete_owasp_api7_injection_sqli_d27beca6.hurl create mode 100644 cases/api_catalog_serviceid_delete_owasp_api7_injection_xss_bfdae539.hurl create mode 100644 cases/api_catalog_serviceid_delete_valid_request_with_all_required_fields_b2745533.hurl create mode 100644 cases/api_catalog_serviceid_options_owasp_api8_cors_security_configuration_dc211e18.hurl create mode 100644 cases/api_diff_get_auth_chain_6af54553.hurl create mode 100644 cases/api_diff_get_missing_required_param_from_436315da.hurl create mode 100644 cases/api_diff_get_missing_required_param_to_592a212d.hurl create mode 100644 cases/api_diff_get_owasp_api2_broken_authentication_f6e6d81e.hurl create mode 100644 cases/api_diff_get_owasp_api7_injection_path_traversal_d2e88748.hurl create mode 100644 cases/api_diff_get_owasp_api7_injection_sqli_2add12cf.hurl create mode 100644 cases/api_diff_get_owasp_api7_injection_xss_1fb05370.hurl create mode 100644 cases/api_diff_get_valid_request_with_all_required_fields_f98b2b82.hurl create mode 100644 cases/api_diff_options_owasp_api8_cors_security_configuration_95a63795.hurl create mode 100644 cases/api_me_get_auth_chain_646f48bb.hurl create mode 100644 cases/api_me_get_owasp_api2_broken_authentication_16f4aef5.hurl create mode 100644 cases/api_me_get_valid_request_with_all_required_fields_cb06322f.hurl create mode 100644 cases/api_me_options_owasp_api8_cors_security_configuration_8d947b43.hurl create mode 100644 cases/api_search_get_auth_chain_e66b7d53.hurl create mode 100644 cases/api_search_get_missing_required_param_q_128363b8.hurl create mode 100644 cases/api_search_get_owasp_api2_broken_authentication_6e192176.hurl create mode 100644 cases/api_search_get_owasp_api7_injection_path_traversal_30f18b95.hurl create mode 100644 cases/api_search_get_owasp_api7_injection_sqli_b0d05c32.hurl create mode 100644 cases/api_search_get_owasp_api7_injection_xss_b1a5ce9b.hurl create mode 100644 cases/api_search_get_valid_request_with_all_required_fields_65fdbcb4.hurl create mode 100644 cases/api_search_options_owasp_api8_cors_security_configuration_e799f553.hurl create mode 100644 cases/api_specs_service_branch_openapi_json_get_missing_required_param_branch_dd4faa6a.hurl create mode 100644 cases/api_specs_service_branch_openapi_json_get_missing_required_param_service_14b52fbb.hurl create mode 100644 cases/api_specs_service_branch_openapi_json_get_owasp_api2_broken_authentication_5b840153.hurl create mode 100644 cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_path_traversal_217a31ae.hurl create mode 100644 cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_sqli_3e62652b.hurl create mode 100644 cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_xss_69cf35a6.hurl create mode 100644 cases/api_specs_service_branch_openapi_json_get_valid_request_with_all_required_fields_e159fefe.hurl create mode 100644 cases/api_specs_service_branch_openapi_json_options_owasp_api8_cors_security_configura_ecd6daec.hurl create mode 100644 cases/api_specs_service_versions_get_missing_required_param_branch_e71dd727.hurl create mode 100644 cases/api_specs_service_versions_get_missing_required_param_service_95c1cee7.hurl create mode 100644 cases/api_specs_service_versions_get_owasp_api2_broken_authentication_9b5eb037.hurl create mode 100644 cases/api_specs_service_versions_get_owasp_api7_injection_path_traversal_106c80c0.hurl create mode 100644 cases/api_specs_service_versions_get_owasp_api7_injection_sqli_ffc707f5.hurl create mode 100644 cases/api_specs_service_versions_get_owasp_api7_injection_xss_cf42e9f4.hurl create mode 100644 cases/api_specs_service_versions_get_valid_request_with_all_required_fields_f8bdece6.hurl create mode 100644 cases/api_specs_service_versions_options_owasp_api8_cors_security_configuration_d622eda3.hurl create mode 100644 cases/api_tokens_get_auth_chain_9d529cfb.hurl create mode 100644 cases/api_tokens_get_owasp_api2_broken_authentication_dcecca87.hurl create mode 100644 cases/api_tokens_get_valid_request_with_all_required_fields_abcd14ab.hurl create mode 100644 cases/api_tokens_id_delete_idempotent_second_call_must_be_safe_ea338ec1.hurl create mode 100644 cases/api_tokens_id_delete_idor_id_0_zero_id_d0e0481e.hurl create mode 100644 cases/api_tokens_id_delete_idor_id_99999_alt_id_502920f7.hurl create mode 100644 cases/api_tokens_id_delete_missing_required_param_id_c2abfd5e.hurl create mode 100644 cases/api_tokens_id_delete_owasp_api1_bola_unauthorized_access_2d207a0d.hurl create mode 100644 cases/api_tokens_id_delete_owasp_api2_broken_authentication_599ddef6.hurl create mode 100644 cases/api_tokens_id_delete_owasp_api5_function_level_authorization_missing_fbedb9f1.hurl create mode 100644 cases/api_tokens_id_delete_owasp_api7_injection_path_traversal_85b86fe3.hurl create mode 100644 cases/api_tokens_id_delete_owasp_api7_injection_sqli_e54ea4ce.hurl create mode 100644 cases/api_tokens_id_delete_owasp_api7_injection_xss_ebab5e69.hurl create mode 100644 cases/api_tokens_id_delete_valid_request_with_all_required_fields_138640de.hurl create mode 100644 cases/api_tokens_id_options_owasp_api8_cors_security_configuration_ba604e45.hurl create mode 100644 cases/api_tokens_options_owasp_api8_cors_security_configuration_b009aaa0.hurl create mode 100644 cases/api_tokens_post_field_boundary_name_invalid_below_min_107263c8.hurl create mode 100644 cases/api_tokens_post_field_boundary_name_valid_min_041bf0da.hurl create mode 100644 cases/api_tokens_post_idempotent_second_call_must_be_safe_85621889.hurl create mode 100644 cases/api_tokens_post_invalid_name_empty_string_violates_minlength_1_b579ade9.hurl create mode 100644 cases/api_tokens_post_invalid_scope_value_not_in_enum_a9cdb025.hurl create mode 100644 cases/api_tokens_post_mass_assignment_financial_probe_b896a4fe.hurl create mode 100644 cases/api_tokens_post_mass_assignment_identity_probe_b46880dc.hurl create mode 100644 cases/api_tokens_post_mass_assignment_privilege_probe_2411ba2b.hurl create mode 100644 cases/api_tokens_post_mass_assignment_status_probe_248852e9.hurl create mode 100644 cases/api_tokens_post_missing_required_field_name_5566a91f.hurl create mode 100644 cases/api_tokens_post_missing_required_field_name_75703d6a.hurl create mode 100644 cases/api_tokens_post_missing_required_field_scope_6284c90d.hurl create mode 100644 cases/api_tokens_post_missing_required_field_scope_aa18d499.hurl create mode 100644 cases/api_tokens_post_mutation_name_empty_string_188465c8.hurl create mode 100644 cases/api_tokens_post_mutation_name_integer_instead_of_string_30aabbdc.hurl create mode 100644 cases/api_tokens_post_mutation_name_null_value_816809db.hurl create mode 100644 cases/api_tokens_post_mutation_name_oversized_string_300_chars_8c9976d8.hurl create mode 100644 cases/api_tokens_post_mutation_scope_empty_string_c8cd2aed.hurl create mode 100644 cases/api_tokens_post_mutation_scope_integer_instead_of_string_745ea604.hurl create mode 100644 cases/api_tokens_post_mutation_scope_null_value_75bc6e95.hurl create mode 100644 cases/api_tokens_post_mutation_scope_oversized_string_300_chars_4d189659.hurl create mode 100644 cases/api_tokens_post_name_at_max_plus_one_invalid_boundary_7b3217ba.hurl create mode 100644 cases/api_tokens_post_name_at_max_valid_boundary_a0247f03.hurl create mode 100644 cases/api_tokens_post_name_at_min_minus_one_invalid_boundary_d08f5a90.hurl create mode 100644 cases/api_tokens_post_name_at_min_valid_boundary_1c063dd5.hurl create mode 100644 cases/api_tokens_post_null_injection_name_97bd0c77.hurl create mode 100644 cases/api_tokens_post_null_injection_scope_0b4d216c.hurl create mode 100644 cases/api_tokens_post_owasp_api2_broken_authentication_9e6576d2.hurl create mode 100644 cases/api_tokens_post_owasp_api6_mass_assignment_d9979992.hurl create mode 100644 cases/api_tokens_post_owasp_api7_injection_path_traversal_26975d5c.hurl create mode 100644 cases/api_tokens_post_owasp_api7_injection_sqli_1df31a27.hurl create mode 100644 cases/api_tokens_post_owasp_api7_injection_xss_8157a3a5.hurl create mode 100644 cases/api_tokens_post_required_omission_name_absent_b998dc1a.hurl create mode 100644 cases/api_tokens_post_required_omission_scope_absent_fcb3e065.hurl create mode 100644 cases/api_tokens_post_schema_violation_name_missing_required_c2cef5a1.hurl create mode 100644 cases/api_tokens_post_schema_violation_name_too_short_bf65e63e.hurl create mode 100644 cases/api_tokens_post_schema_violation_scope_invalid_enum_a6a38420.hurl create mode 100644 cases/api_tokens_post_schema_violation_scope_missing_required_ad285328.hurl create mode 100644 cases/api_tokens_post_type_coercion_name_wrong_type_boolean_bd1e61be.hurl create mode 100644 cases/api_tokens_post_type_coercion_name_wrong_type_integer_9bc60d9a.hurl create mode 100644 cases/api_tokens_post_type_coercion_scope_wrong_type_boolean_28d94662.hurl create mode 100644 cases/api_tokens_post_type_coercion_scope_wrong_type_integer_9bf5d669.hurl create mode 100644 cases/api_tokens_post_unicode_fuzzing_name_bidi_override_33a5a9d7.hurl create mode 100644 cases/api_tokens_post_unicode_fuzzing_name_control_char_fc869137.hurl create mode 100644 cases/api_tokens_post_unicode_fuzzing_name_overlong_4faf49f0.hurl create mode 100644 cases/api_tokens_post_unicode_fuzzing_name_zalgo_431d2bbf.hurl create mode 100644 cases/api_tokens_post_unicode_fuzzing_name_zero_width_6f9f1e83.hurl create mode 100644 cases/api_tokens_post_unicode_fuzzing_scope_bidi_override_8643ca22.hurl create mode 100644 cases/api_tokens_post_unicode_fuzzing_scope_control_char_0d728fca.hurl create mode 100644 cases/api_tokens_post_unicode_fuzzing_scope_overlong_8adfe998.hurl create mode 100644 cases/api_tokens_post_unicode_fuzzing_scope_zalgo_734aea93.hurl create mode 100644 cases/api_tokens_post_unicode_fuzzing_scope_zero_width_6b8f84d1.hurl create mode 100644 cases/api_tokens_post_valid_request_with_all_required_fields_6a65bf78.hurl create mode 100644 cases/api_tokens_post_wrong_content_type_text_plain_b0b71990.hurl create mode 100644 cases/api_tokens_sequence_chain_delete_api_admin_grants_id_e1324ddf.hurl create mode 100644 cases/api_tokens_sequence_chain_delete_api_admin_users_id_60268ad8.hurl create mode 100644 cases/api_tokens_sequence_chain_get_api_admin_teams_id_grants_f107e18d.hurl create mode 100644 cases/api_tokens_sequence_chain_get_api_admin_teams_id_members_90e7f90e.hurl create mode 100644 cases/api_tokens_sequence_chain_get_api_admin_teams_id_services_bda7e5b2.hurl create mode 100644 cases/api_tokens_sequence_chain_post_api_admin_teams_id_grants_ba99a719.hurl create mode 100644 cases/api_tokens_sequence_chain_post_api_admin_teams_id_members_714b8b84.hurl create mode 100644 cases/api_tokens_sequence_chain_put_api_admin_services_serviceid_team_110b6d72.hurl create mode 100644 cases/api_tokens_sequence_chain_put_api_admin_users_id_3028e37b.hurl create mode 100644 cases/api_upload_options_owasp_api8_cors_security_configuration_65631595.hurl create mode 100644 cases/api_upload_post_auth_chain_c60cf805.hurl create mode 100644 cases/api_upload_post_branch_at_max_plus_one_invalid_boundary_62157365.hurl create mode 100644 cases/api_upload_post_branch_at_max_valid_boundary_97d88ce9.hurl create mode 100644 cases/api_upload_post_branch_at_min_minus_one_invalid_boundary_fa914b29.hurl create mode 100644 cases/api_upload_post_branch_at_min_valid_boundary_4ca9c46c.hurl create mode 100644 cases/api_upload_post_field_boundary_branch_invalid_below_min_e5764a68.hurl create mode 100644 cases/api_upload_post_field_boundary_branch_valid_min_b8ed4386.hurl create mode 100644 cases/api_upload_post_field_boundary_service_invalid_below_min_a957f4b8.hurl create mode 100644 cases/api_upload_post_field_boundary_service_valid_min_db5c5368.hurl create mode 100644 cases/api_upload_post_field_boundary_speccontent_invalid_below_min_ac1b6e26.hurl create mode 100644 cases/api_upload_post_field_boundary_speccontent_valid_min_82713518.hurl create mode 100644 cases/api_upload_post_idempotent_second_call_must_be_safe_dd638159.hurl create mode 100644 cases/api_upload_post_invalid_branch_empty_string_violates_minlength_1_5eb7446c.hurl create mode 100644 cases/api_upload_post_invalid_service_empty_string_violates_minlength_1_8389dd21.hurl create mode 100644 cases/api_upload_post_invalid_speccontent_empty_string_violates_minlength_1_86ff6bd8.hurl create mode 100644 cases/api_upload_post_mass_assignment_financial_probe_9794cdb0.hurl create mode 100644 cases/api_upload_post_mass_assignment_identity_probe_398f4294.hurl create mode 100644 cases/api_upload_post_mass_assignment_privilege_probe_eb8249c9.hurl create mode 100644 cases/api_upload_post_mass_assignment_status_probe_0310fa1a.hurl create mode 100644 cases/api_upload_post_missing_required_field_branch_33947120.hurl create mode 100644 cases/api_upload_post_missing_required_field_branch_d756c10c.hurl create mode 100644 cases/api_upload_post_missing_required_field_service_89850cfa.hurl create mode 100644 cases/api_upload_post_missing_required_field_service_8f85caae.hurl create mode 100644 cases/api_upload_post_missing_required_field_speccontent_1de0eefc.hurl create mode 100644 cases/api_upload_post_missing_required_field_speccontent_fccdadb2.hurl create mode 100644 cases/api_upload_post_mutation_branch_empty_string_cac690c1.hurl create mode 100644 cases/api_upload_post_mutation_branch_integer_instead_of_string_416a96c1.hurl create mode 100644 cases/api_upload_post_mutation_branch_null_value_9f510ed7.hurl create mode 100644 cases/api_upload_post_mutation_branch_oversized_string_300_chars_75d60dab.hurl create mode 100644 cases/api_upload_post_mutation_commitsha_empty_string_f30e852c.hurl create mode 100644 cases/api_upload_post_mutation_commitsha_integer_instead_of_string_b1212f34.hurl create mode 100644 cases/api_upload_post_mutation_commitsha_null_value_0c1c92bd.hurl create mode 100644 cases/api_upload_post_mutation_commitsha_oversized_string_300_chars_fdaf954a.hurl create mode 100644 cases/api_upload_post_mutation_service_empty_string_6f0a4261.hurl create mode 100644 cases/api_upload_post_mutation_service_null_value_7805eead.hurl create mode 100644 cases/api_upload_post_null_injection_branch_5151a7d3.hurl create mode 100644 cases/api_upload_post_null_injection_commitsha_e9eaa8fd.hurl create mode 100644 cases/api_upload_post_null_injection_service_b8cf0920.hurl create mode 100644 cases/api_upload_post_null_injection_speccontent_fef2ed50.hurl create mode 100644 cases/api_upload_post_owasp_api2_broken_authentication_4c9fd28e.hurl create mode 100644 cases/api_upload_post_owasp_api6_mass_assignment_bcf8922c.hurl create mode 100644 cases/api_upload_post_owasp_api7_injection_path_traversal_553f4f51.hurl create mode 100644 cases/api_upload_post_owasp_api7_injection_sqli_b528a6e6.hurl create mode 100644 cases/api_upload_post_owasp_api7_injection_xss_81a2a747.hurl create mode 100644 cases/api_upload_post_required_omission_branch_absent_893f33e4.hurl create mode 100644 cases/api_upload_post_required_omission_service_absent_f4726c9d.hurl create mode 100644 cases/api_upload_post_required_omission_speccontent_absent_196e600f.hurl create mode 100644 cases/api_upload_post_schema_violation_branch_missing_required_381d4381.hurl create mode 100644 cases/api_upload_post_schema_violation_branch_too_short_76d8b912.hurl create mode 100644 cases/api_upload_post_schema_violation_service_missing_required_72938c30.hurl create mode 100644 cases/api_upload_post_schema_violation_service_too_short_40be94ec.hurl create mode 100644 cases/api_upload_post_schema_violation_speccontent_missing_required_555257e2.hurl create mode 100644 cases/api_upload_post_schema_violation_speccontent_too_short_af512611.hurl create mode 100644 cases/api_upload_post_service_at_max_plus_one_invalid_boundary_ad5debd5.hurl create mode 100644 cases/api_upload_post_service_at_max_valid_boundary_3cd9de74.hurl create mode 100644 cases/api_upload_post_service_at_min_minus_one_invalid_boundary_c9639729.hurl create mode 100644 cases/api_upload_post_service_at_min_valid_boundary_fa5f2879.hurl create mode 100644 cases/api_upload_post_speccontent_at_max_plus_one_invalid_boundary_dbbfdc22.hurl create mode 100644 cases/api_upload_post_speccontent_at_max_valid_boundary_201ba23b.hurl create mode 100644 cases/api_upload_post_speccontent_at_min_minus_one_invalid_boundary_b6f8003e.hurl create mode 100644 cases/api_upload_post_speccontent_at_min_valid_boundary_edc8ded2.hurl create mode 100644 cases/api_upload_post_type_coercion_branch_wrong_type_boolean_e00401a8.hurl create mode 100644 cases/api_upload_post_type_coercion_branch_wrong_type_integer_6a08feec.hurl create mode 100644 cases/api_upload_post_type_coercion_commitsha_wrong_type_boolean_16cf9e5b.hurl create mode 100644 cases/api_upload_post_type_coercion_commitsha_wrong_type_integer_b806224f.hurl create mode 100644 cases/api_upload_post_type_coercion_service_wrong_type_boolean_240bdc53.hurl create mode 100644 cases/api_upload_post_type_coercion_service_wrong_type_integer_07462c7f.hurl create mode 100644 cases/api_upload_post_type_coercion_speccontent_wrong_type_boolean_4a28e8ae.hurl create mode 100644 cases/api_upload_post_type_coercion_speccontent_wrong_type_integer_bbde20a6.hurl create mode 100644 cases/api_upload_post_unicode_fuzzing_branch_bidi_override_09b46ba6.hurl create mode 100644 cases/api_upload_post_unicode_fuzzing_branch_control_char_eb8a46bc.hurl create mode 100644 cases/api_upload_post_unicode_fuzzing_branch_overlong_8ecf3f52.hurl create mode 100644 cases/api_upload_post_unicode_fuzzing_branch_zalgo_3c16d4b3.hurl create mode 100644 cases/api_upload_post_unicode_fuzzing_branch_zero_width_d4d96d5e.hurl create mode 100644 cases/api_upload_post_unicode_fuzzing_commitsha_bidi_override_471fcaef.hurl create mode 100644 cases/api_upload_post_unicode_fuzzing_commitsha_control_char_1e3b28af.hurl create mode 100644 cases/api_upload_post_unicode_fuzzing_commitsha_overlong_d3d69da1.hurl create mode 100644 cases/api_upload_post_unicode_fuzzing_commitsha_zalgo_f298d13c.hurl create mode 100644 cases/api_upload_post_unicode_fuzzing_commitsha_zero_width_e4c96b76.hurl create mode 100644 cases/api_upload_post_unicode_fuzzing_service_bidi_override_71d03103.hurl create mode 100644 cases/api_upload_post_unicode_fuzzing_service_control_char_76fd376c.hurl create mode 100644 cases/api_upload_post_unicode_fuzzing_service_overlong_4e0cc0d2.hurl create mode 100644 cases/api_upload_post_unicode_fuzzing_service_zalgo_7d8cc30e.hurl create mode 100644 cases/api_upload_post_unicode_fuzzing_service_zero_width_f8f99bf7.hurl create mode 100644 cases/api_upload_post_unicode_fuzzing_speccontent_bidi_override_131ad5f4.hurl create mode 100644 cases/api_upload_post_unicode_fuzzing_speccontent_control_char_7ff8ca85.hurl create mode 100644 cases/api_upload_post_unicode_fuzzing_speccontent_overlong_40f1423f.hurl create mode 100644 cases/api_upload_post_unicode_fuzzing_speccontent_zalgo_6b2db722.hurl create mode 100644 cases/api_upload_post_unicode_fuzzing_speccontent_zero_width_7ac120c3.hurl create mode 100644 cases/api_upload_post_valid_request_with_all_required_fields_e3da0de9.hurl create mode 100644 cases/api_upload_post_wrong_content_type_text_plain_863dd501.hurl create mode 100644 cases/api_upload_sequence_chain_get_api_specs_service_branch_openapi_json_8c25506c.hurl create mode 100644 cases/api_upload_sequence_chain_put_api_admin_services_serviceid_team_f88dc931.hurl create mode 100644 cases/auth_login_options_owasp_api8_cors_security_configuration_09111fdc.hurl create mode 100644 cases/auth_login_post_idempotent_second_call_must_be_safe_dc706f80.hurl create mode 100644 cases/auth_login_post_invalid_email_invalid_email_format_2286db52.hurl create mode 100644 cases/auth_login_post_mass_assignment_financial_probe_5bcafac5.hurl create mode 100644 cases/auth_login_post_mass_assignment_identity_probe_4c0c3203.hurl create mode 100644 cases/auth_login_post_mass_assignment_privilege_probe_f4f54666.hurl create mode 100644 cases/auth_login_post_mass_assignment_status_probe_f197447f.hurl create mode 100644 cases/auth_login_post_missing_required_field_email_4cc99b0c.hurl create mode 100644 cases/auth_login_post_missing_required_field_email_9b253ab6.hurl create mode 100644 cases/auth_login_post_missing_required_field_password_70187e79.hurl create mode 100644 cases/auth_login_post_missing_required_field_password_a6bbbeb7.hurl create mode 100644 cases/auth_login_post_mutation_email_empty_string_81062c2f.hurl create mode 100644 cases/auth_login_post_mutation_email_integer_instead_of_string_d7ccf79e.hurl create mode 100644 cases/auth_login_post_mutation_email_invalid_email_format_6926df81.hurl create mode 100644 cases/auth_login_post_mutation_email_null_value_b5693707.hurl create mode 100644 cases/auth_login_post_mutation_email_oversized_string_300_chars_7f53df98.hurl create mode 100644 cases/auth_login_post_mutation_password_empty_string_a0ca01b6.hurl create mode 100644 cases/auth_login_post_mutation_password_integer_instead_of_string_f16c5d8d.hurl create mode 100644 cases/auth_login_post_mutation_password_null_value_b531d0ea.hurl create mode 100644 cases/auth_login_post_mutation_password_oversized_string_300_chars_acbb9354.hurl create mode 100644 cases/auth_login_post_null_injection_email_a1de0446.hurl create mode 100644 cases/auth_login_post_null_injection_password_191c3a5b.hurl create mode 100644 cases/auth_login_post_owasp_api6_mass_assignment_09c747ae.hurl create mode 100644 cases/auth_login_post_owasp_api7_injection_path_traversal_c3fc26dc.hurl create mode 100644 cases/auth_login_post_owasp_api7_injection_sqli_504b6c9e.hurl create mode 100644 cases/auth_login_post_owasp_api7_injection_xss_d41b3855.hurl create mode 100644 cases/auth_login_post_required_omission_email_absent_3eaacfef.hurl create mode 100644 cases/auth_login_post_required_omission_password_absent_0a64a19d.hurl create mode 100644 cases/auth_login_post_schema_violation_email_invalid_format_email_891b32a4.hurl create mode 100644 cases/auth_login_post_schema_violation_email_missing_required_46bb3d69.hurl create mode 100644 cases/auth_login_post_schema_violation_password_missing_required_5bddd51c.hurl create mode 100644 cases/auth_login_post_type_coercion_email_wrong_type_boolean_91a4d98b.hurl create mode 100644 cases/auth_login_post_type_coercion_email_wrong_type_integer_2e0174b6.hurl create mode 100644 cases/auth_login_post_type_coercion_password_wrong_type_boolean_5c25d6d2.hurl create mode 100644 cases/auth_login_post_type_coercion_password_wrong_type_integer_28167496.hurl create mode 100644 cases/auth_login_post_unicode_fuzzing_email_bidi_override_08bd8265.hurl create mode 100644 cases/auth_login_post_unicode_fuzzing_email_control_char_ce646cde.hurl create mode 100644 cases/auth_login_post_unicode_fuzzing_email_overlong_1951562a.hurl create mode 100644 cases/auth_login_post_unicode_fuzzing_email_zalgo_1091cce6.hurl create mode 100644 cases/auth_login_post_unicode_fuzzing_email_zero_width_e4c515d2.hurl create mode 100644 cases/auth_login_post_unicode_fuzzing_password_bidi_override_dc3d45d4.hurl create mode 100644 cases/auth_login_post_unicode_fuzzing_password_control_char_3fbdbf7e.hurl create mode 100644 cases/auth_login_post_unicode_fuzzing_password_overlong_b2225a4c.hurl create mode 100644 cases/auth_login_post_unicode_fuzzing_password_zalgo_7329e86c.hurl create mode 100644 cases/auth_login_post_unicode_fuzzing_password_zero_width_4e879dad.hurl create mode 100644 cases/auth_login_post_valid_request_with_all_required_fields_486e8c2a.hurl create mode 100644 cases/auth_login_post_wrong_content_type_text_plain_ea0be7b9.hurl create mode 100644 cases/auth_login_sequence_chain_delete_api_admin_grants_id_2db91768.hurl create mode 100644 cases/auth_login_sequence_chain_delete_api_admin_users_id_8192e6ba.hurl create mode 100644 cases/auth_login_sequence_chain_get_api_admin_teams_id_grants_4f853ed4.hurl create mode 100644 cases/auth_login_sequence_chain_get_api_admin_teams_id_members_315cb6bf.hurl create mode 100644 cases/auth_login_sequence_chain_get_api_admin_teams_id_services_ccf62dd8.hurl create mode 100644 cases/auth_login_sequence_chain_post_api_admin_teams_id_grants_ba58927e.hurl create mode 100644 cases/auth_login_sequence_chain_post_api_admin_teams_id_members_b9578186.hurl create mode 100644 cases/auth_login_sequence_chain_put_api_admin_users_id_4e754ff4.hurl create mode 100644 cases/auth_logout_options_owasp_api8_cors_security_configuration_86522697.hurl create mode 100644 cases/auth_logout_post_idempotent_second_call_must_be_safe_cf0be90a.hurl create mode 100644 cases/auth_logout_post_valid_request_with_all_required_fields_a517ccf9.hurl create mode 100644 cases/auth_register_options_owasp_api8_cors_security_configuration_2f9039a1.hurl create mode 100644 cases/auth_register_post_auth_chain_46922b8d.hurl create mode 100644 cases/auth_register_post_field_boundary_password_invalid_below_min_29d13f96.hurl create mode 100644 cases/auth_register_post_field_boundary_password_valid_min_31e0ac94.hurl create mode 100644 cases/auth_register_post_idempotent_second_call_must_be_safe_d4349959.hurl create mode 100644 cases/auth_register_post_invalid_email_invalid_email_format_8449b518.hurl create mode 100644 cases/auth_register_post_invalid_password_empty_string_violates_minlength_8_cf64a6d3.hurl create mode 100644 cases/auth_register_post_mass_assignment_financial_probe_9b577a9f.hurl create mode 100644 cases/auth_register_post_mass_assignment_identity_probe_be5d4ca2.hurl create mode 100644 cases/auth_register_post_mass_assignment_privilege_probe_065d2087.hurl create mode 100644 cases/auth_register_post_mass_assignment_status_probe_cabe7291.hurl create mode 100644 cases/auth_register_post_missing_required_field_email_445d8b1f.hurl create mode 100644 cases/auth_register_post_missing_required_field_email_cae39bb3.hurl create mode 100644 cases/auth_register_post_missing_required_field_password_31707ae5.hurl create mode 100644 cases/auth_register_post_missing_required_field_password_72f7ecb7.hurl create mode 100644 cases/auth_register_post_mutation_email_empty_string_b9e7832e.hurl create mode 100644 cases/auth_register_post_mutation_email_integer_instead_of_string_00b95383.hurl create mode 100644 cases/auth_register_post_mutation_email_invalid_email_format_7c859b9c.hurl create mode 100644 cases/auth_register_post_mutation_email_null_value_6da4f717.hurl create mode 100644 cases/auth_register_post_mutation_email_oversized_string_300_chars_3dfbbb02.hurl create mode 100644 cases/auth_register_post_mutation_password_empty_string_f66d6ba8.hurl create mode 100644 cases/auth_register_post_mutation_password_integer_instead_of_string_85af6488.hurl create mode 100644 cases/auth_register_post_mutation_password_null_value_8df134ff.hurl create mode 100644 cases/auth_register_post_mutation_password_oversized_string_300_chars_ffcd46cb.hurl create mode 100644 cases/auth_register_post_null_injection_email_031620b5.hurl create mode 100644 cases/auth_register_post_null_injection_password_dc0c76f3.hurl create mode 100644 cases/auth_register_post_owasp_api2_broken_authentication_e8a47f18.hurl create mode 100644 cases/auth_register_post_owasp_api6_mass_assignment_900b6a9f.hurl create mode 100644 cases/auth_register_post_owasp_api7_injection_path_traversal_2f3c6761.hurl create mode 100644 cases/auth_register_post_owasp_api7_injection_sqli_ff6e6a6b.hurl create mode 100644 cases/auth_register_post_owasp_api7_injection_xss_368fd7b5.hurl create mode 100644 cases/auth_register_post_password_at_max_plus_one_invalid_boundary_0de23fb9.hurl create mode 100644 cases/auth_register_post_password_at_max_valid_boundary_b381fdb9.hurl create mode 100644 cases/auth_register_post_password_at_min_minus_one_invalid_boundary_15e47d10.hurl create mode 100644 cases/auth_register_post_password_at_min_valid_boundary_0f0b429e.hurl create mode 100644 cases/auth_register_post_required_omission_email_absent_b724df31.hurl create mode 100644 cases/auth_register_post_required_omission_password_absent_3d6d9a7d.hurl create mode 100644 cases/auth_register_post_schema_violation_email_invalid_format_email_75e2908b.hurl create mode 100644 cases/auth_register_post_schema_violation_email_missing_required_95b20a12.hurl create mode 100644 cases/auth_register_post_schema_violation_password_missing_required_88fb391a.hurl create mode 100644 cases/auth_register_post_schema_violation_password_too_short_225366e2.hurl create mode 100644 cases/auth_register_post_type_coercion_email_wrong_type_boolean_cff3b5ee.hurl create mode 100644 cases/auth_register_post_type_coercion_email_wrong_type_integer_c40fa64f.hurl create mode 100644 cases/auth_register_post_type_coercion_password_wrong_type_boolean_4af1b36a.hurl create mode 100644 cases/auth_register_post_type_coercion_password_wrong_type_integer_4a32c12b.hurl create mode 100644 cases/auth_register_post_unicode_fuzzing_email_bidi_override_cd50c303.hurl create mode 100644 cases/auth_register_post_unicode_fuzzing_email_control_char_619e4131.hurl create mode 100644 cases/auth_register_post_unicode_fuzzing_email_overlong_aea85ac5.hurl create mode 100644 cases/auth_register_post_unicode_fuzzing_email_zalgo_67eec10b.hurl create mode 100644 cases/auth_register_post_unicode_fuzzing_email_zero_width_c30816fe.hurl create mode 100644 cases/auth_register_post_unicode_fuzzing_password_bidi_override_28ca4955.hurl create mode 100644 cases/auth_register_post_unicode_fuzzing_password_control_char_cd54b4b0.hurl create mode 100644 cases/auth_register_post_unicode_fuzzing_password_overlong_3ac12861.hurl create mode 100644 cases/auth_register_post_unicode_fuzzing_password_zalgo_ab0475dc.hurl create mode 100644 cases/auth_register_post_unicode_fuzzing_password_zero_width_e4e8966c.hurl create mode 100644 cases/auth_register_post_valid_request_with_all_required_fields_787a33be.hurl create mode 100644 cases/auth_register_post_wrong_content_type_text_plain_9cf203de.hurl create mode 100644 cases/auth_register_sequence_chain_delete_api_admin_grants_id_465a3cf5.hurl create mode 100644 cases/auth_register_sequence_chain_delete_api_admin_users_id_b3bffa74.hurl create mode 100644 cases/auth_register_sequence_chain_get_api_admin_teams_id_grants_a05de11b.hurl create mode 100644 cases/auth_register_sequence_chain_get_api_admin_teams_id_members_b5dca30c.hurl create mode 100644 cases/auth_register_sequence_chain_get_api_admin_teams_id_services_344df791.hurl create mode 100644 cases/auth_register_sequence_chain_post_api_admin_teams_id_grants_10533daf.hurl create mode 100644 cases/auth_register_sequence_chain_post_api_admin_teams_id_members_98e576b1.hurl create mode 100644 cases/auth_register_sequence_chain_put_api_admin_users_id_0c6076ab.hurl create mode 100644 cases/index.json create mode 100644 cmd/cases/index.json create mode 100644 cmd/cases/users_post_create_and_retrieve_user_8a91cfff.hurl create mode 100644 cmd/cases/users_post_create_duplicate_user_62e19623.hurl create mode 100644 cmd/cases/users_post_create_duplicate_user_with_existing_email_7c11147b.hurl create mode 100644 cmd/cases/users_post_create_user_and_retrieve_it_f9ba7a73.hurl create mode 100644 cmd/cases/users_post_create_user_missing_required_fields_053ab84f.hurl create mode 100644 cmd/cases/users_post_create_user_missing_required_fields_8b269035.hurl create mode 100644 cmd/cases/users_post_create_user_missing_required_fields_d374ddbf.hurl create mode 100644 cmd/cases/users_post_create_user_missing_required_fields_e321037a.hurl create mode 100644 cmd/cases/users_post_create_user_missing_required_name_field_20f71db2.hurl create mode 100644 cmd/cases/users_post_create_user_successfully_with_valid_data_6bdcfc62.hurl create mode 100644 cmd/cases/users_post_create_user_successfully_with_valid_data_d6d2f9b6.hurl create mode 100644 cmd/cases/users_post_create_user_successfully_with_valid_data_ed41be39.hurl create mode 100644 cmd/cases/users_post_create_user_with_all_required_fields_ca607f38.hurl create mode 100644 cmd/cases/users_post_create_user_with_duplicate_email_0be9ec08.hurl create mode 100644 cmd/cases/users_post_create_user_with_duplicate_email_14bec37e.hurl create mode 100644 cmd/cases/users_post_create_user_with_duplicate_email_16b5e1af.hurl create mode 100644 cmd/cases/users_post_create_user_with_duplicate_email_2143a276.hurl create mode 100644 cmd/cases/users_post_create_user_with_duplicate_email_4540500f.hurl create mode 100644 cmd/cases/users_post_create_user_with_duplicate_email_847c5ec7.hurl create mode 100644 cmd/cases/users_post_create_user_with_duplicate_email_855ae92d.hurl create mode 100644 cmd/cases/users_post_create_user_with_duplicate_email_d50aa5de.hurl create mode 100644 cmd/cases/users_post_create_user_with_duplicate_email_ec600d0b.hurl create mode 100644 cmd/cases/users_post_create_user_with_empty_body_563fc76d.hurl create mode 100644 cmd/cases/users_post_create_user_with_empty_request_body_1f9b1832.hurl create mode 100644 cmd/cases/users_post_create_user_with_empty_request_body_403e1b49.hurl create mode 100644 cmd/cases/users_post_create_user_with_empty_request_body_5b591edb.hurl create mode 100644 cmd/cases/users_post_create_user_with_empty_request_body_5d3eb006.hurl create mode 100644 cmd/cases/users_post_create_user_with_empty_request_body_6d5b6c22.hurl create mode 100644 cmd/cases/users_post_create_user_with_empty_request_body_ae7a9790.hurl create mode 100644 cmd/cases/users_post_create_user_with_empty_request_body_b9201ec1.hurl create mode 100644 cmd/cases/users_post_create_user_with_empty_request_body_d4ebbcfb.hurl create mode 100644 cmd/cases/users_post_create_user_with_empty_request_body_dca30578.hurl create mode 100644 cmd/cases/users_post_create_user_with_invalid_email_format_12d150e0.hurl create mode 100644 cmd/cases/users_post_create_user_with_invalid_email_format_1b915f1c.hurl create mode 100644 cmd/cases/users_post_create_user_with_invalid_email_format_3c84dd5d.hurl create mode 100644 cmd/cases/users_post_create_user_with_invalid_email_format_4987e0c9.hurl create mode 100644 cmd/cases/users_post_create_user_with_invalid_email_format_802bab4d.hurl create mode 100644 cmd/cases/users_post_create_user_with_invalid_email_format_a76df09a.hurl create mode 100644 cmd/cases/users_post_create_user_with_invalid_email_format_c4f2a558.hurl create mode 100644 cmd/cases/users_post_create_user_with_invalid_email_format_c93fd0f2.hurl create mode 100644 cmd/cases/users_post_create_user_with_invalid_email_format_e753478f.hurl create mode 100644 cmd/cases/users_post_create_user_with_invalid_email_format_ebabbba7.hurl create mode 100644 cmd/cases/users_post_create_user_with_invalid_email_format_ee2ea20f.hurl create mode 100644 cmd/cases/users_post_create_user_with_minimal_fields_4626dbf0.hurl create mode 100644 cmd/cases/users_post_create_user_with_minimal_required_fields_272780ec.hurl create mode 100644 cmd/cases/users_post_create_user_with_minimal_required_fields_6cad6219.hurl create mode 100644 cmd/cases/users_post_create_user_with_minimal_required_fields_9bb38a6e.hurl create mode 100644 cmd/cases/users_post_create_user_with_missing_required_fields_088af62f.hurl create mode 100644 cmd/cases/users_post_create_user_with_missing_required_fields_3e271201.hurl create mode 100644 cmd/cases/users_post_create_user_with_missing_required_fields_a1a407ac.hurl create mode 100644 cmd/cases/users_post_create_user_with_missing_required_fields_cca11513.hurl create mode 100644 cmd/cases/users_post_create_user_with_missing_required_fields_d11763fa.hurl create mode 100644 cmd/cases/users_post_create_user_with_missing_required_fields_f2b440ff.hurl create mode 100644 cmd/cases/users_post_create_user_with_password_too_short_6585f31e.hurl create mode 100644 cmd/cases/users_post_create_user_with_valid_data_0add7ad1.hurl create mode 100644 cmd/cases/users_post_create_user_with_valid_data_0b80c623.hurl create mode 100644 cmd/cases/users_post_create_user_with_valid_data_168ded86.hurl create mode 100644 cmd/cases/users_post_create_user_with_valid_data_1bc07161.hurl create mode 100644 cmd/cases/users_post_create_user_with_valid_data_23ae4070.hurl create mode 100644 cmd/cases/users_post_create_user_with_valid_data_2a7542be.hurl create mode 100644 cmd/cases/users_post_create_user_with_valid_data_405b1cc7.hurl create mode 100644 cmd/cases/users_post_create_user_with_valid_data_42336db4.hurl create mode 100644 cmd/cases/users_post_create_user_with_valid_data_66eaac33.hurl create mode 100644 cmd/cases/users_post_create_user_with_valid_data_7bd9e5f4.hurl create mode 100644 cmd/cases/users_post_create_user_with_valid_data_8d1e56af.hurl create mode 100644 cmd/cases/users_post_create_user_with_valid_data_d820dbc4.hurl create mode 100644 cmd/cases/users_post_create_user_with_valid_data_ef5c32e1.hurl create mode 100644 cmd/cases/users_post_create_user_with_valid_data_f4fc91e0.hurl create mode 100644 cmd/cases/users_post_create_user_with_weak_password_066b5eb6.hurl create mode 100644 cmd/cases/users_post_create_user_with_weak_password_4414257a.hurl create mode 100644 cmd/cases/users_post_create_user_with_weak_password_61182975.hurl create mode 100644 cmd/cases/users_post_create_user_with_weak_password_927b5196.hurl create mode 100644 cmd/cases/users_post_create_user_with_weak_password_ad27efeb.hurl create mode 100644 cmd/cases/users_post_create_user_with_weak_password_e00f7c68.hurl create mode 100644 cmd/cases/users_post_create_user_with_weak_password_e83267a6.hurl create mode 100644 cmd/cases/users_post_create_user_with_weak_password_f80ddbdb.hurl create mode 100644 cmd/cases/users_post_create_user_without_authentication_token_dd3e5af5.hurl create mode 100644 cmd/cases/users_post_fail_to_create_duplicate_user_027c26b3.hurl create mode 100644 cmd/cases/users_post_fail_to_create_duplicate_user_9b4f9a72.hurl create mode 100644 cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_6c2e4ea0.hurl create mode 100644 cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_78c9e99f.hurl create mode 100644 cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_b9e88eb8.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_duplicate_email_004d19bc.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_duplicate_email_865cada7.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_empty_request_body_84405873.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_empty_request_body_9787221a.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_empty_request_body_9fa1c233.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_empty_request_body_cea3990a.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_1ba1acf6.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_2bd6ea23.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_354a4ea6.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_5204b57a.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_71d8d257.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_984e56e9.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_a2bd888d.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_missing_email_9984528c.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_missing_email_e1e9b7f8.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_00b8cf47.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_8a424b35.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_8eba8f6c.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_9be782de.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_c122d03b.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_weak_password_3cf31478.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_weak_password_5278686c.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_weak_password_91adc9f5.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_weak_password_a8b3ff8c.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_with_weak_password_ac0b807a.hurl create mode 100644 cmd/cases/users_post_fail_to_create_user_without_authentication_127085f6.hurl create mode 100644 cmd/reports/dea-report.json diff --git a/cases/api_admin_audit_logs_get_auth_chain_4b81d9bb.hurl b/cases/api_admin_audit_logs_get_auth_chain_4b81d9bb.hurl new file mode 100644 index 0000000..84fe91b --- /dev/null +++ b/cases/api_admin_audit_logs_get_auth_chain_4b81d9bb.hurl @@ -0,0 +1,44 @@ +# ══════════════════════════════════════════════════ +# auth chain: GET /api/admin/audit-logs +# case_id=TC-4b81d9bb +# case_name=auth chain: GET /api/admin/audit-logs +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── authenticate via POST /api/tokens [setup] ── +# step_id=step-auth +# step_type=setup +# title=authenticate via POST /api/tokens + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Jakob Jensen", + "scope": "write" +} +``` + +HTTP * + +[Captures] +authToken: jsonpath "$.token" + +[Asserts] +status < 300 + +# ── GET /api/admin/audit-logs with auth token [test] ── +# step_id=step-test +# step_type=test +# title=GET /api/admin/audit-logs with auth token +# depends_on=step-auth + +GET {{base_url}}/api/admin/audit-logs +Authorization: Bearer {{authToken}} + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_audit_logs_get_classification_tree_row_10_action_user_disabled_e73ed081.hurl b/cases/api_admin_audit_logs_get_classification_tree_row_10_action_user_disabled_e73ed081.hurl new file mode 100644 index 0000000..e2f2619 --- /dev/null +++ b/cases/api_admin_audit_logs_get_classification_tree_row_10_action_user_disabled_e73ed081.hurl @@ -0,0 +1,15 @@ +# ── GET /api/admin/audit-logs - classification tree row 10: [action=user_disabled] ── +# case_id=TC-e73ed081 +# case_name=GET /api/admin/audit-logs - classification tree row 10: [action=user_disabled] +# step_id=step-main +# step_type=test +# technique=classification_tree +# priority=P2 + +GET {{base_url}}/api/admin/audit-logs?action=user_disabled + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_audit_logs_get_classification_tree_row_11_action_team_created_a820fea5.hurl b/cases/api_admin_audit_logs_get_classification_tree_row_11_action_team_created_a820fea5.hurl new file mode 100644 index 0000000..a58826e --- /dev/null +++ b/cases/api_admin_audit_logs_get_classification_tree_row_11_action_team_created_a820fea5.hurl @@ -0,0 +1,15 @@ +# ── GET /api/admin/audit-logs - classification tree row 11: [action=team_created] ── +# case_id=TC-a820fea5 +# case_name=GET /api/admin/audit-logs - classification tree row 11: [action=team_created] +# step_id=step-main +# step_type=test +# technique=classification_tree +# priority=P2 + +GET {{base_url}}/api/admin/audit-logs?action=team_created + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_audit_logs_get_classification_tree_row_1_action_login_80f9a912.hurl b/cases/api_admin_audit_logs_get_classification_tree_row_1_action_login_80f9a912.hurl new file mode 100644 index 0000000..2897e7c --- /dev/null +++ b/cases/api_admin_audit_logs_get_classification_tree_row_1_action_login_80f9a912.hurl @@ -0,0 +1,15 @@ +# ── GET /api/admin/audit-logs - classification tree row 1: [action=login] ── +# case_id=TC-80f9a912 +# case_name=GET /api/admin/audit-logs - classification tree row 1: [action=login] +# step_id=step-main +# step_type=test +# technique=classification_tree +# priority=P2 + +GET {{base_url}}/api/admin/audit-logs?action=login + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_audit_logs_get_classification_tree_row_2_action_spec_uploaded_ee7cf268.hurl b/cases/api_admin_audit_logs_get_classification_tree_row_2_action_spec_uploaded_ee7cf268.hurl new file mode 100644 index 0000000..f0771ef --- /dev/null +++ b/cases/api_admin_audit_logs_get_classification_tree_row_2_action_spec_uploaded_ee7cf268.hurl @@ -0,0 +1,15 @@ +# ── GET /api/admin/audit-logs - classification tree row 2: [action=spec_uploaded] ── +# case_id=TC-ee7cf268 +# case_name=GET /api/admin/audit-logs - classification tree row 2: [action=spec_uploaded] +# step_id=step-main +# step_type=test +# technique=classification_tree +# priority=P2 + +GET {{base_url}}/api/admin/audit-logs?action=spec_uploaded + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_audit_logs_get_classification_tree_row_3_action_spec_updated_df4697d4.hurl b/cases/api_admin_audit_logs_get_classification_tree_row_3_action_spec_updated_df4697d4.hurl new file mode 100644 index 0000000..7a651e3 --- /dev/null +++ b/cases/api_admin_audit_logs_get_classification_tree_row_3_action_spec_updated_df4697d4.hurl @@ -0,0 +1,15 @@ +# ── GET /api/admin/audit-logs - classification tree row 3: [action=spec_updated] ── +# case_id=TC-df4697d4 +# case_name=GET /api/admin/audit-logs - classification tree row 3: [action=spec_updated] +# step_id=step-main +# step_type=test +# technique=classification_tree +# priority=P2 + +GET {{base_url}}/api/admin/audit-logs?action=spec_updated + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_audit_logs_get_classification_tree_row_4_action_service_deleted_ba4c28cb.hurl b/cases/api_admin_audit_logs_get_classification_tree_row_4_action_service_deleted_ba4c28cb.hurl new file mode 100644 index 0000000..140c867 --- /dev/null +++ b/cases/api_admin_audit_logs_get_classification_tree_row_4_action_service_deleted_ba4c28cb.hurl @@ -0,0 +1,15 @@ +# ── GET /api/admin/audit-logs - classification tree row 4: [action=service_deleted] ── +# case_id=TC-ba4c28cb +# case_name=GET /api/admin/audit-logs - classification tree row 4: [action=service_deleted] +# step_id=step-main +# step_type=test +# technique=classification_tree +# priority=P2 + +GET {{base_url}}/api/admin/audit-logs?action=service_deleted + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_audit_logs_get_classification_tree_row_5_action_grant_created_2874616a.hurl b/cases/api_admin_audit_logs_get_classification_tree_row_5_action_grant_created_2874616a.hurl new file mode 100644 index 0000000..b74d1ea --- /dev/null +++ b/cases/api_admin_audit_logs_get_classification_tree_row_5_action_grant_created_2874616a.hurl @@ -0,0 +1,15 @@ +# ── GET /api/admin/audit-logs - classification tree row 5: [action=grant_created] ── +# case_id=TC-2874616a +# case_name=GET /api/admin/audit-logs - classification tree row 5: [action=grant_created] +# step_id=step-main +# step_type=test +# technique=classification_tree +# priority=P2 + +GET {{base_url}}/api/admin/audit-logs?action=grant_created + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_audit_logs_get_classification_tree_row_6_action_grant_revoked_4511e41f.hurl b/cases/api_admin_audit_logs_get_classification_tree_row_6_action_grant_revoked_4511e41f.hurl new file mode 100644 index 0000000..bcaba70 --- /dev/null +++ b/cases/api_admin_audit_logs_get_classification_tree_row_6_action_grant_revoked_4511e41f.hurl @@ -0,0 +1,15 @@ +# ── GET /api/admin/audit-logs - classification tree row 6: [action=grant_revoked] ── +# case_id=TC-4511e41f +# case_name=GET /api/admin/audit-logs - classification tree row 6: [action=grant_revoked] +# step_id=step-main +# step_type=test +# technique=classification_tree +# priority=P2 + +GET {{base_url}}/api/admin/audit-logs?action=grant_revoked + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_audit_logs_get_classification_tree_row_7_action_token_created_e290ff04.hurl b/cases/api_admin_audit_logs_get_classification_tree_row_7_action_token_created_e290ff04.hurl new file mode 100644 index 0000000..20b4c48 --- /dev/null +++ b/cases/api_admin_audit_logs_get_classification_tree_row_7_action_token_created_e290ff04.hurl @@ -0,0 +1,15 @@ +# ── GET /api/admin/audit-logs - classification tree row 7: [action=token_created] ── +# case_id=TC-e290ff04 +# case_name=GET /api/admin/audit-logs - classification tree row 7: [action=token_created] +# step_id=step-main +# step_type=test +# technique=classification_tree +# priority=P2 + +GET {{base_url}}/api/admin/audit-logs?action=token_created + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_audit_logs_get_classification_tree_row_8_action_token_revoked_5a6e9137.hurl b/cases/api_admin_audit_logs_get_classification_tree_row_8_action_token_revoked_5a6e9137.hurl new file mode 100644 index 0000000..28d1333 --- /dev/null +++ b/cases/api_admin_audit_logs_get_classification_tree_row_8_action_token_revoked_5a6e9137.hurl @@ -0,0 +1,15 @@ +# ── GET /api/admin/audit-logs - classification tree row 8: [action=token_revoked] ── +# case_id=TC-5a6e9137 +# case_name=GET /api/admin/audit-logs - classification tree row 8: [action=token_revoked] +# step_id=step-main +# step_type=test +# technique=classification_tree +# priority=P2 + +GET {{base_url}}/api/admin/audit-logs?action=token_revoked + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_audit_logs_get_classification_tree_row_9_action_user_created_e92e324e.hurl b/cases/api_admin_audit_logs_get_classification_tree_row_9_action_user_created_e92e324e.hurl new file mode 100644 index 0000000..b2cd331 --- /dev/null +++ b/cases/api_admin_audit_logs_get_classification_tree_row_9_action_user_created_e92e324e.hurl @@ -0,0 +1,15 @@ +# ── GET /api/admin/audit-logs - classification tree row 9: [action=user_created] ── +# case_id=TC-e92e324e +# case_name=GET /api/admin/audit-logs - classification tree row 9: [action=user_created] +# step_id=step-main +# step_type=test +# technique=classification_tree +# priority=P2 + +GET {{base_url}}/api/admin/audit-logs?action=user_created + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_audit_logs_get_owasp_api2_broken_authentication_eb7a16db.hurl b/cases/api_admin_audit_logs_get_owasp_api2_broken_authentication_eb7a16db.hurl new file mode 100644 index 0000000..a7fb862 --- /dev/null +++ b/cases/api_admin_audit_logs_get_owasp_api2_broken_authentication_eb7a16db.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] GET /api/admin/audit-logs — broken authentication ── +# case_id=TC-eb7a16db +# case_name=[OWASP-API2] GET /api/admin/audit-logs — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/admin/audit-logs + +HTTP 401 + diff --git a/cases/api_admin_audit_logs_get_owasp_api5_function_level_authorization_missing_b02abc71.hurl b/cases/api_admin_audit_logs_get_owasp_api5_function_level_authorization_missing_b02abc71.hurl new file mode 100644 index 0000000..3538df6 --- /dev/null +++ b/cases/api_admin_audit_logs_get_owasp_api5_function_level_authorization_missing_b02abc71.hurl @@ -0,0 +1,13 @@ +# ── [OWASP-API5] GET /api/admin/audit-logs — function-level authorization missing ── +# case_id=TC-b02abc71 +# case_name=[OWASP-API5] GET /api/admin/audit-logs — function-level authorization missing +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +GET {{base_url}}/api/admin/audit-logs +Authorization: Bearer {{user_token}} + +HTTP 403 + diff --git a/cases/api_admin_audit_logs_get_owasp_api7_injection_path_traversal_a1c2c8cc.hurl b/cases/api_admin_audit_logs_get_owasp_api7_injection_path_traversal_a1c2c8cc.hurl new file mode 100644 index 0000000..836d154 --- /dev/null +++ b/cases/api_admin_audit_logs_get_owasp_api7_injection_path_traversal_a1c2c8cc.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/admin/audit-logs — injection (path-traversal) ── +# case_id=TC-a1c2c8cc +# case_name=[OWASP-API7] GET /api/admin/audit-logs — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/admin/audit-logs?action=..%2F..%2F..%2Fetc%2Fpasswd +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_audit_logs_get_owasp_api7_injection_sqli_605a4d60.hurl b/cases/api_admin_audit_logs_get_owasp_api7_injection_sqli_605a4d60.hurl new file mode 100644 index 0000000..b62205a --- /dev/null +++ b/cases/api_admin_audit_logs_get_owasp_api7_injection_sqli_605a4d60.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/admin/audit-logs — injection (sqli) ── +# case_id=TC-605a4d60 +# case_name=[OWASP-API7] GET /api/admin/audit-logs — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/admin/audit-logs?action=%27+OR+1%3D1-- +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_audit_logs_get_owasp_api7_injection_xss_0d70db14.hurl b/cases/api_admin_audit_logs_get_owasp_api7_injection_xss_0d70db14.hurl new file mode 100644 index 0000000..f698bc5 --- /dev/null +++ b/cases/api_admin_audit_logs_get_owasp_api7_injection_xss_0d70db14.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/admin/audit-logs — injection (xss) ── +# case_id=TC-0d70db14 +# case_name=[OWASP-API7] GET /api/admin/audit-logs — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/admin/audit-logs?action=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_audit_logs_get_valid_request_with_all_required_fields_04940e9f.hurl b/cases/api_admin_audit_logs_get_valid_request_with_all_required_fields_04940e9f.hurl new file mode 100644 index 0000000..144abd1 --- /dev/null +++ b/cases/api_admin_audit_logs_get_valid_request_with_all_required_fields_04940e9f.hurl @@ -0,0 +1,19 @@ +# ── GET /api/admin/audit-logs - valid request with all required fields ── +# case_id=TC-04940e9f +# case_name=GET /api/admin/audit-logs - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +GET {{base_url}}/api/admin/audit-logs + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.total" exists +jsonpath "$.logs" exists +jsonpath "$.page" exists +jsonpath "$.pageSize" exists + diff --git a/cases/api_admin_audit_logs_options_owasp_api8_cors_security_configuration_744c12cf.hurl b/cases/api_admin_audit_logs_options_owasp_api8_cors_security_configuration_744c12cf.hurl new file mode 100644 index 0000000..813473a --- /dev/null +++ b/cases/api_admin_audit_logs_options_owasp_api8_cors_security_configuration_744c12cf.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/admin/audit-logs — CORS security configuration ── +# case_id=TC-744c12cf +# case_name=[OWASP-API8] OPTIONS /api/admin/audit-logs — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/admin/audit-logs +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_admin_grants_id_delete_idempotent_second_call_must_be_safe_1f6fc417.hurl b/cases/api_admin_grants_id_delete_idempotent_second_call_must_be_safe_1f6fc417.hurl new file mode 100644 index 0000000..f12fd73 --- /dev/null +++ b/cases/api_admin_grants_id_delete_idempotent_second_call_must_be_safe_1f6fc417.hurl @@ -0,0 +1,33 @@ +# ══════════════════════════════════════════════════ +# DELETE /api/admin/grants/{id} - idempotent: second call must be safe +# case_id=TC-1f6fc417 +# case_name=DELETE /api/admin/grants/{id} - idempotent: second call must be safe +# case_kind=chain +# priority=P2 +# ══════════════════════════════════════════════════ + +# ── DELETE /api/admin/grants/{id} — first call [setup] ── +# step_id=step-setup +# step_type=setup +# title=DELETE /api/admin/grants/{id} — first call + +DELETE {{base_url}}/api/admin/grants/{id} + +HTTP 200 + +[Asserts] +duration < 2000 + +# ── DELETE /api/admin/grants/{id} — identical second call must be safe [test] ── +# step_id=step-test +# step_type=test +# title=DELETE /api/admin/grants/{id} — identical second call must be safe +# depends_on=step-setup + +DELETE {{base_url}}/api/admin/grants/{id} + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_grants_id_delete_idor_id_0_zero_id_c0c54349.hurl b/cases/api_admin_grants_id_delete_idor_id_0_zero_id_c0c54349.hurl new file mode 100644 index 0000000..4b6c98d --- /dev/null +++ b/cases/api_admin_grants_id_delete_idor_id_0_zero_id_c0c54349.hurl @@ -0,0 +1,16 @@ +# ── DELETE /api/admin/grants/{id} - IDOR id=0 (zero_id) ── +# case_id=TC-c0c54349 +# case_name=DELETE /api/admin/grants/{id} - IDOR id=0 (zero_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +DELETE {{base_url}}/api/admin/grants/0 + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_grants_id_delete_idor_id_99999_alt_id_b20f3be6.hurl b/cases/api_admin_grants_id_delete_idor_id_99999_alt_id_b20f3be6.hurl new file mode 100644 index 0000000..6b93892 --- /dev/null +++ b/cases/api_admin_grants_id_delete_idor_id_99999_alt_id_b20f3be6.hurl @@ -0,0 +1,16 @@ +# ── DELETE /api/admin/grants/{id} - IDOR id=99999 (alt_id) ── +# case_id=TC-b20f3be6 +# case_name=DELETE /api/admin/grants/{id} - IDOR id=99999 (alt_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +DELETE {{base_url}}/api/admin/grants/99999 + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_grants_id_delete_missing_required_param_id_57e2f5d8.hurl b/cases/api_admin_grants_id_delete_missing_required_param_id_57e2f5d8.hurl new file mode 100644 index 0000000..73851e2 --- /dev/null +++ b/cases/api_admin_grants_id_delete_missing_required_param_id_57e2f5d8.hurl @@ -0,0 +1,12 @@ +# ── DELETE /api/admin/grants/{id} - missing required param "id" ── +# case_id=TC-57e2f5d8 +# case_name=DELETE /api/admin/grants/{id} - missing required param "id" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +DELETE {{base_url}}/api/admin/grants/1 + +HTTP 422 + diff --git a/cases/api_admin_grants_id_delete_owasp_api1_bola_unauthorized_access_d8d75c69.hurl b/cases/api_admin_grants_id_delete_owasp_api1_bola_unauthorized_access_d8d75c69.hurl new file mode 100644 index 0000000..ff859e4 --- /dev/null +++ b/cases/api_admin_grants_id_delete_owasp_api1_bola_unauthorized_access_d8d75c69.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API1] DELETE /api/admin/grants/{id} — BOLA unauthorized access ── +# case_id=TC-d8d75c69 +# case_name=[OWASP-API1] DELETE /api/admin/grants/{id} — BOLA unauthorized access +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/grants/{{other_resource_id}} + +HTTP 403 + diff --git a/cases/api_admin_grants_id_delete_owasp_api2_broken_authentication_2b26b1b2.hurl b/cases/api_admin_grants_id_delete_owasp_api2_broken_authentication_2b26b1b2.hurl new file mode 100644 index 0000000..ce75d61 --- /dev/null +++ b/cases/api_admin_grants_id_delete_owasp_api2_broken_authentication_2b26b1b2.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] DELETE /api/admin/grants/{id} — broken authentication ── +# case_id=TC-2b26b1b2 +# case_name=[OWASP-API2] DELETE /api/admin/grants/{id} — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/grants/{id} + +HTTP 401 + diff --git a/cases/api_admin_grants_id_delete_owasp_api5_function_level_authorization_missing_640109d2.hurl b/cases/api_admin_grants_id_delete_owasp_api5_function_level_authorization_missing_640109d2.hurl new file mode 100644 index 0000000..d0c97db --- /dev/null +++ b/cases/api_admin_grants_id_delete_owasp_api5_function_level_authorization_missing_640109d2.hurl @@ -0,0 +1,13 @@ +# ── [OWASP-API5] DELETE /api/admin/grants/{id} — function-level authorization missing ── +# case_id=TC-640109d2 +# case_name=[OWASP-API5] DELETE /api/admin/grants/{id} — function-level authorization missing +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +DELETE {{base_url}}/api/admin/grants/{id} +Authorization: Bearer {{user_token}} + +HTTP 403 + diff --git a/cases/api_admin_grants_id_delete_owasp_api7_injection_path_traversal_5cfaf557.hurl b/cases/api_admin_grants_id_delete_owasp_api7_injection_path_traversal_5cfaf557.hurl new file mode 100644 index 0000000..03df5cf --- /dev/null +++ b/cases/api_admin_grants_id_delete_owasp_api7_injection_path_traversal_5cfaf557.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] DELETE /api/admin/grants/{id} — injection (path-traversal) ── +# case_id=TC-5cfaf557 +# case_name=[OWASP-API7] DELETE /api/admin/grants/{id} — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/grants/..%2F..%2F..%2Fetc%2Fpasswd +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_grants_id_delete_owasp_api7_injection_sqli_3883f876.hurl b/cases/api_admin_grants_id_delete_owasp_api7_injection_sqli_3883f876.hurl new file mode 100644 index 0000000..e126d51 --- /dev/null +++ b/cases/api_admin_grants_id_delete_owasp_api7_injection_sqli_3883f876.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] DELETE /api/admin/grants/{id} — injection (sqli) ── +# case_id=TC-3883f876 +# case_name=[OWASP-API7] DELETE /api/admin/grants/{id} — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/grants/%27%20OR%201=1-- +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_grants_id_delete_owasp_api7_injection_xss_7e26f4e3.hurl b/cases/api_admin_grants_id_delete_owasp_api7_injection_xss_7e26f4e3.hurl new file mode 100644 index 0000000..6a54b46 --- /dev/null +++ b/cases/api_admin_grants_id_delete_owasp_api7_injection_xss_7e26f4e3.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] DELETE /api/admin/grants/{id} — injection (xss) ── +# case_id=TC-7e26f4e3 +# case_name=[OWASP-API7] DELETE /api/admin/grants/{id} — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/grants/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_grants_id_delete_valid_request_with_all_required_fields_03c20c58.hurl b/cases/api_admin_grants_id_delete_valid_request_with_all_required_fields_03c20c58.hurl new file mode 100644 index 0000000..d812bb9 --- /dev/null +++ b/cases/api_admin_grants_id_delete_valid_request_with_all_required_fields_03c20c58.hurl @@ -0,0 +1,16 @@ +# ── DELETE /api/admin/grants/{id} - valid request with all required fields ── +# case_id=TC-03c20c58 +# case_name=DELETE /api/admin/grants/{id} - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +DELETE {{base_url}}/api/admin/grants/{id} + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.ok" exists + diff --git a/cases/api_admin_grants_id_options_owasp_api8_cors_security_configuration_ff243297.hurl b/cases/api_admin_grants_id_options_owasp_api8_cors_security_configuration_ff243297.hurl new file mode 100644 index 0000000..8a23661 --- /dev/null +++ b/cases/api_admin_grants_id_options_owasp_api8_cors_security_configuration_ff243297.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/admin/grants/{id} — CORS security configuration ── +# case_id=TC-ff243297 +# case_name=[OWASP-API8] OPTIONS /api/admin/grants/{id} — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/admin/grants/{id} +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_admin_services_serviceid_team_options_owasp_api8_cors_security_configuration_4b672517.hurl b/cases/api_admin_services_serviceid_team_options_owasp_api8_cors_security_configuration_4b672517.hurl new file mode 100644 index 0000000..cf19f4d --- /dev/null +++ b/cases/api_admin_services_serviceid_team_options_owasp_api8_cors_security_configuration_4b672517.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/admin/services/{serviceId}/team — CORS security configuration ── +# case_id=TC-4b672517 +# case_name=[OWASP-API8] OPTIONS /api/admin/services/{serviceId}/team — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/admin/services/{serviceId}/team +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_admin_services_serviceid_team_put_idempotent_second_call_must_be_safe_dc1513dd.hurl b/cases/api_admin_services_serviceid_team_put_idempotent_second_call_must_be_safe_dc1513dd.hurl new file mode 100644 index 0000000..a5a56c9 --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_idempotent_second_call_must_be_safe_dc1513dd.hurl @@ -0,0 +1,45 @@ +# ══════════════════════════════════════════════════ +# PUT /api/admin/services/{serviceId}/team - idempotent: second call must be safe +# case_id=TC-dc1513dd +# case_name=PUT /api/admin/services/{serviceId}/team - idempotent: second call must be safe +# case_kind=chain +# priority=P2 +# ══════════════════════════════════════════════════ + +# ── PUT /api/admin/services/{serviceId}/team — first call [setup] ── +# step_id=step-setup +# step_type=setup +# title=PUT /api/admin/services/{serviceId}/team — first call + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{ + "teamId": "b954d030-15a4-4bc5-a0ad-c5e46e96e0a7" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + +# ── PUT /api/admin/services/{serviceId}/team — identical second call must be safe [test] ── +# step_id=step-test +# step_type=test +# title=PUT /api/admin/services/{serviceId}/team — identical second call must be safe +# depends_on=step-setup + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{ + "teamId": "b954d030-15a4-4bc5-a0ad-c5e46e96e0a7" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_services_serviceid_team_put_mass_assignment_financial_probe_297a0e33.hurl b/cases/api_admin_services_serviceid_team_put_mass_assignment_financial_probe_297a0e33.hurl new file mode 100644 index 0000000..efaf9ad --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_mass_assignment_financial_probe_297a0e33.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/services/{serviceId}/team - [mass_assignment] financial probe ── +# case_id=TC-297a0e33 +# case_name=PUT /api/admin/services/{serviceId}/team - [mass_assignment] financial probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{ + "balance": 1, + "credits": 1, + "discount": 0, + "price": 1, + "teamId": "205575fc-05ed-461e-8bb1-47206ee3fe2a" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_services_serviceid_team_put_mass_assignment_identity_probe_c9fe2f6f.hurl b/cases/api_admin_services_serviceid_team_put_mass_assignment_identity_probe_c9fe2f6f.hurl new file mode 100644 index 0000000..08498af --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_mass_assignment_identity_probe_c9fe2f6f.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/services/{serviceId}/team - [mass_assignment] identity probe ── +# case_id=TC-c9fe2f6f +# case_name=PUT /api/admin/services/{serviceId}/team - [mass_assignment] identity probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{ + "createdBy": "__probe__", + "ownerId": "__probe__", + "teamId": "205575fc-05ed-461e-8bb1-47206ee3fe2a", + "userId": "__probe__", + "user_id": "__probe__" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_services_serviceid_team_put_mass_assignment_privilege_probe_c8fb1c8e.hurl b/cases/api_admin_services_serviceid_team_put_mass_assignment_privilege_probe_c8fb1c8e.hurl new file mode 100644 index 0000000..8d9b746 --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_mass_assignment_privilege_probe_c8fb1c8e.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/services/{serviceId}/team - [mass_assignment] privilege probe ── +# case_id=TC-c8fb1c8e +# case_name=PUT /api/admin/services/{serviceId}/team - [mass_assignment] privilege probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{ + "admin": true, + "isAdmin": true, + "is_admin": true, + "role": "__probe__", + "teamId": "205575fc-05ed-461e-8bb1-47206ee3fe2a" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_services_serviceid_team_put_mass_assignment_status_probe_6072976c.hurl b/cases/api_admin_services_serviceid_team_put_mass_assignment_status_probe_6072976c.hurl new file mode 100644 index 0000000..ba650f7 --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_mass_assignment_status_probe_6072976c.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/services/{serviceId}/team - [mass_assignment] status probe ── +# case_id=TC-6072976c +# case_name=PUT /api/admin/services/{serviceId}/team - [mass_assignment] status probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{ + "approved": true, + "banned": false, + "disabled": false, + "teamId": "205575fc-05ed-461e-8bb1-47206ee3fe2a", + "verified": true +} +``` + +HTTP 400 + diff --git a/cases/api_admin_services_serviceid_team_put_missing_required_field_teamid_8397ba83.hurl b/cases/api_admin_services_serviceid_team_put_missing_required_field_teamid_8397ba83.hurl new file mode 100644 index 0000000..3664afc --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_missing_required_field_teamid_8397ba83.hurl @@ -0,0 +1,16 @@ +# ── PUT /api/admin/services/{serviceId}/team - missing required field "teamId" ── +# case_id=TC-8397ba83 +# case_name=PUT /api/admin/services/{serviceId}/team - missing required field "teamId" +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P1 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{} +``` + +HTTP 422 + diff --git a/cases/api_admin_services_serviceid_team_put_missing_required_field_teamid_bc585ae5.hurl b/cases/api_admin_services_serviceid_team_put_missing_required_field_teamid_bc585ae5.hurl new file mode 100644 index 0000000..c5db4ed --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_missing_required_field_teamid_bc585ae5.hurl @@ -0,0 +1,16 @@ +# ── PUT /api/admin/services/{serviceId}/team - missing required field "teamId" ── +# case_id=TC-bc585ae5 +# case_name=PUT /api/admin/services/{serviceId}/team - missing required field "teamId" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{} +``` + +HTTP 422 + diff --git a/cases/api_admin_services_serviceid_team_put_missing_required_param_serviceid_3dc3ff8a.hurl b/cases/api_admin_services_serviceid_team_put_missing_required_param_serviceid_3dc3ff8a.hurl new file mode 100644 index 0000000..b3697b0 --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_missing_required_param_serviceid_3dc3ff8a.hurl @@ -0,0 +1,12 @@ +# ── PUT /api/admin/services/{serviceId}/team - missing required param "serviceId" ── +# case_id=TC-3dc3ff8a +# case_name=PUT /api/admin/services/{serviceId}/team - missing required param "serviceId" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +PUT {{base_url}}/api/admin/services/1/team + +HTTP 422 + diff --git a/cases/api_admin_services_serviceid_team_put_mutation_teamid_empty_string_717311a7.hurl b/cases/api_admin_services_serviceid_team_put_mutation_teamid_empty_string_717311a7.hurl new file mode 100644 index 0000000..d690a97 --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_mutation_teamid_empty_string_717311a7.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/services/{serviceId}/team - mutation: teamId empty string ── +# case_id=TC-717311a7 +# case_name=PUT /api/admin/services/{serviceId}/team - mutation: teamId empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{ + "teamId": "" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_services_serviceid_team_put_mutation_teamid_integer_instead_of_string_cea11786.hurl b/cases/api_admin_services_serviceid_team_put_mutation_teamid_integer_instead_of_string_cea11786.hurl new file mode 100644 index 0000000..f186cda --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_mutation_teamid_integer_instead_of_string_cea11786.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/services/{serviceId}/team - mutation: teamId integer instead of string ── +# case_id=TC-cea11786 +# case_name=PUT /api/admin/services/{serviceId}/team - mutation: teamId integer instead of string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{ + "teamId": 12345 +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_services_serviceid_team_put_mutation_teamid_null_value_3c6b4929.hurl b/cases/api_admin_services_serviceid_team_put_mutation_teamid_null_value_3c6b4929.hurl new file mode 100644 index 0000000..4bde0f8 --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_mutation_teamid_null_value_3c6b4929.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/services/{serviceId}/team - mutation: teamId null value ── +# case_id=TC-3c6b4929 +# case_name=PUT /api/admin/services/{serviceId}/team - mutation: teamId null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{ + "teamId": null +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_services_serviceid_team_put_mutation_teamid_oversized_string_300_chars_452218de.hurl b/cases/api_admin_services_serviceid_team_put_mutation_teamid_oversized_string_300_chars_452218de.hurl new file mode 100644 index 0000000..1e905cb --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_mutation_teamid_oversized_string_300_chars_452218de.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/services/{serviceId}/team - mutation: teamId oversized string (300 chars) ── +# case_id=TC-452218de +# case_name=PUT /api/admin/services/{serviceId}/team - mutation: teamId oversized string (300 chars) +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{ + "teamId": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_services_serviceid_team_put_owasp_api1_bola_unauthorized_access_b7125bf5.hurl b/cases/api_admin_services_serviceid_team_put_owasp_api1_bola_unauthorized_access_b7125bf5.hurl new file mode 100644 index 0000000..502d6f2 --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_owasp_api1_bola_unauthorized_access_b7125bf5.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API1] PUT /api/admin/services/{serviceId}/team — BOLA unauthorized access ── +# case_id=TC-b7125bf5 +# case_name=[OWASP-API1] PUT /api/admin/services/{serviceId}/team — BOLA unauthorized access +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/services/{{other_resource_id}}/team + +HTTP 403 + diff --git a/cases/api_admin_services_serviceid_team_put_owasp_api2_broken_authentication_6bc9b636.hurl b/cases/api_admin_services_serviceid_team_put_owasp_api2_broken_authentication_6bc9b636.hurl new file mode 100644 index 0000000..4f04953 --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_owasp_api2_broken_authentication_6bc9b636.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] PUT /api/admin/services/{serviceId}/team — broken authentication ── +# case_id=TC-6bc9b636 +# case_name=[OWASP-API2] PUT /api/admin/services/{serviceId}/team — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/services/{serviceId}/team + +HTTP 401 + diff --git a/cases/api_admin_services_serviceid_team_put_owasp_api3_bopla_property_level_access_26712b87.hurl b/cases/api_admin_services_serviceid_team_put_owasp_api3_bopla_property_level_access_26712b87.hurl new file mode 100644 index 0000000..d8cc1a0 --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_owasp_api3_bopla_property_level_access_26712b87.hurl @@ -0,0 +1,24 @@ +# ── [OWASP-API3] PUT /api/admin/services/{serviceId}/team — BOPLA property-level access ── +# case_id=TC-26712b87 +# case_name=[OWASP-API3] PUT /api/admin/services/{serviceId}/team — BOPLA property-level access +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{ + "is_admin": true, + "role": "admin", + "teamId": "da2ce66b-ccba-4bc0-b582-c8fa43a6926f" +} +``` + +HTTP 200 + +[Asserts] +jsonpath "$.is_admin" != true +jsonpath "$.role" != "admin" + diff --git a/cases/api_admin_services_serviceid_team_put_owasp_api5_function_level_authorization_mi_544e90d2.hurl b/cases/api_admin_services_serviceid_team_put_owasp_api5_function_level_authorization_mi_544e90d2.hurl new file mode 100644 index 0000000..93d40ca --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_owasp_api5_function_level_authorization_mi_544e90d2.hurl @@ -0,0 +1,13 @@ +# ── [OWASP-API5] PUT /api/admin/services/{serviceId}/team — function-level authorization missing ── +# case_id=TC-544e90d2 +# case_name=[OWASP-API5] PUT /api/admin/services/{serviceId}/team — function-level authorization missing +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Authorization: Bearer {{user_token}} + +HTTP 403 + diff --git a/cases/api_admin_services_serviceid_team_put_owasp_api6_mass_assignment_29a92605.hurl b/cases/api_admin_services_serviceid_team_put_owasp_api6_mass_assignment_29a92605.hurl new file mode 100644 index 0000000..cbafe9b --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_owasp_api6_mass_assignment_29a92605.hurl @@ -0,0 +1,26 @@ +# ── [OWASP-API6] PUT /api/admin/services/{serviceId}/team — mass assignment ── +# case_id=TC-29a92605 +# case_name=[OWASP-API6] PUT /api/admin/services/{serviceId}/team — mass assignment +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{ + "createdAt": "2000-01-01T00:00:00Z", + "id": 99999, + "teamId": "d9bf3e10-6529-49aa-b714-03fd1a939f04", + "updatedAt": "2000-01-01T00:00:00Z" +} +``` + +HTTP 200 + +[Asserts] +jsonpath "$.id" != 99999 +jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" +jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" + diff --git a/cases/api_admin_services_serviceid_team_put_owasp_api7_injection_path_traversal_b621722f.hurl b/cases/api_admin_services_serviceid_team_put_owasp_api7_injection_path_traversal_b621722f.hurl new file mode 100644 index 0000000..d4c6b97 --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_owasp_api7_injection_path_traversal_b621722f.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] PUT /api/admin/services/{serviceId}/team — injection (path-traversal) ── +# case_id=TC-b621722f +# case_name=[OWASP-API7] PUT /api/admin/services/{serviceId}/team — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/services/..%2F..%2F..%2Fetc%2Fpasswd/team +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_services_serviceid_team_put_owasp_api7_injection_sqli_53f0e55f.hurl b/cases/api_admin_services_serviceid_team_put_owasp_api7_injection_sqli_53f0e55f.hurl new file mode 100644 index 0000000..c9b2261 --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_owasp_api7_injection_sqli_53f0e55f.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] PUT /api/admin/services/{serviceId}/team — injection (sqli) ── +# case_id=TC-53f0e55f +# case_name=[OWASP-API7] PUT /api/admin/services/{serviceId}/team — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/services/%27%20OR%201=1--/team +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_services_serviceid_team_put_owasp_api7_injection_xss_3ad867af.hurl b/cases/api_admin_services_serviceid_team_put_owasp_api7_injection_xss_3ad867af.hurl new file mode 100644 index 0000000..2a1fb63 --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_owasp_api7_injection_xss_3ad867af.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] PUT /api/admin/services/{serviceId}/team — injection (xss) ── +# case_id=TC-3ad867af +# case_name=[OWASP-API7] PUT /api/admin/services/{serviceId}/team — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/services/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/team +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_services_serviceid_team_put_required_omission_teamid_absent_d24b98db.hurl b/cases/api_admin_services_serviceid_team_put_required_omission_teamid_absent_d24b98db.hurl new file mode 100644 index 0000000..6dd6487 --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_required_omission_teamid_absent_d24b98db.hurl @@ -0,0 +1,20 @@ +# ── PUT /api/admin/services/{serviceId}/team - [required_omission] teamId absent ── +# case_id=TC-d24b98db +# case_name=PUT /api/admin/services/{serviceId}/team - [required_omission] teamId absent +# step_id=step-main +# step_type=test +# technique=required_omission +# priority=P2 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_services_serviceid_team_put_schema_violation_teamid_missing_required_c8b11e1e.hurl b/cases/api_admin_services_serviceid_team_put_schema_violation_teamid_missing_required_c8b11e1e.hurl new file mode 100644 index 0000000..7bd0ce1 --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_schema_violation_teamid_missing_required_c8b11e1e.hurl @@ -0,0 +1,16 @@ +# ── PUT /api/admin/services/{serviceId}/team - [schema_violation] teamId_missing_required ── +# case_id=TC-c8b11e1e +# case_name=PUT /api/admin/services/{serviceId}/team - [schema_violation] teamId_missing_required +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{} +``` + +HTTP 422 + diff --git a/cases/api_admin_services_serviceid_team_put_semantic_annotation_nullable_field_teamid_f06bfa27.hurl b/cases/api_admin_services_serviceid_team_put_semantic_annotation_nullable_field_teamid_f06bfa27.hurl new file mode 100644 index 0000000..b2e2844 --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_semantic_annotation_nullable_field_teamid_f06bfa27.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/services/{serviceId}/team - [semantic_annotation] nullable field "teamId" accepts null ── +# case_id=TC-f06bfa27 +# case_name=PUT /api/admin/services/{serviceId}/team - [semantic_annotation] nullable field "teamId" accepts null +# step_id=step-main +# step_type=test +# technique=semantic_annotation +# priority=P1 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{ + "teamId": null +} +``` + +HTTP * + +[Asserts] +status >= 200 +status < 300 + diff --git a/cases/api_admin_services_serviceid_team_put_type_coercion_teamid_wrong_type_boolean_5b55ebea.hurl b/cases/api_admin_services_serviceid_team_put_type_coercion_teamid_wrong_type_boolean_5b55ebea.hurl new file mode 100644 index 0000000..bace9e7 --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_type_coercion_teamid_wrong_type_boolean_5b55ebea.hurl @@ -0,0 +1,18 @@ +# ── PUT /api/admin/services/{serviceId}/team - [type_coercion] teamId wrong_type_boolean ── +# case_id=TC-5b55ebea +# case_name=PUT /api/admin/services/{serviceId}/team - [type_coercion] teamId wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{ + "teamId": true +} +``` + +HTTP 422 + diff --git a/cases/api_admin_services_serviceid_team_put_type_coercion_teamid_wrong_type_integer_87eccc15.hurl b/cases/api_admin_services_serviceid_team_put_type_coercion_teamid_wrong_type_integer_87eccc15.hurl new file mode 100644 index 0000000..d51b980 --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_type_coercion_teamid_wrong_type_integer_87eccc15.hurl @@ -0,0 +1,18 @@ +# ── PUT /api/admin/services/{serviceId}/team - [type_coercion] teamId wrong_type_integer ── +# case_id=TC-87eccc15 +# case_name=PUT /api/admin/services/{serviceId}/team - [type_coercion] teamId wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{ + "teamId": 123 +} +``` + +HTTP 422 + diff --git a/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_bidi_override_e30f1b9e.hurl b/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_bidi_override_e30f1b9e.hurl new file mode 100644 index 0000000..1afd590 --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_bidi_override_e30f1b9e.hurl @@ -0,0 +1,18 @@ +# ── PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId bidi_override ── +# case_id=TC-e30f1b9e +# case_name=PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{ + "teamId": "‮hello" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_control_char_00caba6f.hurl b/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_control_char_00caba6f.hurl new file mode 100644 index 0000000..b81f354 --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_control_char_00caba6f.hurl @@ -0,0 +1,18 @@ +# ── PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId control_char ── +# case_id=TC-00caba6f +# case_name=PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{ + "teamId": "hello\u0000world" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_overlong_5dc313b9.hurl b/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_overlong_5dc313b9.hurl new file mode 100644 index 0000000..f0612a8 --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_overlong_5dc313b9.hurl @@ -0,0 +1,18 @@ +# ── PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId overlong ── +# case_id=TC-5dc313b9 +# case_name=PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{ + "teamId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_zalgo_c1fa3472.hurl b/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_zalgo_c1fa3472.hurl new file mode 100644 index 0000000..f384407 --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_zalgo_c1fa3472.hurl @@ -0,0 +1,18 @@ +# ── PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId zalgo ── +# case_id=TC-c1fa3472 +# case_name=PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{ + "teamId": "z̀́̂̃̄̅̆̇a" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_zero_width_1c0a1d4a.hurl b/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_zero_width_1c0a1d4a.hurl new file mode 100644 index 0000000..48a718c --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_zero_width_1c0a1d4a.hurl @@ -0,0 +1,18 @@ +# ── PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId zero_width ── +# case_id=TC-1c0a1d4a +# case_name=PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{ + "teamId": "​hello" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_services_serviceid_team_put_valid_request_with_all_required_fields_c8662867.hurl b/cases/api_admin_services_serviceid_team_put_valid_request_with_all_required_fields_c8662867.hurl new file mode 100644 index 0000000..db65e76 --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_valid_request_with_all_required_fields_c8662867.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/services/{serviceId}/team - valid request with all required fields ── +# case_id=TC-c8662867 +# case_name=PUT /api/admin/services/{serviceId}/team - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: application/json +```json +{ + "teamId": "8439a10e-558d-4569-b260-f0f36a116d83" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.ok" exists + diff --git a/cases/api_admin_services_serviceid_team_put_wrong_content_type_text_plain_16d39238.hurl b/cases/api_admin_services_serviceid_team_put_wrong_content_type_text_plain_16d39238.hurl new file mode 100644 index 0000000..1a49a96 --- /dev/null +++ b/cases/api_admin_services_serviceid_team_put_wrong_content_type_text_plain_16d39238.hurl @@ -0,0 +1,18 @@ +# ── PUT /api/admin/services/{serviceId}/team - wrong content-type (text/plain) ── +# case_id=TC-16d39238 +# case_name=PUT /api/admin/services/{serviceId}/team - wrong content-type (text/plain) +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +PUT {{base_url}}/api/admin/services/{serviceId}/team +Content-Type: text/plain +```json +{ + "teamId": "bc1c5a2f-34be-4a46-bc1a-a3abfe061eb1" +} +``` + +HTTP 415 + diff --git a/cases/api_admin_teams_get_auth_chain_3977085e.hurl b/cases/api_admin_teams_get_auth_chain_3977085e.hurl new file mode 100644 index 0000000..e3f7c17 --- /dev/null +++ b/cases/api_admin_teams_get_auth_chain_3977085e.hurl @@ -0,0 +1,44 @@ +# ══════════════════════════════════════════════════ +# auth chain: GET /api/admin/teams +# case_id=TC-3977085e +# case_name=auth chain: GET /api/admin/teams +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── authenticate via POST /api/tokens [setup] ── +# step_id=step-auth +# step_type=setup +# title=authenticate via POST /api/tokens + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Jakob Jensen", + "scope": "write" +} +``` + +HTTP * + +[Captures] +authToken: jsonpath "$.token" + +[Asserts] +status < 300 + +# ── GET /api/admin/teams with auth token [test] ── +# step_id=step-test +# step_type=test +# title=GET /api/admin/teams with auth token +# depends_on=step-auth + +GET {{base_url}}/api/admin/teams +Authorization: Bearer {{authToken}} + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_teams_get_owasp_api2_broken_authentication_1e347647.hurl b/cases/api_admin_teams_get_owasp_api2_broken_authentication_1e347647.hurl new file mode 100644 index 0000000..b77244c --- /dev/null +++ b/cases/api_admin_teams_get_owasp_api2_broken_authentication_1e347647.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] GET /api/admin/teams — broken authentication ── +# case_id=TC-1e347647 +# case_name=[OWASP-API2] GET /api/admin/teams — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/admin/teams + +HTTP 401 + diff --git a/cases/api_admin_teams_get_owasp_api5_function_level_authorization_missing_a9276ccc.hurl b/cases/api_admin_teams_get_owasp_api5_function_level_authorization_missing_a9276ccc.hurl new file mode 100644 index 0000000..7c05771 --- /dev/null +++ b/cases/api_admin_teams_get_owasp_api5_function_level_authorization_missing_a9276ccc.hurl @@ -0,0 +1,13 @@ +# ── [OWASP-API5] GET /api/admin/teams — function-level authorization missing ── +# case_id=TC-a9276ccc +# case_name=[OWASP-API5] GET /api/admin/teams — function-level authorization missing +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +GET {{base_url}}/api/admin/teams +Authorization: Bearer {{user_token}} + +HTTP 403 + diff --git a/cases/api_admin_teams_get_valid_request_with_all_required_fields_978ae5a8.hurl b/cases/api_admin_teams_get_valid_request_with_all_required_fields_978ae5a8.hurl new file mode 100644 index 0000000..ca8dc17 --- /dev/null +++ b/cases/api_admin_teams_get_valid_request_with_all_required_fields_978ae5a8.hurl @@ -0,0 +1,16 @@ +# ── GET /api/admin/teams - valid request with all required fields ── +# case_id=TC-978ae5a8 +# case_name=GET /api/admin/teams - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +GET {{base_url}}/api/admin/teams + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.teams" exists + diff --git a/cases/api_admin_teams_id_delete_idempotent_second_call_must_be_safe_2d2c1dda.hurl b/cases/api_admin_teams_id_delete_idempotent_second_call_must_be_safe_2d2c1dda.hurl new file mode 100644 index 0000000..bbde34d --- /dev/null +++ b/cases/api_admin_teams_id_delete_idempotent_second_call_must_be_safe_2d2c1dda.hurl @@ -0,0 +1,33 @@ +# ══════════════════════════════════════════════════ +# DELETE /api/admin/teams/{id} - idempotent: second call must be safe +# case_id=TC-2d2c1dda +# case_name=DELETE /api/admin/teams/{id} - idempotent: second call must be safe +# case_kind=chain +# priority=P2 +# ══════════════════════════════════════════════════ + +# ── DELETE /api/admin/teams/{id} — first call [setup] ── +# step_id=step-setup +# step_type=setup +# title=DELETE /api/admin/teams/{id} — first call + +DELETE {{base_url}}/api/admin/teams/{id} + +HTTP 200 + +[Asserts] +duration < 2000 + +# ── DELETE /api/admin/teams/{id} — identical second call must be safe [test] ── +# step_id=step-test +# step_type=test +# title=DELETE /api/admin/teams/{id} — identical second call must be safe +# depends_on=step-setup + +DELETE {{base_url}}/api/admin/teams/{id} + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_teams_id_delete_idor_id_0_zero_id_04e9a0f9.hurl b/cases/api_admin_teams_id_delete_idor_id_0_zero_id_04e9a0f9.hurl new file mode 100644 index 0000000..116e9ae --- /dev/null +++ b/cases/api_admin_teams_id_delete_idor_id_0_zero_id_04e9a0f9.hurl @@ -0,0 +1,16 @@ +# ── DELETE /api/admin/teams/{id} - IDOR id=0 (zero_id) ── +# case_id=TC-04e9a0f9 +# case_name=DELETE /api/admin/teams/{id} - IDOR id=0 (zero_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +DELETE {{base_url}}/api/admin/teams/0 + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_delete_idor_id_99999_alt_id_0d533645.hurl b/cases/api_admin_teams_id_delete_idor_id_99999_alt_id_0d533645.hurl new file mode 100644 index 0000000..4903b3d --- /dev/null +++ b/cases/api_admin_teams_id_delete_idor_id_99999_alt_id_0d533645.hurl @@ -0,0 +1,16 @@ +# ── DELETE /api/admin/teams/{id} - IDOR id=99999 (alt_id) ── +# case_id=TC-0d533645 +# case_name=DELETE /api/admin/teams/{id} - IDOR id=99999 (alt_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +DELETE {{base_url}}/api/admin/teams/99999 + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_delete_missing_required_param_id_d700a9bc.hurl b/cases/api_admin_teams_id_delete_missing_required_param_id_d700a9bc.hurl new file mode 100644 index 0000000..c11f10b --- /dev/null +++ b/cases/api_admin_teams_id_delete_missing_required_param_id_d700a9bc.hurl @@ -0,0 +1,12 @@ +# ── DELETE /api/admin/teams/{id} - missing required param "id" ── +# case_id=TC-d700a9bc +# case_name=DELETE /api/admin/teams/{id} - missing required param "id" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +DELETE {{base_url}}/api/admin/teams/1 + +HTTP 422 + diff --git a/cases/api_admin_teams_id_delete_owasp_api1_bola_unauthorized_access_a23b7745.hurl b/cases/api_admin_teams_id_delete_owasp_api1_bola_unauthorized_access_a23b7745.hurl new file mode 100644 index 0000000..e30613c --- /dev/null +++ b/cases/api_admin_teams_id_delete_owasp_api1_bola_unauthorized_access_a23b7745.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API1] DELETE /api/admin/teams/{id} — BOLA unauthorized access ── +# case_id=TC-a23b7745 +# case_name=[OWASP-API1] DELETE /api/admin/teams/{id} — BOLA unauthorized access +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/teams/{{other_resource_id}} + +HTTP 403 + diff --git a/cases/api_admin_teams_id_delete_owasp_api2_broken_authentication_f7305717.hurl b/cases/api_admin_teams_id_delete_owasp_api2_broken_authentication_f7305717.hurl new file mode 100644 index 0000000..b3cd78d --- /dev/null +++ b/cases/api_admin_teams_id_delete_owasp_api2_broken_authentication_f7305717.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] DELETE /api/admin/teams/{id} — broken authentication ── +# case_id=TC-f7305717 +# case_name=[OWASP-API2] DELETE /api/admin/teams/{id} — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/teams/{id} + +HTTP 401 + diff --git a/cases/api_admin_teams_id_delete_owasp_api5_function_level_authorization_missing_1f9d5ef0.hurl b/cases/api_admin_teams_id_delete_owasp_api5_function_level_authorization_missing_1f9d5ef0.hurl new file mode 100644 index 0000000..87f19f6 --- /dev/null +++ b/cases/api_admin_teams_id_delete_owasp_api5_function_level_authorization_missing_1f9d5ef0.hurl @@ -0,0 +1,13 @@ +# ── [OWASP-API5] DELETE /api/admin/teams/{id} — function-level authorization missing ── +# case_id=TC-1f9d5ef0 +# case_name=[OWASP-API5] DELETE /api/admin/teams/{id} — function-level authorization missing +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +DELETE {{base_url}}/api/admin/teams/{id} +Authorization: Bearer {{user_token}} + +HTTP 403 + diff --git a/cases/api_admin_teams_id_delete_owasp_api7_injection_path_traversal_726d486c.hurl b/cases/api_admin_teams_id_delete_owasp_api7_injection_path_traversal_726d486c.hurl new file mode 100644 index 0000000..f1970a3 --- /dev/null +++ b/cases/api_admin_teams_id_delete_owasp_api7_injection_path_traversal_726d486c.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] DELETE /api/admin/teams/{id} — injection (path-traversal) ── +# case_id=TC-726d486c +# case_name=[OWASP-API7] DELETE /api/admin/teams/{id} — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_delete_owasp_api7_injection_sqli_e0aa0be4.hurl b/cases/api_admin_teams_id_delete_owasp_api7_injection_sqli_e0aa0be4.hurl new file mode 100644 index 0000000..44d66ed --- /dev/null +++ b/cases/api_admin_teams_id_delete_owasp_api7_injection_sqli_e0aa0be4.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] DELETE /api/admin/teams/{id} — injection (sqli) ── +# case_id=TC-e0aa0be4 +# case_name=[OWASP-API7] DELETE /api/admin/teams/{id} — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/teams/%27%20OR%201=1-- +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_delete_owasp_api7_injection_xss_cdcba009.hurl b/cases/api_admin_teams_id_delete_owasp_api7_injection_xss_cdcba009.hurl new file mode 100644 index 0000000..bbdaa81 --- /dev/null +++ b/cases/api_admin_teams_id_delete_owasp_api7_injection_xss_cdcba009.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] DELETE /api/admin/teams/{id} — injection (xss) ── +# case_id=TC-cdcba009 +# case_name=[OWASP-API7] DELETE /api/admin/teams/{id} — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_delete_valid_request_with_all_required_fields_2f56068b.hurl b/cases/api_admin_teams_id_delete_valid_request_with_all_required_fields_2f56068b.hurl new file mode 100644 index 0000000..3a41d1c --- /dev/null +++ b/cases/api_admin_teams_id_delete_valid_request_with_all_required_fields_2f56068b.hurl @@ -0,0 +1,16 @@ +# ── DELETE /api/admin/teams/{id} - valid request with all required fields ── +# case_id=TC-2f56068b +# case_name=DELETE /api/admin/teams/{id} - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +DELETE {{base_url}}/api/admin/teams/{id} + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.ok" exists + diff --git a/cases/api_admin_teams_id_grants_get_idor_id_0_zero_id_625bb61d.hurl b/cases/api_admin_teams_id_grants_get_idor_id_0_zero_id_625bb61d.hurl new file mode 100644 index 0000000..5628c84 --- /dev/null +++ b/cases/api_admin_teams_id_grants_get_idor_id_0_zero_id_625bb61d.hurl @@ -0,0 +1,16 @@ +# ── GET /api/admin/teams/{id}/grants - IDOR id=0 (zero_id) ── +# case_id=TC-625bb61d +# case_name=GET /api/admin/teams/{id}/grants - IDOR id=0 (zero_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +GET {{base_url}}/api/admin/teams/0/grants + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_grants_get_idor_id_99999_alt_id_1e7138b3.hurl b/cases/api_admin_teams_id_grants_get_idor_id_99999_alt_id_1e7138b3.hurl new file mode 100644 index 0000000..757b721 --- /dev/null +++ b/cases/api_admin_teams_id_grants_get_idor_id_99999_alt_id_1e7138b3.hurl @@ -0,0 +1,16 @@ +# ── GET /api/admin/teams/{id}/grants - IDOR id=99999 (alt_id) ── +# case_id=TC-1e7138b3 +# case_name=GET /api/admin/teams/{id}/grants - IDOR id=99999 (alt_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +GET {{base_url}}/api/admin/teams/99999/grants + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_grants_get_missing_required_param_id_aa4a85d2.hurl b/cases/api_admin_teams_id_grants_get_missing_required_param_id_aa4a85d2.hurl new file mode 100644 index 0000000..f6a7370 --- /dev/null +++ b/cases/api_admin_teams_id_grants_get_missing_required_param_id_aa4a85d2.hurl @@ -0,0 +1,12 @@ +# ── GET /api/admin/teams/{id}/grants - missing required param "id" ── +# case_id=TC-aa4a85d2 +# case_name=GET /api/admin/teams/{id}/grants - missing required param "id" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +GET {{base_url}}/api/admin/teams/1/grants + +HTTP 422 + diff --git a/cases/api_admin_teams_id_grants_get_owasp_api1_bola_unauthorized_access_9c3bba1f.hurl b/cases/api_admin_teams_id_grants_get_owasp_api1_bola_unauthorized_access_9c3bba1f.hurl new file mode 100644 index 0000000..d45f315 --- /dev/null +++ b/cases/api_admin_teams_id_grants_get_owasp_api1_bola_unauthorized_access_9c3bba1f.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API1] GET /api/admin/teams/{id}/grants — BOLA unauthorized access ── +# case_id=TC-9c3bba1f +# case_name=[OWASP-API1] GET /api/admin/teams/{id}/grants — BOLA unauthorized access +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/admin/teams/{{other_resource_id}}/grants + +HTTP 403 + diff --git a/cases/api_admin_teams_id_grants_get_owasp_api2_broken_authentication_2dae98a0.hurl b/cases/api_admin_teams_id_grants_get_owasp_api2_broken_authentication_2dae98a0.hurl new file mode 100644 index 0000000..f2219a7 --- /dev/null +++ b/cases/api_admin_teams_id_grants_get_owasp_api2_broken_authentication_2dae98a0.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] GET /api/admin/teams/{id}/grants — broken authentication ── +# case_id=TC-2dae98a0 +# case_name=[OWASP-API2] GET /api/admin/teams/{id}/grants — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/admin/teams/{id}/grants + +HTTP 401 + diff --git a/cases/api_admin_teams_id_grants_get_owasp_api5_function_level_authorization_missing_8f5433a6.hurl b/cases/api_admin_teams_id_grants_get_owasp_api5_function_level_authorization_missing_8f5433a6.hurl new file mode 100644 index 0000000..e59744e --- /dev/null +++ b/cases/api_admin_teams_id_grants_get_owasp_api5_function_level_authorization_missing_8f5433a6.hurl @@ -0,0 +1,13 @@ +# ── [OWASP-API5] GET /api/admin/teams/{id}/grants — function-level authorization missing ── +# case_id=TC-8f5433a6 +# case_name=[OWASP-API5] GET /api/admin/teams/{id}/grants — function-level authorization missing +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +GET {{base_url}}/api/admin/teams/{id}/grants +Authorization: Bearer {{user_token}} + +HTTP 403 + diff --git a/cases/api_admin_teams_id_grants_get_owasp_api7_injection_path_traversal_b5400171.hurl b/cases/api_admin_teams_id_grants_get_owasp_api7_injection_path_traversal_b5400171.hurl new file mode 100644 index 0000000..9a2241b --- /dev/null +++ b/cases/api_admin_teams_id_grants_get_owasp_api7_injection_path_traversal_b5400171.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/admin/teams/{id}/grants — injection (path-traversal) ── +# case_id=TC-b5400171 +# case_name=[OWASP-API7] GET /api/admin/teams/{id}/grants — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/grants +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_get_owasp_api7_injection_sqli_a7917f13.hurl b/cases/api_admin_teams_id_grants_get_owasp_api7_injection_sqli_a7917f13.hurl new file mode 100644 index 0000000..e9543b7 --- /dev/null +++ b/cases/api_admin_teams_id_grants_get_owasp_api7_injection_sqli_a7917f13.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/admin/teams/{id}/grants — injection (sqli) ── +# case_id=TC-a7917f13 +# case_name=[OWASP-API7] GET /api/admin/teams/{id}/grants — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/admin/teams/%27%20OR%201=1--/grants +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_get_owasp_api7_injection_xss_269d7a97.hurl b/cases/api_admin_teams_id_grants_get_owasp_api7_injection_xss_269d7a97.hurl new file mode 100644 index 0000000..be40f0c --- /dev/null +++ b/cases/api_admin_teams_id_grants_get_owasp_api7_injection_xss_269d7a97.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/admin/teams/{id}/grants — injection (xss) ── +# case_id=TC-269d7a97 +# case_name=[OWASP-API7] GET /api/admin/teams/{id}/grants — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/grants +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_get_valid_request_with_all_required_fields_d5427a01.hurl b/cases/api_admin_teams_id_grants_get_valid_request_with_all_required_fields_d5427a01.hurl new file mode 100644 index 0000000..e07df1f --- /dev/null +++ b/cases/api_admin_teams_id_grants_get_valid_request_with_all_required_fields_d5427a01.hurl @@ -0,0 +1,17 @@ +# ── GET /api/admin/teams/{id}/grants - valid request with all required fields ── +# case_id=TC-d5427a01 +# case_name=GET /api/admin/teams/{id}/grants - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +GET {{base_url}}/api/admin/teams/{id}/grants + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.outgoing" exists +jsonpath "$.incoming" exists + diff --git a/cases/api_admin_teams_id_grants_options_owasp_api8_cors_security_configuration_8b59e761.hurl b/cases/api_admin_teams_id_grants_options_owasp_api8_cors_security_configuration_8b59e761.hurl new file mode 100644 index 0000000..406c6a0 --- /dev/null +++ b/cases/api_admin_teams_id_grants_options_owasp_api8_cors_security_configuration_8b59e761.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/admin/teams/{id}/grants — CORS security configuration ── +# case_id=TC-8b59e761 +# case_name=[OWASP-API8] OPTIONS /api/admin/teams/{id}/grants — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/admin/teams/{id}/grants +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_admin_teams_id_grants_post_idempotent_second_call_must_be_safe_810053e8.hurl b/cases/api_admin_teams_id_grants_post_idempotent_second_call_must_be_safe_810053e8.hurl new file mode 100644 index 0000000..d1c9ca7 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_idempotent_second_call_must_be_safe_810053e8.hurl @@ -0,0 +1,57 @@ +# ══════════════════════════════════════════════════ +# POST /api/admin/teams/{id}/grants - idempotent: second call must be safe +# case_id=TC-810053e8 +# case_name=POST /api/admin/teams/{id}/grants - idempotent: second call must be safe +# case_kind=chain +# priority=P2 +# ══════════════════════════════════════════════════ + +# ── POST /api/admin/teams/{id}/grants — first call [setup] ── +# step_id=step-setup +# step_type=setup +# title=POST /api/admin/teams/{id}/grants — first call + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "mercy" + ], + "expiresAt": "1999-12-17T23:28:47Z", + "granteeTeamId": "65e38a66-d932-4217-b7b6-b9d191c81aaf", + "granteeUserId": "41f62f9a-dcd8-4b25-86af-1c3d9ec30857", + "serviceId": "4926c858-e08e-4a3f-bf7b-0bb8e4309181" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + +# ── POST /api/admin/teams/{id}/grants — identical second call must be safe [test] ── +# step_id=step-test +# step_type=test +# title=POST /api/admin/teams/{id}/grants — identical second call must be safe +# depends_on=step-setup + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "mercy" + ], + "expiresAt": "1999-12-17T23:28:47Z", + "granteeTeamId": "65e38a66-d932-4217-b7b6-b9d191c81aaf", + "granteeUserId": "41f62f9a-dcd8-4b25-86af-1c3d9ec30857", + "serviceId": "4926c858-e08e-4a3f-bf7b-0bb8e4309181" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_teams_id_grants_post_idor_id_0_zero_id_82f1376b.hurl b/cases/api_admin_teams_id_grants_post_idor_id_0_zero_id_82f1376b.hurl new file mode 100644 index 0000000..13da31c --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_idor_id_0_zero_id_82f1376b.hurl @@ -0,0 +1,16 @@ +# ── POST /api/admin/teams/{id}/grants - IDOR id=0 (zero_id) ── +# case_id=TC-82f1376b +# case_name=POST /api/admin/teams/{id}/grants - IDOR id=0 (zero_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +POST {{base_url}}/api/admin/teams/0/grants + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_grants_post_idor_id_99999_alt_id_14f8c7cc.hurl b/cases/api_admin_teams_id_grants_post_idor_id_99999_alt_id_14f8c7cc.hurl new file mode 100644 index 0000000..e6d5e8a --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_idor_id_99999_alt_id_14f8c7cc.hurl @@ -0,0 +1,16 @@ +# ── POST /api/admin/teams/{id}/grants - IDOR id=99999 (alt_id) ── +# case_id=TC-14f8c7cc +# case_name=POST /api/admin/teams/{id}/grants - IDOR id=99999 (alt_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +POST {{base_url}}/api/admin/teams/99999/grants + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_grants_post_mass_assignment_financial_probe_8b55910b.hurl b/cases/api_admin_teams_id_grants_post_mass_assignment_financial_probe_8b55910b.hurl new file mode 100644 index 0000000..2a71211 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_mass_assignment_financial_probe_8b55910b.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/teams/{id}/grants - [mass_assignment] financial probe ── +# case_id=TC-8b55910b +# case_name=POST /api/admin/teams/{id}/grants - [mass_assignment] financial probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "balance": 1, + "branches": [ + "these" + ], + "credits": 1, + "discount": 0, + "expiresAt": "1935-06-17T15:07:26Z", + "granteeTeamId": "02c4dc55-7e2a-4090-a2d0-b4fed5e1277e", + "granteeUserId": "85fb4919-bc0a-470e-9fae-9fa164ef5b88", + "price": 1, + "serviceId": "b5371d8e-203f-403f-bbb6-ab0e4e8f8466" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_mass_assignment_identity_probe_74060ffe.hurl b/cases/api_admin_teams_id_grants_post_mass_assignment_identity_probe_74060ffe.hurl new file mode 100644 index 0000000..9b011b7 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_mass_assignment_identity_probe_74060ffe.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/teams/{id}/grants - [mass_assignment] identity probe ── +# case_id=TC-74060ffe +# case_name=POST /api/admin/teams/{id}/grants - [mass_assignment] identity probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "these" + ], + "createdBy": "__probe__", + "expiresAt": "1935-06-17T15:07:26Z", + "granteeTeamId": "02c4dc55-7e2a-4090-a2d0-b4fed5e1277e", + "granteeUserId": "85fb4919-bc0a-470e-9fae-9fa164ef5b88", + "ownerId": "__probe__", + "serviceId": "b5371d8e-203f-403f-bbb6-ab0e4e8f8466", + "userId": "__probe__", + "user_id": "__probe__" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_mass_assignment_privilege_probe_eaaad8f0.hurl b/cases/api_admin_teams_id_grants_post_mass_assignment_privilege_probe_eaaad8f0.hurl new file mode 100644 index 0000000..819661d --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_mass_assignment_privilege_probe_eaaad8f0.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/teams/{id}/grants - [mass_assignment] privilege probe ── +# case_id=TC-eaaad8f0 +# case_name=POST /api/admin/teams/{id}/grants - [mass_assignment] privilege probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "admin": true, + "branches": [ + "these" + ], + "expiresAt": "1935-06-17T15:07:26Z", + "granteeTeamId": "02c4dc55-7e2a-4090-a2d0-b4fed5e1277e", + "granteeUserId": "85fb4919-bc0a-470e-9fae-9fa164ef5b88", + "isAdmin": true, + "is_admin": true, + "role": "__probe__", + "serviceId": "b5371d8e-203f-403f-bbb6-ab0e4e8f8466" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_mass_assignment_status_probe_54b93b94.hurl b/cases/api_admin_teams_id_grants_post_mass_assignment_status_probe_54b93b94.hurl new file mode 100644 index 0000000..8b4a8b5 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_mass_assignment_status_probe_54b93b94.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/teams/{id}/grants - [mass_assignment] status probe ── +# case_id=TC-54b93b94 +# case_name=POST /api/admin/teams/{id}/grants - [mass_assignment] status probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "approved": true, + "banned": false, + "branches": [ + "these" + ], + "disabled": false, + "expiresAt": "1935-06-17T15:07:26Z", + "granteeTeamId": "02c4dc55-7e2a-4090-a2d0-b4fed5e1277e", + "granteeUserId": "85fb4919-bc0a-470e-9fae-9fa164ef5b88", + "serviceId": "b5371d8e-203f-403f-bbb6-ab0e4e8f8466", + "verified": true +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_missing_required_field_serviceid_33636c2c.hurl b/cases/api_admin_teams_id_grants_post_missing_required_field_serviceid_33636c2c.hurl new file mode 100644 index 0000000..e28d079 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_missing_required_field_serviceid_33636c2c.hurl @@ -0,0 +1,23 @@ +# ── POST /api/admin/teams/{id}/grants - missing required field "serviceId" ── +# case_id=TC-33636c2c +# case_name=POST /api/admin/teams/{id}/grants - missing required field "serviceId" +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P1 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "lastly" + ], + "expiresAt": "2010-02-21T09:42:07Z", + "granteeTeamId": "54d614e8-78c4-4be4-8d58-6262bc0ed601", + "granteeUserId": "ebe6434a-7451-43df-a2a8-4ff4abc09840" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_grants_post_missing_required_field_serviceid_62d899fa.hurl b/cases/api_admin_teams_id_grants_post_missing_required_field_serviceid_62d899fa.hurl new file mode 100644 index 0000000..af18c83 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_missing_required_field_serviceid_62d899fa.hurl @@ -0,0 +1,23 @@ +# ── POST /api/admin/teams/{id}/grants - missing required field "serviceId" ── +# case_id=TC-62d899fa +# case_name=POST /api/admin/teams/{id}/grants - missing required field "serviceId" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "for" + ], + "expiresAt": "1953-03-29T14:02:05Z", + "granteeTeamId": "6d698330-9f66-45db-a309-61a79c0db5ba", + "granteeUserId": "8867a80d-0d36-4338-ae27-3e2177ebe961" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_grants_post_missing_required_param_id_aee10eee.hurl b/cases/api_admin_teams_id_grants_post_missing_required_param_id_aee10eee.hurl new file mode 100644 index 0000000..3f0dc8e --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_missing_required_param_id_aee10eee.hurl @@ -0,0 +1,12 @@ +# ── POST /api/admin/teams/{id}/grants - missing required param "id" ── +# case_id=TC-aee10eee +# case_name=POST /api/admin/teams/{id}/grants - missing required param "id" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +POST {{base_url}}/api/admin/teams/1/grants + +HTTP 422 + diff --git a/cases/api_admin_teams_id_grants_post_mutation_branches_null_value_3f1f0acd.hurl b/cases/api_admin_teams_id_grants_post_mutation_branches_null_value_3f1f0acd.hurl new file mode 100644 index 0000000..c3b30fa --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_mutation_branches_null_value_3f1f0acd.hurl @@ -0,0 +1,26 @@ +# ── POST /api/admin/teams/{id}/grants - mutation: branches null value ── +# case_id=TC-3f1f0acd +# case_name=POST /api/admin/teams/{id}/grants - mutation: branches null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": null, + "expiresAt": "2008-02-06T15:08:34Z", + "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", + "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", + "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_grants_post_mutation_branches_object_instead_of_array_c0bd2a08.hurl b/cases/api_admin_teams_id_grants_post_mutation_branches_object_instead_of_array_c0bd2a08.hurl new file mode 100644 index 0000000..0de67df --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_mutation_branches_object_instead_of_array_c0bd2a08.hurl @@ -0,0 +1,26 @@ +# ── POST /api/admin/teams/{id}/grants - mutation: branches object instead of array ── +# case_id=TC-c0bd2a08 +# case_name=POST /api/admin/teams/{id}/grants - mutation: branches object instead of array +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": {}, + "expiresAt": "2008-02-06T15:08:34Z", + "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", + "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", + "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_grants_post_mutation_branches_string_instead_of_array_963f2d23.hurl b/cases/api_admin_teams_id_grants_post_mutation_branches_string_instead_of_array_963f2d23.hurl new file mode 100644 index 0000000..dac3012 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_mutation_branches_string_instead_of_array_963f2d23.hurl @@ -0,0 +1,26 @@ +# ── POST /api/admin/teams/{id}/grants - mutation: branches string instead of array ── +# case_id=TC-963f2d23 +# case_name=POST /api/admin/teams/{id}/grants - mutation: branches string instead of array +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": "not-an-array", + "expiresAt": "2008-02-06T15:08:34Z", + "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", + "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", + "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_grants_post_mutation_expiresat_empty_string_2894700e.hurl b/cases/api_admin_teams_id_grants_post_mutation_expiresat_empty_string_2894700e.hurl new file mode 100644 index 0000000..cedfe73 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_mutation_expiresat_empty_string_2894700e.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/teams/{id}/grants - mutation: expiresAt empty string ── +# case_id=TC-2894700e +# case_name=POST /api/admin/teams/{id}/grants - mutation: expiresAt empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "himself" + ], + "expiresAt": "", + "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", + "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", + "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_grants_post_mutation_expiresat_integer_instead_of_string_c03df9f9.hurl b/cases/api_admin_teams_id_grants_post_mutation_expiresat_integer_instead_of_string_c03df9f9.hurl new file mode 100644 index 0000000..580ceee --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_mutation_expiresat_integer_instead_of_string_c03df9f9.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/teams/{id}/grants - mutation: expiresAt integer instead of string ── +# case_id=TC-c03df9f9 +# case_name=POST /api/admin/teams/{id}/grants - mutation: expiresAt integer instead of string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "himself" + ], + "expiresAt": 12345, + "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", + "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", + "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_grants_post_mutation_expiresat_invalid_date_format_6260c870.hurl b/cases/api_admin_teams_id_grants_post_mutation_expiresat_invalid_date_format_6260c870.hurl new file mode 100644 index 0000000..3516d47 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_mutation_expiresat_invalid_date_format_6260c870.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/teams/{id}/grants - mutation: expiresAt invalid date format ── +# case_id=TC-6260c870 +# case_name=POST /api/admin/teams/{id}/grants - mutation: expiresAt invalid date format +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "himself" + ], + "expiresAt": "not-a-date", + "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", + "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", + "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_grants_post_mutation_expiresat_null_value_759658e7.hurl b/cases/api_admin_teams_id_grants_post_mutation_expiresat_null_value_759658e7.hurl new file mode 100644 index 0000000..f8b44e4 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_mutation_expiresat_null_value_759658e7.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/teams/{id}/grants - mutation: expiresAt null value ── +# case_id=TC-759658e7 +# case_name=POST /api/admin/teams/{id}/grants - mutation: expiresAt null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "himself" + ], + "expiresAt": null, + "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", + "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", + "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_grants_post_mutation_expiresat_oversized_string_300_chars_0ee96c4d.hurl b/cases/api_admin_teams_id_grants_post_mutation_expiresat_oversized_string_300_chars_0ee96c4d.hurl new file mode 100644 index 0000000..e14353a --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_mutation_expiresat_oversized_string_300_chars_0ee96c4d.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/teams/{id}/grants - mutation: expiresAt oversized string (300 chars) ── +# case_id=TC-0ee96c4d +# case_name=POST /api/admin/teams/{id}/grants - mutation: expiresAt oversized string (300 chars) +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "himself" + ], + "expiresAt": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", + "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", + "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_grants_post_mutation_granteeteamid_empty_string_7d06efc6.hurl b/cases/api_admin_teams_id_grants_post_mutation_granteeteamid_empty_string_7d06efc6.hurl new file mode 100644 index 0000000..3733e62 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_mutation_granteeteamid_empty_string_7d06efc6.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/teams/{id}/grants - mutation: granteeTeamId empty string ── +# case_id=TC-7d06efc6 +# case_name=POST /api/admin/teams/{id}/grants - mutation: granteeTeamId empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "himself" + ], + "expiresAt": "2008-02-06T15:08:34Z", + "granteeTeamId": "", + "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", + "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_grants_post_mutation_granteeteamid_null_value_0064709a.hurl b/cases/api_admin_teams_id_grants_post_mutation_granteeteamid_null_value_0064709a.hurl new file mode 100644 index 0000000..cd83362 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_mutation_granteeteamid_null_value_0064709a.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/teams/{id}/grants - mutation: granteeTeamId null value ── +# case_id=TC-0064709a +# case_name=POST /api/admin/teams/{id}/grants - mutation: granteeTeamId null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "himself" + ], + "expiresAt": "2008-02-06T15:08:34Z", + "granteeTeamId": null, + "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", + "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_grants_post_null_injection_branches_e32391c6.hurl b/cases/api_admin_teams_id_grants_post_null_injection_branches_e32391c6.hurl new file mode 100644 index 0000000..5a63d4b --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_null_injection_branches_e32391c6.hurl @@ -0,0 +1,22 @@ +# ── POST /api/admin/teams/{id}/grants - null injection: branches ── +# case_id=TC-e32391c6 +# case_name=POST /api/admin/teams/{id}/grants - null injection: branches +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": null, + "expiresAt": "1914-05-11T22:00:14Z", + "granteeTeamId": "bcaeb7d9-6d53-4be0-8f2e-d1beacfc2fa1", + "granteeUserId": "44099659-ceca-4310-b565-88e5257ae6f0", + "serviceId": "4e8d3cff-ce68-4019-af70-67a1bb961ec8" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_grants_post_null_injection_expiresat_df39db3e.hurl b/cases/api_admin_teams_id_grants_post_null_injection_expiresat_df39db3e.hurl new file mode 100644 index 0000000..9bc4270 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_null_injection_expiresat_df39db3e.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - null injection: expiresAt ── +# case_id=TC-df39db3e +# case_name=POST /api/admin/teams/{id}/grants - null injection: expiresAt +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "sari" + ], + "expiresAt": null, + "granteeTeamId": "bcaeb7d9-6d53-4be0-8f2e-d1beacfc2fa1", + "granteeUserId": "44099659-ceca-4310-b565-88e5257ae6f0", + "serviceId": "4e8d3cff-ce68-4019-af70-67a1bb961ec8" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_grants_post_null_injection_granteeteamid_63fd31b7.hurl b/cases/api_admin_teams_id_grants_post_null_injection_granteeteamid_63fd31b7.hurl new file mode 100644 index 0000000..d1aed01 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_null_injection_granteeteamid_63fd31b7.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - null injection: granteeTeamId ── +# case_id=TC-63fd31b7 +# case_name=POST /api/admin/teams/{id}/grants - null injection: granteeTeamId +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "sari" + ], + "expiresAt": "1914-05-11T22:00:14Z", + "granteeTeamId": null, + "granteeUserId": "44099659-ceca-4310-b565-88e5257ae6f0", + "serviceId": "4e8d3cff-ce68-4019-af70-67a1bb961ec8" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_grants_post_null_injection_granteeuserid_593b0773.hurl b/cases/api_admin_teams_id_grants_post_null_injection_granteeuserid_593b0773.hurl new file mode 100644 index 0000000..ea95b9d --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_null_injection_granteeuserid_593b0773.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - null injection: granteeUserId ── +# case_id=TC-593b0773 +# case_name=POST /api/admin/teams/{id}/grants - null injection: granteeUserId +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "sari" + ], + "expiresAt": "1914-05-11T22:00:14Z", + "granteeTeamId": "bcaeb7d9-6d53-4be0-8f2e-d1beacfc2fa1", + "granteeUserId": null, + "serviceId": "4e8d3cff-ce68-4019-af70-67a1bb961ec8" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_grants_post_null_injection_serviceid_2571eb1b.hurl b/cases/api_admin_teams_id_grants_post_null_injection_serviceid_2571eb1b.hurl new file mode 100644 index 0000000..be4fc18 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_null_injection_serviceid_2571eb1b.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - null injection: serviceId ── +# case_id=TC-2571eb1b +# case_name=POST /api/admin/teams/{id}/grants - null injection: serviceId +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "sari" + ], + "expiresAt": "1914-05-11T22:00:14Z", + "granteeTeamId": "bcaeb7d9-6d53-4be0-8f2e-d1beacfc2fa1", + "granteeUserId": "44099659-ceca-4310-b565-88e5257ae6f0", + "serviceId": null +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_grants_post_owasp_api1_bola_unauthorized_access_750fd5ab.hurl b/cases/api_admin_teams_id_grants_post_owasp_api1_bola_unauthorized_access_750fd5ab.hurl new file mode 100644 index 0000000..80ee090 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_owasp_api1_bola_unauthorized_access_750fd5ab.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API1] POST /api/admin/teams/{id}/grants — BOLA unauthorized access ── +# case_id=TC-750fd5ab +# case_name=[OWASP-API1] POST /api/admin/teams/{id}/grants — BOLA unauthorized access +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/teams/{{other_resource_id}}/grants + +HTTP 403 + diff --git a/cases/api_admin_teams_id_grants_post_owasp_api2_broken_authentication_a5db835c.hurl b/cases/api_admin_teams_id_grants_post_owasp_api2_broken_authentication_a5db835c.hurl new file mode 100644 index 0000000..a136042 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_owasp_api2_broken_authentication_a5db835c.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] POST /api/admin/teams/{id}/grants — broken authentication ── +# case_id=TC-a5db835c +# case_name=[OWASP-API2] POST /api/admin/teams/{id}/grants — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/teams/{id}/grants + +HTTP 401 + diff --git a/cases/api_admin_teams_id_grants_post_owasp_api5_function_level_authorization_missing_4c520692.hurl b/cases/api_admin_teams_id_grants_post_owasp_api5_function_level_authorization_missing_4c520692.hurl new file mode 100644 index 0000000..43f8117 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_owasp_api5_function_level_authorization_missing_4c520692.hurl @@ -0,0 +1,13 @@ +# ── [OWASP-API5] POST /api/admin/teams/{id}/grants — function-level authorization missing ── +# case_id=TC-4c520692 +# case_name=[OWASP-API5] POST /api/admin/teams/{id}/grants — function-level authorization missing +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +POST {{base_url}}/api/admin/teams/{id}/grants +Authorization: Bearer {{user_token}} + +HTTP 403 + diff --git a/cases/api_admin_teams_id_grants_post_owasp_api6_mass_assignment_e74b3c2c.hurl b/cases/api_admin_teams_id_grants_post_owasp_api6_mass_assignment_e74b3c2c.hurl new file mode 100644 index 0000000..dc2ec5c --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_owasp_api6_mass_assignment_e74b3c2c.hurl @@ -0,0 +1,32 @@ +# ── [OWASP-API6] POST /api/admin/teams/{id}/grants — mass assignment ── +# case_id=TC-e74b3c2c +# case_name=[OWASP-API6] POST /api/admin/teams/{id}/grants — mass assignment +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "might" + ], + "createdAt": "2000-01-01T00:00:00Z", + "expiresAt": "1904-11-16T00:21:56Z", + "granteeTeamId": "80cfeb39-de1f-4afc-b29b-dbf268b668eb", + "granteeUserId": "af0ce4e0-f8fb-4c7c-b929-9d7dfc463d99", + "id": 99999, + "serviceId": "3751ed85-6162-4db7-8287-4b7491018fb0", + "updatedAt": "2000-01-01T00:00:00Z" +} +``` + +HTTP 201 + +[Asserts] +jsonpath "$.id" != 99999 +jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" +jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" + diff --git a/cases/api_admin_teams_id_grants_post_owasp_api7_injection_path_traversal_aa0b7128.hurl b/cases/api_admin_teams_id_grants_post_owasp_api7_injection_path_traversal_aa0b7128.hurl new file mode 100644 index 0000000..49836a0 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_owasp_api7_injection_path_traversal_aa0b7128.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] POST /api/admin/teams/{id}/grants — injection (path-traversal) ── +# case_id=TC-aa0b7128 +# case_name=[OWASP-API7] POST /api/admin/teams/{id}/grants — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/grants +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_owasp_api7_injection_sqli_ea6fd919.hurl b/cases/api_admin_teams_id_grants_post_owasp_api7_injection_sqli_ea6fd919.hurl new file mode 100644 index 0000000..312488c --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_owasp_api7_injection_sqli_ea6fd919.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] POST /api/admin/teams/{id}/grants — injection (sqli) ── +# case_id=TC-ea6fd919 +# case_name=[OWASP-API7] POST /api/admin/teams/{id}/grants — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/teams/%27%20OR%201=1--/grants +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_owasp_api7_injection_xss_c288f174.hurl b/cases/api_admin_teams_id_grants_post_owasp_api7_injection_xss_c288f174.hurl new file mode 100644 index 0000000..d49660c --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_owasp_api7_injection_xss_c288f174.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] POST /api/admin/teams/{id}/grants — injection (xss) ── +# case_id=TC-c288f174 +# case_name=[OWASP-API7] POST /api/admin/teams/{id}/grants — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/grants +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_required_omission_serviceid_absent_eb992221.hurl b/cases/api_admin_teams_id_grants_post_required_omission_serviceid_absent_eb992221.hurl new file mode 100644 index 0000000..d1c1cba --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_required_omission_serviceid_absent_eb992221.hurl @@ -0,0 +1,27 @@ +# ── POST /api/admin/teams/{id}/grants - [required_omission] serviceId absent ── +# case_id=TC-eb992221 +# case_name=POST /api/admin/teams/{id}/grants - [required_omission] serviceId absent +# step_id=step-main +# step_type=test +# technique=required_omission +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "several" + ], + "expiresAt": "1989-03-13T15:48:36Z", + "granteeTeamId": "849dc625-c140-49ac-bf25-8a047cafbb78", + "granteeUserId": "f936f656-e5c6-4646-85ad-e56be5d8778e" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_grants_post_schema_violation_expiresat_invalid_format_date_ti_9509a04a.hurl b/cases/api_admin_teams_id_grants_post_schema_violation_expiresat_invalid_format_date_ti_9509a04a.hurl new file mode 100644 index 0000000..9cca0e5 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_schema_violation_expiresat_invalid_format_date_ti_9509a04a.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [schema_violation] expiresAt_invalid_format_date-time ── +# case_id=TC-9509a04a +# case_name=POST /api/admin/teams/{id}/grants - [schema_violation] expiresAt_invalid_format_date-time +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "am" + ], + "expiresAt": "not-a-date", + "granteeTeamId": "7a8e7c06-efab-4a89-8471-23bbf2a20eea", + "granteeUserId": "55b411ae-4ae9-4cf6-802a-a4a242203443", + "serviceId": "435a1f1c-09a1-4465-b8ad-2053fa825257" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_grants_post_schema_violation_serviceid_missing_required_4b79a206.hurl b/cases/api_admin_teams_id_grants_post_schema_violation_serviceid_missing_required_4b79a206.hurl new file mode 100644 index 0000000..3359665 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_schema_violation_serviceid_missing_required_4b79a206.hurl @@ -0,0 +1,23 @@ +# ── POST /api/admin/teams/{id}/grants - [schema_violation] serviceId_missing_required ── +# case_id=TC-4b79a206 +# case_name=POST /api/admin/teams/{id}/grants - [schema_violation] serviceId_missing_required +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "am" + ], + "expiresAt": "1970-08-02T20:53:06Z", + "granteeTeamId": "7a8e7c06-efab-4a89-8471-23bbf2a20eea", + "granteeUserId": "55b411ae-4ae9-4cf6-802a-a4a242203443" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_grants_post_type_coercion_branches_wrong_type_string_291b984a.hurl b/cases/api_admin_teams_id_grants_post_type_coercion_branches_wrong_type_string_291b984a.hurl new file mode 100644 index 0000000..836f029 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_type_coercion_branches_wrong_type_string_291b984a.hurl @@ -0,0 +1,22 @@ +# ── POST /api/admin/teams/{id}/grants - [type_coercion] branches wrong_type_string ── +# case_id=TC-291b984a +# case_name=POST /api/admin/teams/{id}/grants - [type_coercion] branches wrong_type_string +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": "not_an_array", + "expiresAt": "2013-09-12T21:41:49Z", + "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", + "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", + "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_grants_post_type_coercion_expiresat_wrong_type_boolean_d73bcfa6.hurl b/cases/api_admin_teams_id_grants_post_type_coercion_expiresat_wrong_type_boolean_d73bcfa6.hurl new file mode 100644 index 0000000..6281915 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_type_coercion_expiresat_wrong_type_boolean_d73bcfa6.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [type_coercion] expiresAt wrong_type_boolean ── +# case_id=TC-d73bcfa6 +# case_name=POST /api/admin/teams/{id}/grants - [type_coercion] expiresAt wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "bad" + ], + "expiresAt": true, + "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", + "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", + "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_grants_post_type_coercion_expiresat_wrong_type_integer_4440c404.hurl b/cases/api_admin_teams_id_grants_post_type_coercion_expiresat_wrong_type_integer_4440c404.hurl new file mode 100644 index 0000000..8ff32e8 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_type_coercion_expiresat_wrong_type_integer_4440c404.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [type_coercion] expiresAt wrong_type_integer ── +# case_id=TC-4440c404 +# case_name=POST /api/admin/teams/{id}/grants - [type_coercion] expiresAt wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "bad" + ], + "expiresAt": 123, + "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", + "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", + "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_grants_post_type_coercion_granteeteamid_wrong_type_boolean_8920e31f.hurl b/cases/api_admin_teams_id_grants_post_type_coercion_granteeteamid_wrong_type_boolean_8920e31f.hurl new file mode 100644 index 0000000..d9409f9 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_type_coercion_granteeteamid_wrong_type_boolean_8920e31f.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [type_coercion] granteeTeamId wrong_type_boolean ── +# case_id=TC-8920e31f +# case_name=POST /api/admin/teams/{id}/grants - [type_coercion] granteeTeamId wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "bad" + ], + "expiresAt": "2013-09-12T21:41:49Z", + "granteeTeamId": true, + "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", + "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_grants_post_type_coercion_granteeteamid_wrong_type_integer_50132b05.hurl b/cases/api_admin_teams_id_grants_post_type_coercion_granteeteamid_wrong_type_integer_50132b05.hurl new file mode 100644 index 0000000..b2a78fb --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_type_coercion_granteeteamid_wrong_type_integer_50132b05.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [type_coercion] granteeTeamId wrong_type_integer ── +# case_id=TC-50132b05 +# case_name=POST /api/admin/teams/{id}/grants - [type_coercion] granteeTeamId wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "bad" + ], + "expiresAt": "2013-09-12T21:41:49Z", + "granteeTeamId": 123, + "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", + "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_grants_post_type_coercion_granteeuserid_wrong_type_boolean_1566fad3.hurl b/cases/api_admin_teams_id_grants_post_type_coercion_granteeuserid_wrong_type_boolean_1566fad3.hurl new file mode 100644 index 0000000..0be3656 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_type_coercion_granteeuserid_wrong_type_boolean_1566fad3.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [type_coercion] granteeUserId wrong_type_boolean ── +# case_id=TC-1566fad3 +# case_name=POST /api/admin/teams/{id}/grants - [type_coercion] granteeUserId wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "bad" + ], + "expiresAt": "2013-09-12T21:41:49Z", + "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", + "granteeUserId": true, + "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_grants_post_type_coercion_granteeuserid_wrong_type_integer_3f9db72b.hurl b/cases/api_admin_teams_id_grants_post_type_coercion_granteeuserid_wrong_type_integer_3f9db72b.hurl new file mode 100644 index 0000000..1b99e33 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_type_coercion_granteeuserid_wrong_type_integer_3f9db72b.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [type_coercion] granteeUserId wrong_type_integer ── +# case_id=TC-3f9db72b +# case_name=POST /api/admin/teams/{id}/grants - [type_coercion] granteeUserId wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "bad" + ], + "expiresAt": "2013-09-12T21:41:49Z", + "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", + "granteeUserId": 123, + "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_grants_post_type_coercion_serviceid_wrong_type_boolean_f4852904.hurl b/cases/api_admin_teams_id_grants_post_type_coercion_serviceid_wrong_type_boolean_f4852904.hurl new file mode 100644 index 0000000..e4ba46c --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_type_coercion_serviceid_wrong_type_boolean_f4852904.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [type_coercion] serviceId wrong_type_boolean ── +# case_id=TC-f4852904 +# case_name=POST /api/admin/teams/{id}/grants - [type_coercion] serviceId wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "bad" + ], + "expiresAt": "2013-09-12T21:41:49Z", + "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", + "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", + "serviceId": true +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_grants_post_type_coercion_serviceid_wrong_type_integer_e98b7c31.hurl b/cases/api_admin_teams_id_grants_post_type_coercion_serviceid_wrong_type_integer_e98b7c31.hurl new file mode 100644 index 0000000..db2a358 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_type_coercion_serviceid_wrong_type_integer_e98b7c31.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [type_coercion] serviceId wrong_type_integer ── +# case_id=TC-e98b7c31 +# case_name=POST /api/admin/teams/{id}/grants - [type_coercion] serviceId wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "bad" + ], + "expiresAt": "2013-09-12T21:41:49Z", + "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", + "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", + "serviceId": 123 +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_bidi_override_691f2024.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_bidi_override_691f2024.hurl new file mode 100644 index 0000000..fe11e46 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_bidi_override_691f2024.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt bidi_override ── +# case_id=TC-691f2024 +# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "eye" + ], + "expiresAt": "‮hello", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_control_char_ed7d403f.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_control_char_ed7d403f.hurl new file mode 100644 index 0000000..ad3d208 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_control_char_ed7d403f.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt control_char ── +# case_id=TC-ed7d403f +# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "eye" + ], + "expiresAt": "hello\u0000world", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_overlong_e80f6e77.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_overlong_e80f6e77.hurl new file mode 100644 index 0000000..f3fdebb --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_overlong_e80f6e77.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt overlong ── +# case_id=TC-e80f6e77 +# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "eye" + ], + "expiresAt": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_zalgo_e8fa18b3.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_zalgo_e8fa18b3.hurl new file mode 100644 index 0000000..645c1ac --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_zalgo_e8fa18b3.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt zalgo ── +# case_id=TC-e8fa18b3 +# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "eye" + ], + "expiresAt": "z̀́̂̃̄̅̆̇a", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_zero_width_c67b22d4.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_zero_width_c67b22d4.hurl new file mode 100644 index 0000000..5639188 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_zero_width_c67b22d4.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt zero_width ── +# case_id=TC-c67b22d4 +# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "eye" + ], + "expiresAt": "​hello", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_bidi_override_d197e84d.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_bidi_override_d197e84d.hurl new file mode 100644 index 0000000..778d1be --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_bidi_override_d197e84d.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId bidi_override ── +# case_id=TC-d197e84d +# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "‮hello", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_control_char_d5595214.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_control_char_d5595214.hurl new file mode 100644 index 0000000..b619d09 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_control_char_d5595214.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId control_char ── +# case_id=TC-d5595214 +# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "hello\u0000world", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_overlong_4df41e59.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_overlong_4df41e59.hurl new file mode 100644 index 0000000..1083314 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_overlong_4df41e59.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId overlong ── +# case_id=TC-4df41e59 +# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_zalgo_603eeaa8.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_zalgo_603eeaa8.hurl new file mode 100644 index 0000000..e59ebac --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_zalgo_603eeaa8.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId zalgo ── +# case_id=TC-603eeaa8 +# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "z̀́̂̃̄̅̆̇a", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_zero_width_28a0c8b4.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_zero_width_28a0c8b4.hurl new file mode 100644 index 0000000..cdbd4b0 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_zero_width_28a0c8b4.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId zero_width ── +# case_id=TC-28a0c8b4 +# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "​hello", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_bidi_override_57831769.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_bidi_override_57831769.hurl new file mode 100644 index 0000000..a58fb0b --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_bidi_override_57831769.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId bidi_override ── +# case_id=TC-57831769 +# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "‮hello", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_control_char_bb1058c5.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_control_char_bb1058c5.hurl new file mode 100644 index 0000000..a6ba00f --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_control_char_bb1058c5.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId control_char ── +# case_id=TC-bb1058c5 +# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "hello\u0000world", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_overlong_81f35d0c.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_overlong_81f35d0c.hurl new file mode 100644 index 0000000..51c222a --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_overlong_81f35d0c.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId overlong ── +# case_id=TC-81f35d0c +# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_zalgo_7682a2d7.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_zalgo_7682a2d7.hurl new file mode 100644 index 0000000..64d6e2b --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_zalgo_7682a2d7.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId zalgo ── +# case_id=TC-7682a2d7 +# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "z̀́̂̃̄̅̆̇a", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_zero_width_7f787ffd.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_zero_width_7f787ffd.hurl new file mode 100644 index 0000000..a922175 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_zero_width_7f787ffd.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId zero_width ── +# case_id=TC-7f787ffd +# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "​hello", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_bidi_override_894450de.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_bidi_override_894450de.hurl new file mode 100644 index 0000000..750e01a --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_bidi_override_894450de.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId bidi_override ── +# case_id=TC-894450de +# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "‮hello" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_control_char_aea6968a.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_control_char_aea6968a.hurl new file mode 100644 index 0000000..cc530ec --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_control_char_aea6968a.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId control_char ── +# case_id=TC-aea6968a +# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "hello\u0000world" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_overlong_ae4ea893.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_overlong_ae4ea893.hurl new file mode 100644 index 0000000..4163e13 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_overlong_ae4ea893.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId overlong ── +# case_id=TC-ae4ea893 +# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_zalgo_3b372657.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_zalgo_3b372657.hurl new file mode 100644 index 0000000..5cc2f8d --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_zalgo_3b372657.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId zalgo ── +# case_id=TC-3b372657 +# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "z̀́̂̃̄̅̆̇a" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_zero_width_c9798ccb.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_zero_width_c9798ccb.hurl new file mode 100644 index 0000000..847f0fe --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_zero_width_c9798ccb.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId zero_width ── +# case_id=TC-c9798ccb +# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "​hello" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_grants_post_valid_request_with_all_required_fields_62bccfec.hurl b/cases/api_admin_teams_id_grants_post_valid_request_with_all_required_fields_62bccfec.hurl new file mode 100644 index 0000000..9d30e28 --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_valid_request_with_all_required_fields_62bccfec.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/teams/{id}/grants - valid request with all required fields ── +# case_id=TC-62bccfec +# case_name=POST /api/admin/teams/{id}/grants - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "other" + ], + "expiresAt": "2020-03-12T16:50:23Z", + "granteeTeamId": "fcea5c7d-08df-4a6b-a40b-cc22936c70a6", + "granteeUserId": "4b66d87d-2a87-436a-9cba-cbd963fe3725", + "serviceId": "20931bd8-47ab-4a34-9161-aa0f41c54efd" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.id" exists + diff --git a/cases/api_admin_teams_id_grants_post_wrong_content_type_text_plain_a9ed456f.hurl b/cases/api_admin_teams_id_grants_post_wrong_content_type_text_plain_a9ed456f.hurl new file mode 100644 index 0000000..a36edae --- /dev/null +++ b/cases/api_admin_teams_id_grants_post_wrong_content_type_text_plain_a9ed456f.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams/{id}/grants - wrong content-type (text/plain) ── +# case_id=TC-a9ed456f +# case_name=POST /api/admin/teams/{id}/grants - wrong content-type (text/plain) +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: text/plain +```json +{ + "branches": [ + "sari" + ], + "expiresAt": "1914-05-11T22:00:14Z", + "granteeTeamId": "bcaeb7d9-6d53-4be0-8f2e-d1beacfc2fa1", + "granteeUserId": "44099659-ceca-4310-b565-88e5257ae6f0", + "serviceId": "4e8d3cff-ce68-4019-af70-67a1bb961ec8" +} +``` + +HTTP 415 + diff --git a/cases/api_admin_teams_id_grants_sequence_chain_delete_api_admin_grants_id_fae601d3.hurl b/cases/api_admin_teams_id_grants_sequence_chain_delete_api_admin_grants_id_fae601d3.hurl new file mode 100644 index 0000000..39a3642 --- /dev/null +++ b/cases/api_admin_teams_id_grants_sequence_chain_delete_api_admin_grants_id_fae601d3.hurl @@ -0,0 +1,48 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/teams/{id}/grants → DELETE /api/admin/grants/{id} +# case_id=TC-fae601d3 +# case_name=sequence chain: /api/admin/teams/{id}/grants → DELETE /api/admin/grants/{id} +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/teams/{id}/grants [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/teams/{id}/grants + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "in" + ], + "expiresAt": "1934-04-27T17:54:54Z", + "granteeTeamId": "ef7ba0e3-e654-4cbe-a8db-7d80ae34554a", + "granteeUserId": "6b8cf351-2a07-4e9b-af8d-93adadf31af4", + "serviceId": "4af3c971-e3ff-4038-8eec-7562f600ef7e" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via DELETE /api/admin/grants/{id} [test] ── +# step_id=step-test +# step_type=test +# title=use via DELETE /api/admin/grants/{id} +# depends_on=step-setup + +DELETE {{base_url}}/api/admin/grants/{{id}} + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_teams_id_grants_sequence_chain_delete_api_admin_users_id_1e93f696.hurl b/cases/api_admin_teams_id_grants_sequence_chain_delete_api_admin_users_id_1e93f696.hurl new file mode 100644 index 0000000..78b2aa2 --- /dev/null +++ b/cases/api_admin_teams_id_grants_sequence_chain_delete_api_admin_users_id_1e93f696.hurl @@ -0,0 +1,48 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/teams/{id}/grants → DELETE /api/admin/users/{id} +# case_id=TC-1e93f696 +# case_name=sequence chain: /api/admin/teams/{id}/grants → DELETE /api/admin/users/{id} +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/teams/{id}/grants [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/teams/{id}/grants + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "next" + ], + "expiresAt": "1953-08-22T03:36:54Z", + "granteeTeamId": "4ec6231f-137f-4153-97d0-8c43294d0bd2", + "granteeUserId": "94e4e393-307c-46af-870b-f6f1a737e66b", + "serviceId": "67af3e57-44c9-4422-ae15-53de1e10b9a7" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via DELETE /api/admin/users/{id} [test] ── +# step_id=step-test +# step_type=test +# title=use via DELETE /api/admin/users/{id} +# depends_on=step-setup + +DELETE {{base_url}}/api/admin/users/{{id}} + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_teams_id_grants_sequence_chain_get_api_admin_teams_id_members_7710bdae.hurl b/cases/api_admin_teams_id_grants_sequence_chain_get_api_admin_teams_id_members_7710bdae.hurl new file mode 100644 index 0000000..4df5e98 --- /dev/null +++ b/cases/api_admin_teams_id_grants_sequence_chain_get_api_admin_teams_id_members_7710bdae.hurl @@ -0,0 +1,48 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/teams/{id}/grants → GET /api/admin/teams/{id}/members +# case_id=TC-7710bdae +# case_name=sequence chain: /api/admin/teams/{id}/grants → GET /api/admin/teams/{id}/members +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/teams/{id}/grants [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/teams/{id}/grants + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "place" + ], + "expiresAt": "1973-01-05T11:42:04Z", + "granteeTeamId": "58c7d788-061b-4021-9e8c-01942f155464", + "granteeUserId": "1b70dc76-c2d3-4e62-9f5d-22c8319dc0a2", + "serviceId": "a31b4938-a01f-4bc1-80fe-f165a18d784e" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via GET /api/admin/teams/{id}/members [test] ── +# step_id=step-test +# step_type=test +# title=use via GET /api/admin/teams/{id}/members +# depends_on=step-setup + +GET {{base_url}}/api/admin/teams/{{id}}/members + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_teams_id_grants_sequence_chain_get_api_admin_teams_id_services_fd7cb142.hurl b/cases/api_admin_teams_id_grants_sequence_chain_get_api_admin_teams_id_services_fd7cb142.hurl new file mode 100644 index 0000000..f5c01d0 --- /dev/null +++ b/cases/api_admin_teams_id_grants_sequence_chain_get_api_admin_teams_id_services_fd7cb142.hurl @@ -0,0 +1,48 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/teams/{id}/grants → GET /api/admin/teams/{id}/services +# case_id=TC-fd7cb142 +# case_name=sequence chain: /api/admin/teams/{id}/grants → GET /api/admin/teams/{id}/services +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/teams/{id}/grants [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/teams/{id}/grants + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "nightly" + ], + "expiresAt": "2014-07-24T15:17:10Z", + "granteeTeamId": "da38f17d-bcba-48c6-b1e9-2b8c5c84b849", + "granteeUserId": "a204f443-d1b0-4bfc-803a-4c17ae6cc61d", + "serviceId": "ce438324-485f-4319-9bd6-11c6d9721984" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via GET /api/admin/teams/{id}/services [test] ── +# step_id=step-test +# step_type=test +# title=use via GET /api/admin/teams/{id}/services +# depends_on=step-setup + +GET {{base_url}}/api/admin/teams/{{id}}/services + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_teams_id_grants_sequence_chain_post_api_admin_teams_id_members_136f3cd3.hurl b/cases/api_admin_teams_id_grants_sequence_chain_post_api_admin_teams_id_members_136f3cd3.hurl new file mode 100644 index 0000000..f9721a0 --- /dev/null +++ b/cases/api_admin_teams_id_grants_sequence_chain_post_api_admin_teams_id_members_136f3cd3.hurl @@ -0,0 +1,55 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/teams/{id}/grants → POST /api/admin/teams/{id}/members +# case_id=TC-136f3cd3 +# case_name=sequence chain: /api/admin/teams/{id}/grants → POST /api/admin/teams/{id}/members +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/teams/{id}/grants [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/teams/{id}/grants + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "wow" + ], + "expiresAt": "1972-07-06T21:33:45Z", + "granteeTeamId": "b14431ac-e726-45f0-93de-31b938772976", + "granteeUserId": "4d5d2551-5245-4b9f-96e5-0b702e93eff2", + "serviceId": "fa586d52-80ed-493e-8e6d-6047b31e41fa" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via POST /api/admin/teams/{id}/members [test] ── +# step_id=step-test +# step_type=test +# title=use via POST /api/admin/teams/{id}/members +# depends_on=step-setup + +POST {{base_url}}/api/admin/teams/{{id}}/members +Content-Type: application/json +```json +{ + "role": "member", + "userId": "1dd37e1e-0598-4a14-9118-1e52865101d3" +} +``` + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_teams_id_grants_sequence_chain_put_api_admin_services_serviceid_team_cafaccf6.hurl b/cases/api_admin_teams_id_grants_sequence_chain_put_api_admin_services_serviceid_team_cafaccf6.hurl new file mode 100644 index 0000000..3a14091 --- /dev/null +++ b/cases/api_admin_teams_id_grants_sequence_chain_put_api_admin_services_serviceid_team_cafaccf6.hurl @@ -0,0 +1,54 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/teams/{id}/grants → PUT /api/admin/services/{serviceId}/team +# case_id=TC-cafaccf6 +# case_name=sequence chain: /api/admin/teams/{id}/grants → PUT /api/admin/services/{serviceId}/team +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/teams/{id}/grants [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/teams/{id}/grants + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "am" + ], + "expiresAt": "1930-06-02T07:33:10Z", + "granteeTeamId": "6eb082a3-7a81-4673-b080-6f876150d238", + "granteeUserId": "9c8b45fd-f191-4a4d-80fd-b8dad10d176a", + "serviceId": "d078acf6-4a9a-463a-9632-1d93b5a7ecfa" +} +``` + +HTTP * + +[Captures] +serviceId: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via PUT /api/admin/services/{serviceId}/team [test] ── +# step_id=step-test +# step_type=test +# title=use via PUT /api/admin/services/{serviceId}/team +# depends_on=step-setup + +PUT {{base_url}}/api/admin/services/{{serviceId}}/team +Content-Type: application/json +```json +{ + "teamId": "ef302aa8-fd8d-4fd6-9798-6d57d88f7ac6" +} +``` + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_teams_id_grants_sequence_chain_put_api_admin_users_id_636e3912.hurl b/cases/api_admin_teams_id_grants_sequence_chain_put_api_admin_users_id_636e3912.hurl new file mode 100644 index 0000000..300dbf2 --- /dev/null +++ b/cases/api_admin_teams_id_grants_sequence_chain_put_api_admin_users_id_636e3912.hurl @@ -0,0 +1,55 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/teams/{id}/grants → PUT /api/admin/users/{id} +# case_id=TC-636e3912 +# case_name=sequence chain: /api/admin/teams/{id}/grants → PUT /api/admin/users/{id} +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/teams/{id}/grants [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/teams/{id}/grants + +POST {{base_url}}/api/admin/teams/{id}/grants +Content-Type: application/json +```json +{ + "branches": [ + "half" + ], + "expiresAt": "1911-12-23T17:30:07Z", + "granteeTeamId": "e275d7a1-f1f0-449b-9962-e43b92698249", + "granteeUserId": "5a22025f-d28e-4434-9b1d-93bf353fbdb9", + "serviceId": "71bbc723-acdf-4be2-b56f-e471f9077cc5" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via PUT /api/admin/users/{id} [test] ── +# step_id=step-test +# step_type=test +# title=use via PUT /api/admin/users/{id} +# depends_on=step-setup + +PUT {{base_url}}/api/admin/users/{{id}} +Content-Type: application/json +```json +{ + "isActive": true, + "role": "team_member" +} +``` + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_teams_id_members_get_idor_id_0_zero_id_8d769a8b.hurl b/cases/api_admin_teams_id_members_get_idor_id_0_zero_id_8d769a8b.hurl new file mode 100644 index 0000000..3493525 --- /dev/null +++ b/cases/api_admin_teams_id_members_get_idor_id_0_zero_id_8d769a8b.hurl @@ -0,0 +1,16 @@ +# ── GET /api/admin/teams/{id}/members - IDOR id=0 (zero_id) ── +# case_id=TC-8d769a8b +# case_name=GET /api/admin/teams/{id}/members - IDOR id=0 (zero_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +GET {{base_url}}/api/admin/teams/0/members + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_members_get_idor_id_99999_alt_id_4af55f13.hurl b/cases/api_admin_teams_id_members_get_idor_id_99999_alt_id_4af55f13.hurl new file mode 100644 index 0000000..3ae29f9 --- /dev/null +++ b/cases/api_admin_teams_id_members_get_idor_id_99999_alt_id_4af55f13.hurl @@ -0,0 +1,16 @@ +# ── GET /api/admin/teams/{id}/members - IDOR id=99999 (alt_id) ── +# case_id=TC-4af55f13 +# case_name=GET /api/admin/teams/{id}/members - IDOR id=99999 (alt_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +GET {{base_url}}/api/admin/teams/99999/members + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_members_get_missing_required_param_id_724cd05d.hurl b/cases/api_admin_teams_id_members_get_missing_required_param_id_724cd05d.hurl new file mode 100644 index 0000000..72f1207 --- /dev/null +++ b/cases/api_admin_teams_id_members_get_missing_required_param_id_724cd05d.hurl @@ -0,0 +1,12 @@ +# ── GET /api/admin/teams/{id}/members - missing required param "id" ── +# case_id=TC-724cd05d +# case_name=GET /api/admin/teams/{id}/members - missing required param "id" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +GET {{base_url}}/api/admin/teams/1/members + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_get_owasp_api1_bola_unauthorized_access_be93ffb9.hurl b/cases/api_admin_teams_id_members_get_owasp_api1_bola_unauthorized_access_be93ffb9.hurl new file mode 100644 index 0000000..e0b7ef2 --- /dev/null +++ b/cases/api_admin_teams_id_members_get_owasp_api1_bola_unauthorized_access_be93ffb9.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API1] GET /api/admin/teams/{id}/members — BOLA unauthorized access ── +# case_id=TC-be93ffb9 +# case_name=[OWASP-API1] GET /api/admin/teams/{id}/members — BOLA unauthorized access +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/admin/teams/{{other_resource_id}}/members + +HTTP 403 + diff --git a/cases/api_admin_teams_id_members_get_owasp_api2_broken_authentication_942888a7.hurl b/cases/api_admin_teams_id_members_get_owasp_api2_broken_authentication_942888a7.hurl new file mode 100644 index 0000000..71eb073 --- /dev/null +++ b/cases/api_admin_teams_id_members_get_owasp_api2_broken_authentication_942888a7.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] GET /api/admin/teams/{id}/members — broken authentication ── +# case_id=TC-942888a7 +# case_name=[OWASP-API2] GET /api/admin/teams/{id}/members — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/admin/teams/{id}/members + +HTTP 401 + diff --git a/cases/api_admin_teams_id_members_get_owasp_api7_injection_path_traversal_c5fcb2bd.hurl b/cases/api_admin_teams_id_members_get_owasp_api7_injection_path_traversal_c5fcb2bd.hurl new file mode 100644 index 0000000..ca6bd3c --- /dev/null +++ b/cases/api_admin_teams_id_members_get_owasp_api7_injection_path_traversal_c5fcb2bd.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/admin/teams/{id}/members — injection (path-traversal) ── +# case_id=TC-c5fcb2bd +# case_name=[OWASP-API7] GET /api/admin/teams/{id}/members — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/members +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_get_owasp_api7_injection_sqli_05eacd8d.hurl b/cases/api_admin_teams_id_members_get_owasp_api7_injection_sqli_05eacd8d.hurl new file mode 100644 index 0000000..53bd4be --- /dev/null +++ b/cases/api_admin_teams_id_members_get_owasp_api7_injection_sqli_05eacd8d.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/admin/teams/{id}/members — injection (sqli) ── +# case_id=TC-05eacd8d +# case_name=[OWASP-API7] GET /api/admin/teams/{id}/members — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/admin/teams/%27%20OR%201=1--/members +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_get_owasp_api7_injection_xss_9935c2df.hurl b/cases/api_admin_teams_id_members_get_owasp_api7_injection_xss_9935c2df.hurl new file mode 100644 index 0000000..baa5bba --- /dev/null +++ b/cases/api_admin_teams_id_members_get_owasp_api7_injection_xss_9935c2df.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/admin/teams/{id}/members — injection (xss) ── +# case_id=TC-9935c2df +# case_name=[OWASP-API7] GET /api/admin/teams/{id}/members — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/members +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_get_valid_request_with_all_required_fields_f1d4a7ff.hurl b/cases/api_admin_teams_id_members_get_valid_request_with_all_required_fields_f1d4a7ff.hurl new file mode 100644 index 0000000..172411a --- /dev/null +++ b/cases/api_admin_teams_id_members_get_valid_request_with_all_required_fields_f1d4a7ff.hurl @@ -0,0 +1,16 @@ +# ── GET /api/admin/teams/{id}/members - valid request with all required fields ── +# case_id=TC-f1d4a7ff +# case_name=GET /api/admin/teams/{id}/members - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +GET {{base_url}}/api/admin/teams/{id}/members + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.members" exists + diff --git a/cases/api_admin_teams_id_members_options_owasp_api8_cors_security_configuration_02ec7afc.hurl b/cases/api_admin_teams_id_members_options_owasp_api8_cors_security_configuration_02ec7afc.hurl new file mode 100644 index 0000000..7eba35d --- /dev/null +++ b/cases/api_admin_teams_id_members_options_owasp_api8_cors_security_configuration_02ec7afc.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/admin/teams/{id}/members — CORS security configuration ── +# case_id=TC-02ec7afc +# case_name=[OWASP-API8] OPTIONS /api/admin/teams/{id}/members — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/admin/teams/{id}/members +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_admin_teams_id_members_post_idempotent_second_call_must_be_safe_fce8d8db.hurl b/cases/api_admin_teams_id_members_post_idempotent_second_call_must_be_safe_fce8d8db.hurl new file mode 100644 index 0000000..ac72099 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_idempotent_second_call_must_be_safe_fce8d8db.hurl @@ -0,0 +1,47 @@ +# ══════════════════════════════════════════════════ +# POST /api/admin/teams/{id}/members - idempotent: second call must be safe +# case_id=TC-fce8d8db +# case_name=POST /api/admin/teams/{id}/members - idempotent: second call must be safe +# case_kind=chain +# priority=P2 +# ══════════════════════════════════════════════════ + +# ── POST /api/admin/teams/{id}/members — first call [setup] ── +# step_id=step-setup +# step_type=setup +# title=POST /api/admin/teams/{id}/members — first call + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "member", + "userId": "f78fd0f2-6376-4a2b-8124-8006f5d96d4a" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + +# ── POST /api/admin/teams/{id}/members — identical second call must be safe [test] ── +# step_id=step-test +# step_type=test +# title=POST /api/admin/teams/{id}/members — identical second call must be safe +# depends_on=step-setup + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "member", + "userId": "f78fd0f2-6376-4a2b-8124-8006f5d96d4a" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_teams_id_members_post_idor_id_0_zero_id_07948765.hurl b/cases/api_admin_teams_id_members_post_idor_id_0_zero_id_07948765.hurl new file mode 100644 index 0000000..cb79aa8 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_idor_id_0_zero_id_07948765.hurl @@ -0,0 +1,16 @@ +# ── POST /api/admin/teams/{id}/members - IDOR id=0 (zero_id) ── +# case_id=TC-07948765 +# case_name=POST /api/admin/teams/{id}/members - IDOR id=0 (zero_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +POST {{base_url}}/api/admin/teams/0/members + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_members_post_idor_id_99999_alt_id_d1a0e9c6.hurl b/cases/api_admin_teams_id_members_post_idor_id_99999_alt_id_d1a0e9c6.hurl new file mode 100644 index 0000000..3013327 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_idor_id_99999_alt_id_d1a0e9c6.hurl @@ -0,0 +1,16 @@ +# ── POST /api/admin/teams/{id}/members - IDOR id=99999 (alt_id) ── +# case_id=TC-d1a0e9c6 +# case_name=POST /api/admin/teams/{id}/members - IDOR id=99999 (alt_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +POST {{base_url}}/api/admin/teams/99999/members + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_members_post_invalid_role_value_not_in_enum_54b6ea73.hurl b/cases/api_admin_teams_id_members_post_invalid_role_value_not_in_enum_54b6ea73.hurl new file mode 100644 index 0000000..bd1527b --- /dev/null +++ b/cases/api_admin_teams_id_members_post_invalid_role_value_not_in_enum_54b6ea73.hurl @@ -0,0 +1,19 @@ +# ── POST /api/admin/teams/{id}/members - invalid role: value not in enum ── +# case_id=TC-54b6ea73 +# case_name=POST /api/admin/teams/{id}/members - invalid role: value not in enum +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "__invalid_enum__", + "userId": "45cf0fb5-a53d-4f38-94af-85fabe94e394" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_post_mass_assignment_financial_probe_31f44a55.hurl b/cases/api_admin_teams_id_members_post_mass_assignment_financial_probe_31f44a55.hurl new file mode 100644 index 0000000..a2ccad2 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_mass_assignment_financial_probe_31f44a55.hurl @@ -0,0 +1,23 @@ +# ── POST /api/admin/teams/{id}/members - [mass_assignment] financial probe ── +# case_id=TC-31f44a55 +# case_name=POST /api/admin/teams/{id}/members - [mass_assignment] financial probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "balance": 1, + "credits": 1, + "discount": 0, + "price": 1, + "role": "member", + "userId": "b21cab01-ede4-49da-9080-18aced242f70" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_post_mass_assignment_identity_probe_09f9b8eb.hurl b/cases/api_admin_teams_id_members_post_mass_assignment_identity_probe_09f9b8eb.hurl new file mode 100644 index 0000000..40ad5ee --- /dev/null +++ b/cases/api_admin_teams_id_members_post_mass_assignment_identity_probe_09f9b8eb.hurl @@ -0,0 +1,22 @@ +# ── POST /api/admin/teams/{id}/members - [mass_assignment] identity probe ── +# case_id=TC-09f9b8eb +# case_name=POST /api/admin/teams/{id}/members - [mass_assignment] identity probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "createdBy": "__probe__", + "ownerId": "__probe__", + "role": "member", + "userId": "__probe__", + "user_id": "__probe__" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_post_mass_assignment_privilege_probe_850dd902.hurl b/cases/api_admin_teams_id_members_post_mass_assignment_privilege_probe_850dd902.hurl new file mode 100644 index 0000000..1c30168 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_mass_assignment_privilege_probe_850dd902.hurl @@ -0,0 +1,22 @@ +# ── POST /api/admin/teams/{id}/members - [mass_assignment] privilege probe ── +# case_id=TC-850dd902 +# case_name=POST /api/admin/teams/{id}/members - [mass_assignment] privilege probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "admin": true, + "isAdmin": true, + "is_admin": true, + "role": "__probe__", + "userId": "b21cab01-ede4-49da-9080-18aced242f70" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_post_mass_assignment_status_probe_edb444ec.hurl b/cases/api_admin_teams_id_members_post_mass_assignment_status_probe_edb444ec.hurl new file mode 100644 index 0000000..74413c2 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_mass_assignment_status_probe_edb444ec.hurl @@ -0,0 +1,23 @@ +# ── POST /api/admin/teams/{id}/members - [mass_assignment] status probe ── +# case_id=TC-edb444ec +# case_name=POST /api/admin/teams/{id}/members - [mass_assignment] status probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "approved": true, + "banned": false, + "disabled": false, + "role": "member", + "userId": "b21cab01-ede4-49da-9080-18aced242f70", + "verified": true +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_post_missing_required_field_userid_4eda623b.hurl b/cases/api_admin_teams_id_members_post_missing_required_field_userid_4eda623b.hurl new file mode 100644 index 0000000..f7a480f --- /dev/null +++ b/cases/api_admin_teams_id_members_post_missing_required_field_userid_4eda623b.hurl @@ -0,0 +1,18 @@ +# ── POST /api/admin/teams/{id}/members - missing required field "userId" ── +# case_id=TC-4eda623b +# case_name=POST /api/admin/teams/{id}/members - missing required field "userId" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "member" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_post_missing_required_field_userid_aea81fb1.hurl b/cases/api_admin_teams_id_members_post_missing_required_field_userid_aea81fb1.hurl new file mode 100644 index 0000000..d05b8e5 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_missing_required_field_userid_aea81fb1.hurl @@ -0,0 +1,18 @@ +# ── POST /api/admin/teams/{id}/members - missing required field "userId" ── +# case_id=TC-aea81fb1 +# case_name=POST /api/admin/teams/{id}/members - missing required field "userId" +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P1 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "owner" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_post_missing_required_param_id_e44fc900.hurl b/cases/api_admin_teams_id_members_post_missing_required_param_id_e44fc900.hurl new file mode 100644 index 0000000..8e43c76 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_missing_required_param_id_e44fc900.hurl @@ -0,0 +1,12 @@ +# ── POST /api/admin/teams/{id}/members - missing required param "id" ── +# case_id=TC-e44fc900 +# case_name=POST /api/admin/teams/{id}/members - missing required param "id" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +POST {{base_url}}/api/admin/teams/1/members + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_post_mutation_role_empty_string_0cb69d90.hurl b/cases/api_admin_teams_id_members_post_mutation_role_empty_string_0cb69d90.hurl new file mode 100644 index 0000000..7f7b232 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_mutation_role_empty_string_0cb69d90.hurl @@ -0,0 +1,23 @@ +# ── POST /api/admin/teams/{id}/members - mutation: role empty string ── +# case_id=TC-0cb69d90 +# case_name=POST /api/admin/teams/{id}/members - mutation: role empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "", + "userId": "eb5af601-571e-49ce-a28d-f33fe87bc344" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_members_post_mutation_role_integer_instead_of_string_dc8849f5.hurl b/cases/api_admin_teams_id_members_post_mutation_role_integer_instead_of_string_dc8849f5.hurl new file mode 100644 index 0000000..195792c --- /dev/null +++ b/cases/api_admin_teams_id_members_post_mutation_role_integer_instead_of_string_dc8849f5.hurl @@ -0,0 +1,23 @@ +# ── POST /api/admin/teams/{id}/members - mutation: role integer instead of string ── +# case_id=TC-dc8849f5 +# case_name=POST /api/admin/teams/{id}/members - mutation: role integer instead of string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": 12345, + "userId": "eb5af601-571e-49ce-a28d-f33fe87bc344" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_members_post_mutation_role_null_value_aff2608e.hurl b/cases/api_admin_teams_id_members_post_mutation_role_null_value_aff2608e.hurl new file mode 100644 index 0000000..85eb241 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_mutation_role_null_value_aff2608e.hurl @@ -0,0 +1,23 @@ +# ── POST /api/admin/teams/{id}/members - mutation: role null value ── +# case_id=TC-aff2608e +# case_name=POST /api/admin/teams/{id}/members - mutation: role null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": null, + "userId": "eb5af601-571e-49ce-a28d-f33fe87bc344" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_members_post_mutation_role_oversized_string_300_chars_977e71fa.hurl b/cases/api_admin_teams_id_members_post_mutation_role_oversized_string_300_chars_977e71fa.hurl new file mode 100644 index 0000000..da3d666 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_mutation_role_oversized_string_300_chars_977e71fa.hurl @@ -0,0 +1,23 @@ +# ── POST /api/admin/teams/{id}/members - mutation: role oversized string (300 chars) ── +# case_id=TC-977e71fa +# case_name=POST /api/admin/teams/{id}/members - mutation: role oversized string (300 chars) +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "userId": "eb5af601-571e-49ce-a28d-f33fe87bc344" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_members_post_mutation_userid_empty_string_b3beebbb.hurl b/cases/api_admin_teams_id_members_post_mutation_userid_empty_string_b3beebbb.hurl new file mode 100644 index 0000000..ca4f8bb --- /dev/null +++ b/cases/api_admin_teams_id_members_post_mutation_userid_empty_string_b3beebbb.hurl @@ -0,0 +1,23 @@ +# ── POST /api/admin/teams/{id}/members - mutation: userId empty string ── +# case_id=TC-b3beebbb +# case_name=POST /api/admin/teams/{id}/members - mutation: userId empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "member", + "userId": "" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_members_post_mutation_userid_integer_instead_of_string_d8212bc8.hurl b/cases/api_admin_teams_id_members_post_mutation_userid_integer_instead_of_string_d8212bc8.hurl new file mode 100644 index 0000000..51bd22b --- /dev/null +++ b/cases/api_admin_teams_id_members_post_mutation_userid_integer_instead_of_string_d8212bc8.hurl @@ -0,0 +1,23 @@ +# ── POST /api/admin/teams/{id}/members - mutation: userId integer instead of string ── +# case_id=TC-d8212bc8 +# case_name=POST /api/admin/teams/{id}/members - mutation: userId integer instead of string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "member", + "userId": 12345 +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_members_post_mutation_userid_null_value_8e4fd867.hurl b/cases/api_admin_teams_id_members_post_mutation_userid_null_value_8e4fd867.hurl new file mode 100644 index 0000000..52a0fff --- /dev/null +++ b/cases/api_admin_teams_id_members_post_mutation_userid_null_value_8e4fd867.hurl @@ -0,0 +1,23 @@ +# ── POST /api/admin/teams/{id}/members - mutation: userId null value ── +# case_id=TC-8e4fd867 +# case_name=POST /api/admin/teams/{id}/members - mutation: userId null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "member", + "userId": null +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_members_post_mutation_userid_oversized_string_300_chars_5739a85b.hurl b/cases/api_admin_teams_id_members_post_mutation_userid_oversized_string_300_chars_5739a85b.hurl new file mode 100644 index 0000000..aad763c --- /dev/null +++ b/cases/api_admin_teams_id_members_post_mutation_userid_oversized_string_300_chars_5739a85b.hurl @@ -0,0 +1,23 @@ +# ── POST /api/admin/teams/{id}/members - mutation: userId oversized string (300 chars) ── +# case_id=TC-5739a85b +# case_name=POST /api/admin/teams/{id}/members - mutation: userId oversized string (300 chars) +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "member", + "userId": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_members_post_null_injection_role_a2c2e196.hurl b/cases/api_admin_teams_id_members_post_null_injection_role_a2c2e196.hurl new file mode 100644 index 0000000..5b7729c --- /dev/null +++ b/cases/api_admin_teams_id_members_post_null_injection_role_a2c2e196.hurl @@ -0,0 +1,19 @@ +# ── POST /api/admin/teams/{id}/members - null injection: role ── +# case_id=TC-a2c2e196 +# case_name=POST /api/admin/teams/{id}/members - null injection: role +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": null, + "userId": "b6f51cc4-2389-42c5-a864-35545c08cda9" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_post_null_injection_userid_1b45482b.hurl b/cases/api_admin_teams_id_members_post_null_injection_userid_1b45482b.hurl new file mode 100644 index 0000000..19c60ed --- /dev/null +++ b/cases/api_admin_teams_id_members_post_null_injection_userid_1b45482b.hurl @@ -0,0 +1,19 @@ +# ── POST /api/admin/teams/{id}/members - null injection: userId ── +# case_id=TC-1b45482b +# case_name=POST /api/admin/teams/{id}/members - null injection: userId +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "owner", + "userId": null +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_post_owasp_api1_bola_unauthorized_access_bc997516.hurl b/cases/api_admin_teams_id_members_post_owasp_api1_bola_unauthorized_access_bc997516.hurl new file mode 100644 index 0000000..6bfc5b2 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_owasp_api1_bola_unauthorized_access_bc997516.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API1] POST /api/admin/teams/{id}/members — BOLA unauthorized access ── +# case_id=TC-bc997516 +# case_name=[OWASP-API1] POST /api/admin/teams/{id}/members — BOLA unauthorized access +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/teams/{{other_resource_id}}/members + +HTTP 403 + diff --git a/cases/api_admin_teams_id_members_post_owasp_api2_broken_authentication_d1200108.hurl b/cases/api_admin_teams_id_members_post_owasp_api2_broken_authentication_d1200108.hurl new file mode 100644 index 0000000..0735f96 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_owasp_api2_broken_authentication_d1200108.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] POST /api/admin/teams/{id}/members — broken authentication ── +# case_id=TC-d1200108 +# case_name=[OWASP-API2] POST /api/admin/teams/{id}/members — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/teams/{id}/members + +HTTP 401 + diff --git a/cases/api_admin_teams_id_members_post_owasp_api6_mass_assignment_5a01a3ba.hurl b/cases/api_admin_teams_id_members_post_owasp_api6_mass_assignment_5a01a3ba.hurl new file mode 100644 index 0000000..b5228a2 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_owasp_api6_mass_assignment_5a01a3ba.hurl @@ -0,0 +1,27 @@ +# ── [OWASP-API6] POST /api/admin/teams/{id}/members — mass assignment ── +# case_id=TC-5a01a3ba +# case_name=[OWASP-API6] POST /api/admin/teams/{id}/members — mass assignment +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "createdAt": "2000-01-01T00:00:00Z", + "id": 99999, + "role": "owner", + "updatedAt": "2000-01-01T00:00:00Z", + "userId": "4409317f-6972-4069-8ed6-942e90d42ec2" +} +``` + +HTTP 201 + +[Asserts] +jsonpath "$.id" != 99999 +jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" +jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" + diff --git a/cases/api_admin_teams_id_members_post_owasp_api7_injection_path_traversal_60a70815.hurl b/cases/api_admin_teams_id_members_post_owasp_api7_injection_path_traversal_60a70815.hurl new file mode 100644 index 0000000..697eece --- /dev/null +++ b/cases/api_admin_teams_id_members_post_owasp_api7_injection_path_traversal_60a70815.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] POST /api/admin/teams/{id}/members — injection (path-traversal) ── +# case_id=TC-60a70815 +# case_name=[OWASP-API7] POST /api/admin/teams/{id}/members — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/members +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_post_owasp_api7_injection_sqli_5a3931f1.hurl b/cases/api_admin_teams_id_members_post_owasp_api7_injection_sqli_5a3931f1.hurl new file mode 100644 index 0000000..050d720 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_owasp_api7_injection_sqli_5a3931f1.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] POST /api/admin/teams/{id}/members — injection (sqli) ── +# case_id=TC-5a3931f1 +# case_name=[OWASP-API7] POST /api/admin/teams/{id}/members — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/teams/%27%20OR%201=1--/members +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_post_owasp_api7_injection_xss_dd4d8c19.hurl b/cases/api_admin_teams_id_members_post_owasp_api7_injection_xss_dd4d8c19.hurl new file mode 100644 index 0000000..bac945f --- /dev/null +++ b/cases/api_admin_teams_id_members_post_owasp_api7_injection_xss_dd4d8c19.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] POST /api/admin/teams/{id}/members — injection (xss) ── +# case_id=TC-dd4d8c19 +# case_name=[OWASP-API7] POST /api/admin/teams/{id}/members — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/members +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_post_required_omission_userid_absent_1da7a2c3.hurl b/cases/api_admin_teams_id_members_post_required_omission_userid_absent_1da7a2c3.hurl new file mode 100644 index 0000000..b8d0257 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_required_omission_userid_absent_1da7a2c3.hurl @@ -0,0 +1,22 @@ +# ── POST /api/admin/teams/{id}/members - [required_omission] userId absent ── +# case_id=TC-1da7a2c3 +# case_name=POST /api/admin/teams/{id}/members - [required_omission] userId absent +# step_id=step-main +# step_type=test +# technique=required_omission +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "owner" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_members_post_schema_violation_role_invalid_enum_1d2b8bb8.hurl b/cases/api_admin_teams_id_members_post_schema_violation_role_invalid_enum_1d2b8bb8.hurl new file mode 100644 index 0000000..e709114 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_schema_violation_role_invalid_enum_1d2b8bb8.hurl @@ -0,0 +1,19 @@ +# ── POST /api/admin/teams/{id}/members - [schema_violation] role_invalid_enum ── +# case_id=TC-1d2b8bb8 +# case_name=POST /api/admin/teams/{id}/members - [schema_violation] role_invalid_enum +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "__invalid__", + "userId": "b28b1b32-e5b1-4269-b005-d53ff9fd5a8d" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_post_schema_violation_userid_missing_required_71efcd62.hurl b/cases/api_admin_teams_id_members_post_schema_violation_userid_missing_required_71efcd62.hurl new file mode 100644 index 0000000..9933800 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_schema_violation_userid_missing_required_71efcd62.hurl @@ -0,0 +1,18 @@ +# ── POST /api/admin/teams/{id}/members - [schema_violation] userId_missing_required ── +# case_id=TC-71efcd62 +# case_name=POST /api/admin/teams/{id}/members - [schema_violation] userId_missing_required +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "member" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_post_type_coercion_role_wrong_type_boolean_2a4f0269.hurl b/cases/api_admin_teams_id_members_post_type_coercion_role_wrong_type_boolean_2a4f0269.hurl new file mode 100644 index 0000000..1838224 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_type_coercion_role_wrong_type_boolean_2a4f0269.hurl @@ -0,0 +1,19 @@ +# ── POST /api/admin/teams/{id}/members - [type_coercion] role wrong_type_boolean ── +# case_id=TC-2a4f0269 +# case_name=POST /api/admin/teams/{id}/members - [type_coercion] role wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": true, + "userId": "8aa00d9d-7b81-42a4-830e-092302d2f2c4" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_post_type_coercion_role_wrong_type_integer_95fd239a.hurl b/cases/api_admin_teams_id_members_post_type_coercion_role_wrong_type_integer_95fd239a.hurl new file mode 100644 index 0000000..70fe0fa --- /dev/null +++ b/cases/api_admin_teams_id_members_post_type_coercion_role_wrong_type_integer_95fd239a.hurl @@ -0,0 +1,19 @@ +# ── POST /api/admin/teams/{id}/members - [type_coercion] role wrong_type_integer ── +# case_id=TC-95fd239a +# case_name=POST /api/admin/teams/{id}/members - [type_coercion] role wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": 123, + "userId": "8aa00d9d-7b81-42a4-830e-092302d2f2c4" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_post_type_coercion_userid_wrong_type_boolean_8aeef740.hurl b/cases/api_admin_teams_id_members_post_type_coercion_userid_wrong_type_boolean_8aeef740.hurl new file mode 100644 index 0000000..62b46aa --- /dev/null +++ b/cases/api_admin_teams_id_members_post_type_coercion_userid_wrong_type_boolean_8aeef740.hurl @@ -0,0 +1,19 @@ +# ── POST /api/admin/teams/{id}/members - [type_coercion] userId wrong_type_boolean ── +# case_id=TC-8aeef740 +# case_name=POST /api/admin/teams/{id}/members - [type_coercion] userId wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "member", + "userId": true +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_post_type_coercion_userid_wrong_type_integer_76bfddd4.hurl b/cases/api_admin_teams_id_members_post_type_coercion_userid_wrong_type_integer_76bfddd4.hurl new file mode 100644 index 0000000..81fabb8 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_type_coercion_userid_wrong_type_integer_76bfddd4.hurl @@ -0,0 +1,19 @@ +# ── POST /api/admin/teams/{id}/members - [type_coercion] userId wrong_type_integer ── +# case_id=TC-76bfddd4 +# case_name=POST /api/admin/teams/{id}/members - [type_coercion] userId wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "member", + "userId": 123 +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_bidi_override_aa47e2dd.hurl b/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_bidi_override_aa47e2dd.hurl new file mode 100644 index 0000000..4f9614f --- /dev/null +++ b/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_bidi_override_aa47e2dd.hurl @@ -0,0 +1,19 @@ +# ── POST /api/admin/teams/{id}/members - [unicode_fuzzing] role bidi_override ── +# case_id=TC-aa47e2dd +# case_name=POST /api/admin/teams/{id}/members - [unicode_fuzzing] role bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "‮hello", + "userId": "00287abb-135c-4e57-a40f-6a5a00caf19e" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_control_char_39e9a695.hurl b/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_control_char_39e9a695.hurl new file mode 100644 index 0000000..c0bd26e --- /dev/null +++ b/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_control_char_39e9a695.hurl @@ -0,0 +1,19 @@ +# ── POST /api/admin/teams/{id}/members - [unicode_fuzzing] role control_char ── +# case_id=TC-39e9a695 +# case_name=POST /api/admin/teams/{id}/members - [unicode_fuzzing] role control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "hello\u0000world", + "userId": "00287abb-135c-4e57-a40f-6a5a00caf19e" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_overlong_7473f431.hurl b/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_overlong_7473f431.hurl new file mode 100644 index 0000000..f4dab69 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_overlong_7473f431.hurl @@ -0,0 +1,19 @@ +# ── POST /api/admin/teams/{id}/members - [unicode_fuzzing] role overlong ── +# case_id=TC-7473f431 +# case_name=POST /api/admin/teams/{id}/members - [unicode_fuzzing] role overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "userId": "00287abb-135c-4e57-a40f-6a5a00caf19e" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_zalgo_83be4bd5.hurl b/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_zalgo_83be4bd5.hurl new file mode 100644 index 0000000..312741f --- /dev/null +++ b/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_zalgo_83be4bd5.hurl @@ -0,0 +1,19 @@ +# ── POST /api/admin/teams/{id}/members - [unicode_fuzzing] role zalgo ── +# case_id=TC-83be4bd5 +# case_name=POST /api/admin/teams/{id}/members - [unicode_fuzzing] role zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "z̀́̂̃̄̅̆̇a", + "userId": "00287abb-135c-4e57-a40f-6a5a00caf19e" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_zero_width_241bc1b4.hurl b/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_zero_width_241bc1b4.hurl new file mode 100644 index 0000000..2b53340 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_zero_width_241bc1b4.hurl @@ -0,0 +1,19 @@ +# ── POST /api/admin/teams/{id}/members - [unicode_fuzzing] role zero_width ── +# case_id=TC-241bc1b4 +# case_name=POST /api/admin/teams/{id}/members - [unicode_fuzzing] role zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "​hello", + "userId": "00287abb-135c-4e57-a40f-6a5a00caf19e" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_bidi_override_e839caab.hurl b/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_bidi_override_e839caab.hurl new file mode 100644 index 0000000..73712f4 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_bidi_override_e839caab.hurl @@ -0,0 +1,19 @@ +# ── POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId bidi_override ── +# case_id=TC-e839caab +# case_name=POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "owner", + "userId": "‮hello" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_control_char_382c05ef.hurl b/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_control_char_382c05ef.hurl new file mode 100644 index 0000000..2f48afb --- /dev/null +++ b/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_control_char_382c05ef.hurl @@ -0,0 +1,19 @@ +# ── POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId control_char ── +# case_id=TC-382c05ef +# case_name=POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "owner", + "userId": "hello\u0000world" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_overlong_cbe2af65.hurl b/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_overlong_cbe2af65.hurl new file mode 100644 index 0000000..2c9a654 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_overlong_cbe2af65.hurl @@ -0,0 +1,19 @@ +# ── POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId overlong ── +# case_id=TC-cbe2af65 +# case_name=POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "owner", + "userId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_zalgo_9cd03a11.hurl b/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_zalgo_9cd03a11.hurl new file mode 100644 index 0000000..2dcb828 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_zalgo_9cd03a11.hurl @@ -0,0 +1,19 @@ +# ── POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId zalgo ── +# case_id=TC-9cd03a11 +# case_name=POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "owner", + "userId": "z̀́̂̃̄̅̆̇a" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_zero_width_bdeeed04.hurl b/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_zero_width_bdeeed04.hurl new file mode 100644 index 0000000..951074d --- /dev/null +++ b/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_zero_width_bdeeed04.hurl @@ -0,0 +1,19 @@ +# ── POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId zero_width ── +# case_id=TC-bdeeed04 +# case_name=POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "owner", + "userId": "​hello" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_post_valid_request_with_all_required_fields_17f7b78e.hurl b/cases/api_admin_teams_id_members_post_valid_request_with_all_required_fields_17f7b78e.hurl new file mode 100644 index 0000000..8da9a87 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_valid_request_with_all_required_fields_17f7b78e.hurl @@ -0,0 +1,23 @@ +# ── POST /api/admin/teams/{id}/members - valid request with all required fields ── +# case_id=TC-17f7b78e +# case_name=POST /api/admin/teams/{id}/members - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: application/json +```json +{ + "role": "member", + "userId": "a3bd36d6-0660-42cd-82e2-4ffe231776bc" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.ok" exists + diff --git a/cases/api_admin_teams_id_members_post_wrong_content_type_text_plain_0f904569.hurl b/cases/api_admin_teams_id_members_post_wrong_content_type_text_plain_0f904569.hurl new file mode 100644 index 0000000..b61bc20 --- /dev/null +++ b/cases/api_admin_teams_id_members_post_wrong_content_type_text_plain_0f904569.hurl @@ -0,0 +1,19 @@ +# ── POST /api/admin/teams/{id}/members - wrong content-type (text/plain) ── +# case_id=TC-0f904569 +# case_name=POST /api/admin/teams/{id}/members - wrong content-type (text/plain) +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams/{id}/members +Content-Type: text/plain +```json +{ + "role": "owner", + "userId": "b6f51cc4-2389-42c5-a864-35545c08cda9" +} +``` + +HTTP 415 + diff --git a/cases/api_admin_teams_id_members_userid_delete_idempotent_second_call_must_be_safe_e8a5f757.hurl b/cases/api_admin_teams_id_members_userid_delete_idempotent_second_call_must_be_safe_e8a5f757.hurl new file mode 100644 index 0000000..7ef0688 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_delete_idempotent_second_call_must_be_safe_e8a5f757.hurl @@ -0,0 +1,33 @@ +# ══════════════════════════════════════════════════ +# DELETE /api/admin/teams/{id}/members/{userId} - idempotent: second call must be safe +# case_id=TC-e8a5f757 +# case_name=DELETE /api/admin/teams/{id}/members/{userId} - idempotent: second call must be safe +# case_kind=chain +# priority=P2 +# ══════════════════════════════════════════════════ + +# ── DELETE /api/admin/teams/{id}/members/{userId} — first call [setup] ── +# step_id=step-setup +# step_type=setup +# title=DELETE /api/admin/teams/{id}/members/{userId} — first call + +DELETE {{base_url}}/api/admin/teams/{id}/members/{userId} + +HTTP 200 + +[Asserts] +duration < 2000 + +# ── DELETE /api/admin/teams/{id}/members/{userId} — identical second call must be safe [test] ── +# step_id=step-test +# step_type=test +# title=DELETE /api/admin/teams/{id}/members/{userId} — identical second call must be safe +# depends_on=step-setup + +DELETE {{base_url}}/api/admin/teams/{id}/members/{userId} + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_teams_id_members_userid_delete_idor_id_0_zero_id_eb538efa.hurl b/cases/api_admin_teams_id_members_userid_delete_idor_id_0_zero_id_eb538efa.hurl new file mode 100644 index 0000000..de83eab --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_delete_idor_id_0_zero_id_eb538efa.hurl @@ -0,0 +1,16 @@ +# ── DELETE /api/admin/teams/{id}/members/{userId} - IDOR id=0 (zero_id) ── +# case_id=TC-eb538efa +# case_name=DELETE /api/admin/teams/{id}/members/{userId} - IDOR id=0 (zero_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +DELETE {{base_url}}/api/admin/teams/0/members/1 + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_members_userid_delete_idor_id_99999_alt_id_c4642225.hurl b/cases/api_admin_teams_id_members_userid_delete_idor_id_99999_alt_id_c4642225.hurl new file mode 100644 index 0000000..8c0988c --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_delete_idor_id_99999_alt_id_c4642225.hurl @@ -0,0 +1,16 @@ +# ── DELETE /api/admin/teams/{id}/members/{userId} - IDOR id=99999 (alt_id) ── +# case_id=TC-c4642225 +# case_name=DELETE /api/admin/teams/{id}/members/{userId} - IDOR id=99999 (alt_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +DELETE {{base_url}}/api/admin/teams/99999/members/1 + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_members_userid_delete_missing_required_param_id_4661322e.hurl b/cases/api_admin_teams_id_members_userid_delete_missing_required_param_id_4661322e.hurl new file mode 100644 index 0000000..adca244 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_delete_missing_required_param_id_4661322e.hurl @@ -0,0 +1,12 @@ +# ── DELETE /api/admin/teams/{id}/members/{userId} - missing required param "id" ── +# case_id=TC-4661322e +# case_name=DELETE /api/admin/teams/{id}/members/{userId} - missing required param "id" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +DELETE {{base_url}}/api/admin/teams/1/members/1 + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_userid_delete_missing_required_param_userid_636a79c8.hurl b/cases/api_admin_teams_id_members_userid_delete_missing_required_param_userid_636a79c8.hurl new file mode 100644 index 0000000..8c6d616 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_delete_missing_required_param_userid_636a79c8.hurl @@ -0,0 +1,12 @@ +# ── DELETE /api/admin/teams/{id}/members/{userId} - missing required param "userId" ── +# case_id=TC-636a79c8 +# case_name=DELETE /api/admin/teams/{id}/members/{userId} - missing required param "userId" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +DELETE {{base_url}}/api/admin/teams/1/members/1 + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_userid_delete_owasp_api1_bola_unauthorized_access_042e8f38.hurl b/cases/api_admin_teams_id_members_userid_delete_owasp_api1_bola_unauthorized_access_042e8f38.hurl new file mode 100644 index 0000000..4469ab4 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_delete_owasp_api1_bola_unauthorized_access_042e8f38.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API1] DELETE /api/admin/teams/{id}/members/{userId} — BOLA unauthorized access ── +# case_id=TC-042e8f38 +# case_name=[OWASP-API1] DELETE /api/admin/teams/{id}/members/{userId} — BOLA unauthorized access +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/teams/{{other_resource_id}}/members/{userId} + +HTTP 403 + diff --git a/cases/api_admin_teams_id_members_userid_delete_owasp_api2_broken_authentication_46113a78.hurl b/cases/api_admin_teams_id_members_userid_delete_owasp_api2_broken_authentication_46113a78.hurl new file mode 100644 index 0000000..c13318a --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_delete_owasp_api2_broken_authentication_46113a78.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] DELETE /api/admin/teams/{id}/members/{userId} — broken authentication ── +# case_id=TC-46113a78 +# case_name=[OWASP-API2] DELETE /api/admin/teams/{id}/members/{userId} — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/teams/{id}/members/{userId} + +HTTP 401 + diff --git a/cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_path_traversal_511147be.hurl b/cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_path_traversal_511147be.hurl new file mode 100644 index 0000000..b6aab00 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_path_traversal_511147be.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] DELETE /api/admin/teams/{id}/members/{userId} — injection (path-traversal) ── +# case_id=TC-511147be +# case_name=[OWASP-API7] DELETE /api/admin/teams/{id}/members/{userId} — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/members/{userId} +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_sqli_0cf3a030.hurl b/cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_sqli_0cf3a030.hurl new file mode 100644 index 0000000..6d078a5 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_sqli_0cf3a030.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] DELETE /api/admin/teams/{id}/members/{userId} — injection (sqli) ── +# case_id=TC-0cf3a030 +# case_name=[OWASP-API7] DELETE /api/admin/teams/{id}/members/{userId} — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/teams/%27%20OR%201=1--/members/{userId} +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_xss_a4c3899a.hurl b/cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_xss_a4c3899a.hurl new file mode 100644 index 0000000..c22fd3f --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_xss_a4c3899a.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] DELETE /api/admin/teams/{id}/members/{userId} — injection (xss) ── +# case_id=TC-a4c3899a +# case_name=[OWASP-API7] DELETE /api/admin/teams/{id}/members/{userId} — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/members/{userId} +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_userid_delete_valid_request_with_all_required_fields_8384ae85.hurl b/cases/api_admin_teams_id_members_userid_delete_valid_request_with_all_required_fields_8384ae85.hurl new file mode 100644 index 0000000..f362eff --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_delete_valid_request_with_all_required_fields_8384ae85.hurl @@ -0,0 +1,16 @@ +# ── DELETE /api/admin/teams/{id}/members/{userId} - valid request with all required fields ── +# case_id=TC-8384ae85 +# case_name=DELETE /api/admin/teams/{id}/members/{userId} - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +DELETE {{base_url}}/api/admin/teams/{id}/members/{userId} + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.ok" exists + diff --git a/cases/api_admin_teams_id_members_userid_options_owasp_api8_cors_security_configuration_86b21409.hurl b/cases/api_admin_teams_id_members_userid_options_owasp_api8_cors_security_configuration_86b21409.hurl new file mode 100644 index 0000000..903c8c7 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_options_owasp_api8_cors_security_configuration_86b21409.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/admin/teams/{id}/members/{userId} — CORS security configuration ── +# case_id=TC-86b21409 +# case_name=[OWASP-API8] OPTIONS /api/admin/teams/{id}/members/{userId} — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/admin/teams/{id}/members/{userId} +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_admin_teams_id_members_userid_put_idempotent_second_call_must_be_safe_7fb55548.hurl b/cases/api_admin_teams_id_members_userid_put_idempotent_second_call_must_be_safe_7fb55548.hurl new file mode 100644 index 0000000..1ceaf8d --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_idempotent_second_call_must_be_safe_7fb55548.hurl @@ -0,0 +1,45 @@ +# ══════════════════════════════════════════════════ +# PUT /api/admin/teams/{id}/members/{userId} - idempotent: second call must be safe +# case_id=TC-7fb55548 +# case_name=PUT /api/admin/teams/{id}/members/{userId} - idempotent: second call must be safe +# case_kind=chain +# priority=P2 +# ══════════════════════════════════════════════════ + +# ── PUT /api/admin/teams/{id}/members/{userId} — first call [setup] ── +# step_id=step-setup +# step_type=setup +# title=PUT /api/admin/teams/{id}/members/{userId} — first call + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{ + "role": "owner" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + +# ── PUT /api/admin/teams/{id}/members/{userId} — identical second call must be safe [test] ── +# step_id=step-test +# step_type=test +# title=PUT /api/admin/teams/{id}/members/{userId} — identical second call must be safe +# depends_on=step-setup + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{ + "role": "owner" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_teams_id_members_userid_put_idor_id_0_zero_id_3ecaa43f.hurl b/cases/api_admin_teams_id_members_userid_put_idor_id_0_zero_id_3ecaa43f.hurl new file mode 100644 index 0000000..6b381fb --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_idor_id_0_zero_id_3ecaa43f.hurl @@ -0,0 +1,16 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - IDOR id=0 (zero_id) ── +# case_id=TC-3ecaa43f +# case_name=PUT /api/admin/teams/{id}/members/{userId} - IDOR id=0 (zero_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +PUT {{base_url}}/api/admin/teams/0/members/1 + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_members_userid_put_idor_id_99999_alt_id_5ee92e8d.hurl b/cases/api_admin_teams_id_members_userid_put_idor_id_99999_alt_id_5ee92e8d.hurl new file mode 100644 index 0000000..3a31f15 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_idor_id_99999_alt_id_5ee92e8d.hurl @@ -0,0 +1,16 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - IDOR id=99999 (alt_id) ── +# case_id=TC-5ee92e8d +# case_name=PUT /api/admin/teams/{id}/members/{userId} - IDOR id=99999 (alt_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +PUT {{base_url}}/api/admin/teams/99999/members/1 + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_members_userid_put_invalid_role_value_not_in_enum_1385a015.hurl b/cases/api_admin_teams_id_members_userid_put_invalid_role_value_not_in_enum_1385a015.hurl new file mode 100644 index 0000000..d4de806 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_invalid_role_value_not_in_enum_1385a015.hurl @@ -0,0 +1,18 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - invalid role: value not in enum ── +# case_id=TC-1385a015 +# case_name=PUT /api/admin/teams/{id}/members/{userId} - invalid role: value not in enum +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{ + "role": "__invalid_enum__" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_userid_put_mass_assignment_financial_probe_e346a0c6.hurl b/cases/api_admin_teams_id_members_userid_put_mass_assignment_financial_probe_e346a0c6.hurl new file mode 100644 index 0000000..daff56f --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_mass_assignment_financial_probe_e346a0c6.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] financial probe ── +# case_id=TC-e346a0c6 +# case_name=PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] financial probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{ + "balance": 1, + "credits": 1, + "discount": 0, + "price": 1, + "role": "member" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_userid_put_mass_assignment_identity_probe_c5b345ac.hurl b/cases/api_admin_teams_id_members_userid_put_mass_assignment_identity_probe_c5b345ac.hurl new file mode 100644 index 0000000..c79e737 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_mass_assignment_identity_probe_c5b345ac.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] identity probe ── +# case_id=TC-c5b345ac +# case_name=PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] identity probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{ + "createdBy": "__probe__", + "ownerId": "__probe__", + "role": "member", + "userId": "__probe__", + "user_id": "__probe__" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_userid_put_mass_assignment_privilege_probe_830ae193.hurl b/cases/api_admin_teams_id_members_userid_put_mass_assignment_privilege_probe_830ae193.hurl new file mode 100644 index 0000000..32872cb --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_mass_assignment_privilege_probe_830ae193.hurl @@ -0,0 +1,21 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] privilege probe ── +# case_id=TC-830ae193 +# case_name=PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] privilege probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{ + "admin": true, + "isAdmin": true, + "is_admin": true, + "role": "__probe__" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_userid_put_mass_assignment_status_probe_08a1d397.hurl b/cases/api_admin_teams_id_members_userid_put_mass_assignment_status_probe_08a1d397.hurl new file mode 100644 index 0000000..c1e283b --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_mass_assignment_status_probe_08a1d397.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] status probe ── +# case_id=TC-08a1d397 +# case_name=PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] status probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{ + "approved": true, + "banned": false, + "disabled": false, + "role": "member", + "verified": true +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_userid_put_missing_required_field_role_02cdac38.hurl b/cases/api_admin_teams_id_members_userid_put_missing_required_field_role_02cdac38.hurl new file mode 100644 index 0000000..e34b2dc --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_missing_required_field_role_02cdac38.hurl @@ -0,0 +1,16 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - missing required field "role" ── +# case_id=TC-02cdac38 +# case_name=PUT /api/admin/teams/{id}/members/{userId} - missing required field "role" +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P1 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_userid_put_missing_required_field_role_7f67bdd2.hurl b/cases/api_admin_teams_id_members_userid_put_missing_required_field_role_7f67bdd2.hurl new file mode 100644 index 0000000..4b3baf2 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_missing_required_field_role_7f67bdd2.hurl @@ -0,0 +1,16 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - missing required field "role" ── +# case_id=TC-7f67bdd2 +# case_name=PUT /api/admin/teams/{id}/members/{userId} - missing required field "role" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_userid_put_missing_required_param_id_c90499c8.hurl b/cases/api_admin_teams_id_members_userid_put_missing_required_param_id_c90499c8.hurl new file mode 100644 index 0000000..511ccbf --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_missing_required_param_id_c90499c8.hurl @@ -0,0 +1,12 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - missing required param "id" ── +# case_id=TC-c90499c8 +# case_name=PUT /api/admin/teams/{id}/members/{userId} - missing required param "id" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +PUT {{base_url}}/api/admin/teams/1/members/1 + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_userid_put_missing_required_param_userid_a0b457a0.hurl b/cases/api_admin_teams_id_members_userid_put_missing_required_param_userid_a0b457a0.hurl new file mode 100644 index 0000000..8a64edb --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_missing_required_param_userid_a0b457a0.hurl @@ -0,0 +1,12 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - missing required param "userId" ── +# case_id=TC-a0b457a0 +# case_name=PUT /api/admin/teams/{id}/members/{userId} - missing required param "userId" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +PUT {{base_url}}/api/admin/teams/1/members/1 + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_userid_put_mutation_role_empty_string_9334c130.hurl b/cases/api_admin_teams_id_members_userid_put_mutation_role_empty_string_9334c130.hurl new file mode 100644 index 0000000..1551081 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_mutation_role_empty_string_9334c130.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - mutation: role empty string ── +# case_id=TC-9334c130 +# case_name=PUT /api/admin/teams/{id}/members/{userId} - mutation: role empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{ + "role": "" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_members_userid_put_mutation_role_integer_instead_of_string_c930d5b2.hurl b/cases/api_admin_teams_id_members_userid_put_mutation_role_integer_instead_of_string_c930d5b2.hurl new file mode 100644 index 0000000..0941ae4 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_mutation_role_integer_instead_of_string_c930d5b2.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - mutation: role integer instead of string ── +# case_id=TC-c930d5b2 +# case_name=PUT /api/admin/teams/{id}/members/{userId} - mutation: role integer instead of string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{ + "role": 12345 +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_members_userid_put_mutation_role_null_value_8380cf38.hurl b/cases/api_admin_teams_id_members_userid_put_mutation_role_null_value_8380cf38.hurl new file mode 100644 index 0000000..8bb2f51 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_mutation_role_null_value_8380cf38.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - mutation: role null value ── +# case_id=TC-8380cf38 +# case_name=PUT /api/admin/teams/{id}/members/{userId} - mutation: role null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{ + "role": null +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_members_userid_put_mutation_role_oversized_string_300_chars_c4c6cb7f.hurl b/cases/api_admin_teams_id_members_userid_put_mutation_role_oversized_string_300_chars_c4c6cb7f.hurl new file mode 100644 index 0000000..3141a28 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_mutation_role_oversized_string_300_chars_c4c6cb7f.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - mutation: role oversized string (300 chars) ── +# case_id=TC-c4c6cb7f +# case_name=PUT /api/admin/teams/{id}/members/{userId} - mutation: role oversized string (300 chars) +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{ + "role": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_members_userid_put_null_injection_role_92d17333.hurl b/cases/api_admin_teams_id_members_userid_put_null_injection_role_92d17333.hurl new file mode 100644 index 0000000..19bd232 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_null_injection_role_92d17333.hurl @@ -0,0 +1,18 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - null injection: role ── +# case_id=TC-92d17333 +# case_name=PUT /api/admin/teams/{id}/members/{userId} - null injection: role +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{ + "role": null +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_userid_put_owasp_api1_bola_unauthorized_access_37084d5c.hurl b/cases/api_admin_teams_id_members_userid_put_owasp_api1_bola_unauthorized_access_37084d5c.hurl new file mode 100644 index 0000000..4b01fbc --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_owasp_api1_bola_unauthorized_access_37084d5c.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API1] PUT /api/admin/teams/{id}/members/{userId} — BOLA unauthorized access ── +# case_id=TC-37084d5c +# case_name=[OWASP-API1] PUT /api/admin/teams/{id}/members/{userId} — BOLA unauthorized access +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/teams/{{other_resource_id}}/members/{userId} + +HTTP 403 + diff --git a/cases/api_admin_teams_id_members_userid_put_owasp_api2_broken_authentication_19b34217.hurl b/cases/api_admin_teams_id_members_userid_put_owasp_api2_broken_authentication_19b34217.hurl new file mode 100644 index 0000000..0fc88db --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_owasp_api2_broken_authentication_19b34217.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] PUT /api/admin/teams/{id}/members/{userId} — broken authentication ── +# case_id=TC-19b34217 +# case_name=[OWASP-API2] PUT /api/admin/teams/{id}/members/{userId} — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} + +HTTP 401 + diff --git a/cases/api_admin_teams_id_members_userid_put_owasp_api3_bopla_property_level_access_4c06b345.hurl b/cases/api_admin_teams_id_members_userid_put_owasp_api3_bopla_property_level_access_4c06b345.hurl new file mode 100644 index 0000000..ad9cf31 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_owasp_api3_bopla_property_level_access_4c06b345.hurl @@ -0,0 +1,23 @@ +# ── [OWASP-API3] PUT /api/admin/teams/{id}/members/{userId} — BOPLA property-level access ── +# case_id=TC-4c06b345 +# case_name=[OWASP-API3] PUT /api/admin/teams/{id}/members/{userId} — BOPLA property-level access +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{ + "is_admin": true, + "role": "admin" +} +``` + +HTTP 200 + +[Asserts] +jsonpath "$.is_admin" != true +jsonpath "$.role" != "admin" + diff --git a/cases/api_admin_teams_id_members_userid_put_owasp_api6_mass_assignment_ffe14e02.hurl b/cases/api_admin_teams_id_members_userid_put_owasp_api6_mass_assignment_ffe14e02.hurl new file mode 100644 index 0000000..91136a3 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_owasp_api6_mass_assignment_ffe14e02.hurl @@ -0,0 +1,26 @@ +# ── [OWASP-API6] PUT /api/admin/teams/{id}/members/{userId} — mass assignment ── +# case_id=TC-ffe14e02 +# case_name=[OWASP-API6] PUT /api/admin/teams/{id}/members/{userId} — mass assignment +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{ + "createdAt": "2000-01-01T00:00:00Z", + "id": 99999, + "role": "member", + "updatedAt": "2000-01-01T00:00:00Z" +} +``` + +HTTP 200 + +[Asserts] +jsonpath "$.id" != 99999 +jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" +jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" + diff --git a/cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_path_traversal_df6e5f44.hurl b/cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_path_traversal_df6e5f44.hurl new file mode 100644 index 0000000..05f084d --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_path_traversal_df6e5f44.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] PUT /api/admin/teams/{id}/members/{userId} — injection (path-traversal) ── +# case_id=TC-df6e5f44 +# case_name=[OWASP-API7] PUT /api/admin/teams/{id}/members/{userId} — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/members/{userId} +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_sqli_16482ca3.hurl b/cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_sqli_16482ca3.hurl new file mode 100644 index 0000000..37a8d83 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_sqli_16482ca3.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] PUT /api/admin/teams/{id}/members/{userId} — injection (sqli) ── +# case_id=TC-16482ca3 +# case_name=[OWASP-API7] PUT /api/admin/teams/{id}/members/{userId} — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/teams/%27%20OR%201=1--/members/{userId} +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_xss_d065e277.hurl b/cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_xss_d065e277.hurl new file mode 100644 index 0000000..3179adb --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_xss_d065e277.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] PUT /api/admin/teams/{id}/members/{userId} — injection (xss) ── +# case_id=TC-d065e277 +# case_name=[OWASP-API7] PUT /api/admin/teams/{id}/members/{userId} — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/members/{userId} +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_userid_put_required_omission_role_absent_b8039024.hurl b/cases/api_admin_teams_id_members_userid_put_required_omission_role_absent_b8039024.hurl new file mode 100644 index 0000000..7ef986f --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_required_omission_role_absent_b8039024.hurl @@ -0,0 +1,20 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - [required_omission] role absent ── +# case_id=TC-b8039024 +# case_name=PUT /api/admin/teams/{id}/members/{userId} - [required_omission] role absent +# step_id=step-main +# step_type=test +# technique=required_omission +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_members_userid_put_schema_violation_role_invalid_enum_128b22a3.hurl b/cases/api_admin_teams_id_members_userid_put_schema_violation_role_invalid_enum_128b22a3.hurl new file mode 100644 index 0000000..9328841 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_schema_violation_role_invalid_enum_128b22a3.hurl @@ -0,0 +1,18 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - [schema_violation] role_invalid_enum ── +# case_id=TC-128b22a3 +# case_name=PUT /api/admin/teams/{id}/members/{userId} - [schema_violation] role_invalid_enum +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{ + "role": "__invalid__" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_userid_put_schema_violation_role_missing_required_e51f7c6d.hurl b/cases/api_admin_teams_id_members_userid_put_schema_violation_role_missing_required_e51f7c6d.hurl new file mode 100644 index 0000000..8f33468 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_schema_violation_role_missing_required_e51f7c6d.hurl @@ -0,0 +1,16 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - [schema_violation] role_missing_required ── +# case_id=TC-e51f7c6d +# case_name=PUT /api/admin/teams/{id}/members/{userId} - [schema_violation] role_missing_required +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_userid_put_type_coercion_role_wrong_type_boolean_c33ffd8f.hurl b/cases/api_admin_teams_id_members_userid_put_type_coercion_role_wrong_type_boolean_c33ffd8f.hurl new file mode 100644 index 0000000..c40b5c1 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_type_coercion_role_wrong_type_boolean_c33ffd8f.hurl @@ -0,0 +1,18 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - [type_coercion] role wrong_type_boolean ── +# case_id=TC-c33ffd8f +# case_name=PUT /api/admin/teams/{id}/members/{userId} - [type_coercion] role wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{ + "role": true +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_userid_put_type_coercion_role_wrong_type_integer_23b49146.hurl b/cases/api_admin_teams_id_members_userid_put_type_coercion_role_wrong_type_integer_23b49146.hurl new file mode 100644 index 0000000..b884b74 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_type_coercion_role_wrong_type_integer_23b49146.hurl @@ -0,0 +1,18 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - [type_coercion] role wrong_type_integer ── +# case_id=TC-23b49146 +# case_name=PUT /api/admin/teams/{id}/members/{userId} - [type_coercion] role wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{ + "role": 123 +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_bidi_override_0b0faf09.hurl b/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_bidi_override_0b0faf09.hurl new file mode 100644 index 0000000..98d3521 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_bidi_override_0b0faf09.hurl @@ -0,0 +1,18 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role bidi_override ── +# case_id=TC-0b0faf09 +# case_name=PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{ + "role": "‮hello" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_control_char_a8d734a8.hurl b/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_control_char_a8d734a8.hurl new file mode 100644 index 0000000..0b1de5a --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_control_char_a8d734a8.hurl @@ -0,0 +1,18 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role control_char ── +# case_id=TC-a8d734a8 +# case_name=PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{ + "role": "hello\u0000world" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_overlong_1e651ae0.hurl b/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_overlong_1e651ae0.hurl new file mode 100644 index 0000000..8b3d19f --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_overlong_1e651ae0.hurl @@ -0,0 +1,18 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role overlong ── +# case_id=TC-1e651ae0 +# case_name=PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{ + "role": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_zalgo_f7cf562e.hurl b/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_zalgo_f7cf562e.hurl new file mode 100644 index 0000000..ff6e818 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_zalgo_f7cf562e.hurl @@ -0,0 +1,18 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role zalgo ── +# case_id=TC-f7cf562e +# case_name=PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{ + "role": "z̀́̂̃̄̅̆̇a" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_zero_width_2815807e.hurl b/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_zero_width_2815807e.hurl new file mode 100644 index 0000000..2e9e0c0 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_zero_width_2815807e.hurl @@ -0,0 +1,18 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role zero_width ── +# case_id=TC-2815807e +# case_name=PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{ + "role": "​hello" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_members_userid_put_valid_request_with_all_required_fields_b950209e.hurl b/cases/api_admin_teams_id_members_userid_put_valid_request_with_all_required_fields_b950209e.hurl new file mode 100644 index 0000000..7df596b --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_valid_request_with_all_required_fields_b950209e.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - valid request with all required fields ── +# case_id=TC-b950209e +# case_name=PUT /api/admin/teams/{id}/members/{userId} - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: application/json +```json +{ + "role": "member" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.ok" exists + diff --git a/cases/api_admin_teams_id_members_userid_put_wrong_content_type_text_plain_55f30d0f.hurl b/cases/api_admin_teams_id_members_userid_put_wrong_content_type_text_plain_55f30d0f.hurl new file mode 100644 index 0000000..b19f731 --- /dev/null +++ b/cases/api_admin_teams_id_members_userid_put_wrong_content_type_text_plain_55f30d0f.hurl @@ -0,0 +1,18 @@ +# ── PUT /api/admin/teams/{id}/members/{userId} - wrong content-type (text/plain) ── +# case_id=TC-55f30d0f +# case_name=PUT /api/admin/teams/{id}/members/{userId} - wrong content-type (text/plain) +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id}/members/{userId} +Content-Type: text/plain +```json +{ + "role": "member" +} +``` + +HTTP 415 + diff --git a/cases/api_admin_teams_id_options_owasp_api8_cors_security_configuration_6bbc18bd.hurl b/cases/api_admin_teams_id_options_owasp_api8_cors_security_configuration_6bbc18bd.hurl new file mode 100644 index 0000000..07f3861 --- /dev/null +++ b/cases/api_admin_teams_id_options_owasp_api8_cors_security_configuration_6bbc18bd.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/admin/teams/{id} — CORS security configuration ── +# case_id=TC-6bbc18bd +# case_name=[OWASP-API8] OPTIONS /api/admin/teams/{id} — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/admin/teams/{id} +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_admin_teams_id_put_idempotent_second_call_must_be_safe_1ca0ed36.hurl b/cases/api_admin_teams_id_put_idempotent_second_call_must_be_safe_1ca0ed36.hurl new file mode 100644 index 0000000..2f3ed38 --- /dev/null +++ b/cases/api_admin_teams_id_put_idempotent_second_call_must_be_safe_1ca0ed36.hurl @@ -0,0 +1,47 @@ +# ══════════════════════════════════════════════════ +# PUT /api/admin/teams/{id} - idempotent: second call must be safe +# case_id=TC-1ca0ed36 +# case_name=PUT /api/admin/teams/{id} - idempotent: second call must be safe +# case_kind=chain +# priority=P2 +# ══════════════════════════════════════════════════ + +# ── PUT /api/admin/teams/{id} — first call [setup] ── +# step_id=step-setup +# step_type=setup +# title=PUT /api/admin/teams/{id} — first call + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": "Anything lean when the person spikes.", + "displayName": "dig" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + +# ── PUT /api/admin/teams/{id} — identical second call must be safe [test] ── +# step_id=step-test +# step_type=test +# title=PUT /api/admin/teams/{id} — identical second call must be safe +# depends_on=step-setup + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": "Anything lean when the person spikes.", + "displayName": "dig" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_teams_id_put_idor_id_0_zero_id_3c4cc44b.hurl b/cases/api_admin_teams_id_put_idor_id_0_zero_id_3c4cc44b.hurl new file mode 100644 index 0000000..bc9da10 --- /dev/null +++ b/cases/api_admin_teams_id_put_idor_id_0_zero_id_3c4cc44b.hurl @@ -0,0 +1,16 @@ +# ── PUT /api/admin/teams/{id} - IDOR id=0 (zero_id) ── +# case_id=TC-3c4cc44b +# case_name=PUT /api/admin/teams/{id} - IDOR id=0 (zero_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +PUT {{base_url}}/api/admin/teams/0 + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_put_idor_id_99999_alt_id_d4dddc4b.hurl b/cases/api_admin_teams_id_put_idor_id_99999_alt_id_d4dddc4b.hurl new file mode 100644 index 0000000..513b23f --- /dev/null +++ b/cases/api_admin_teams_id_put_idor_id_99999_alt_id_d4dddc4b.hurl @@ -0,0 +1,16 @@ +# ── PUT /api/admin/teams/{id} - IDOR id=99999 (alt_id) ── +# case_id=TC-d4dddc4b +# case_name=PUT /api/admin/teams/{id} - IDOR id=99999 (alt_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +PUT {{base_url}}/api/admin/teams/99999 + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_put_mass_assignment_financial_probe_4c631268.hurl b/cases/api_admin_teams_id_put_mass_assignment_financial_probe_4c631268.hurl new file mode 100644 index 0000000..982d6d0 --- /dev/null +++ b/cases/api_admin_teams_id_put_mass_assignment_financial_probe_4c631268.hurl @@ -0,0 +1,23 @@ +# ── PUT /api/admin/teams/{id} - [mass_assignment] financial probe ── +# case_id=TC-4c631268 +# case_name=PUT /api/admin/teams/{id} - [mass_assignment] financial probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "balance": 1, + "credits": 1, + "description": "Alert on way thresholds yesterday.", + "discount": 0, + "displayName": "this", + "price": 1 +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_put_mass_assignment_identity_probe_ed4e87e7.hurl b/cases/api_admin_teams_id_put_mass_assignment_identity_probe_ed4e87e7.hurl new file mode 100644 index 0000000..2b6a10d --- /dev/null +++ b/cases/api_admin_teams_id_put_mass_assignment_identity_probe_ed4e87e7.hurl @@ -0,0 +1,23 @@ +# ── PUT /api/admin/teams/{id} - [mass_assignment] identity probe ── +# case_id=TC-ed4e87e7 +# case_name=PUT /api/admin/teams/{id} - [mass_assignment] identity probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "createdBy": "__probe__", + "description": "Alert on way thresholds yesterday.", + "displayName": "this", + "ownerId": "__probe__", + "userId": "__probe__", + "user_id": "__probe__" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_put_mass_assignment_privilege_probe_1b5cbca5.hurl b/cases/api_admin_teams_id_put_mass_assignment_privilege_probe_1b5cbca5.hurl new file mode 100644 index 0000000..89e45d9 --- /dev/null +++ b/cases/api_admin_teams_id_put_mass_assignment_privilege_probe_1b5cbca5.hurl @@ -0,0 +1,23 @@ +# ── PUT /api/admin/teams/{id} - [mass_assignment] privilege probe ── +# case_id=TC-1b5cbca5 +# case_name=PUT /api/admin/teams/{id} - [mass_assignment] privilege probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "admin": true, + "description": "Alert on way thresholds yesterday.", + "displayName": "this", + "isAdmin": true, + "is_admin": true, + "role": "__probe__" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_put_mass_assignment_status_probe_c574427d.hurl b/cases/api_admin_teams_id_put_mass_assignment_status_probe_c574427d.hurl new file mode 100644 index 0000000..676bdf7 --- /dev/null +++ b/cases/api_admin_teams_id_put_mass_assignment_status_probe_c574427d.hurl @@ -0,0 +1,23 @@ +# ── PUT /api/admin/teams/{id} - [mass_assignment] status probe ── +# case_id=TC-c574427d +# case_name=PUT /api/admin/teams/{id} - [mass_assignment] status probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "approved": true, + "banned": false, + "description": "Alert on way thresholds yesterday.", + "disabled": false, + "displayName": "this", + "verified": true +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_put_missing_required_param_id_09825850.hurl b/cases/api_admin_teams_id_put_missing_required_param_id_09825850.hurl new file mode 100644 index 0000000..fb209ab --- /dev/null +++ b/cases/api_admin_teams_id_put_missing_required_param_id_09825850.hurl @@ -0,0 +1,12 @@ +# ── PUT /api/admin/teams/{id} - missing required param "id" ── +# case_id=TC-09825850 +# case_name=PUT /api/admin/teams/{id} - missing required param "id" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +PUT {{base_url}}/api/admin/teams/1 + +HTTP 422 + diff --git a/cases/api_admin_teams_id_put_mutation_description_empty_string_eb263846.hurl b/cases/api_admin_teams_id_put_mutation_description_empty_string_eb263846.hurl new file mode 100644 index 0000000..5e978c4 --- /dev/null +++ b/cases/api_admin_teams_id_put_mutation_description_empty_string_eb263846.hurl @@ -0,0 +1,23 @@ +# ── PUT /api/admin/teams/{id} - mutation: description empty string ── +# case_id=TC-eb263846 +# case_name=PUT /api/admin/teams/{id} - mutation: description empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": "", + "displayName": "shall" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_put_mutation_description_integer_instead_of_string_f0d62caa.hurl b/cases/api_admin_teams_id_put_mutation_description_integer_instead_of_string_f0d62caa.hurl new file mode 100644 index 0000000..f09f80c --- /dev/null +++ b/cases/api_admin_teams_id_put_mutation_description_integer_instead_of_string_f0d62caa.hurl @@ -0,0 +1,23 @@ +# ── PUT /api/admin/teams/{id} - mutation: description integer instead of string ── +# case_id=TC-f0d62caa +# case_name=PUT /api/admin/teams/{id} - mutation: description integer instead of string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": 12345, + "displayName": "shall" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_put_mutation_description_null_value_df8e9c3a.hurl b/cases/api_admin_teams_id_put_mutation_description_null_value_df8e9c3a.hurl new file mode 100644 index 0000000..2309751 --- /dev/null +++ b/cases/api_admin_teams_id_put_mutation_description_null_value_df8e9c3a.hurl @@ -0,0 +1,23 @@ +# ── PUT /api/admin/teams/{id} - mutation: description null value ── +# case_id=TC-df8e9c3a +# case_name=PUT /api/admin/teams/{id} - mutation: description null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": null, + "displayName": "shall" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_put_mutation_description_oversized_string_300_chars_68ace4a3.hurl b/cases/api_admin_teams_id_put_mutation_description_oversized_string_300_chars_68ace4a3.hurl new file mode 100644 index 0000000..8473fc7 --- /dev/null +++ b/cases/api_admin_teams_id_put_mutation_description_oversized_string_300_chars_68ace4a3.hurl @@ -0,0 +1,23 @@ +# ── PUT /api/admin/teams/{id} - mutation: description oversized string (300 chars) ── +# case_id=TC-68ace4a3 +# case_name=PUT /api/admin/teams/{id} - mutation: description oversized string (300 chars) +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "displayName": "shall" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_put_mutation_displayname_empty_string_13a9f6ae.hurl b/cases/api_admin_teams_id_put_mutation_displayname_empty_string_13a9f6ae.hurl new file mode 100644 index 0000000..cfc0bc7 --- /dev/null +++ b/cases/api_admin_teams_id_put_mutation_displayname_empty_string_13a9f6ae.hurl @@ -0,0 +1,23 @@ +# ── PUT /api/admin/teams/{id} - mutation: displayName empty string ── +# case_id=TC-13a9f6ae +# case_name=PUT /api/admin/teams/{id} - mutation: displayName empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": "First of all, document the company and specify the rest.", + "displayName": "" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_put_mutation_displayname_integer_instead_of_string_05b44595.hurl b/cases/api_admin_teams_id_put_mutation_displayname_integer_instead_of_string_05b44595.hurl new file mode 100644 index 0000000..f59ea9a --- /dev/null +++ b/cases/api_admin_teams_id_put_mutation_displayname_integer_instead_of_string_05b44595.hurl @@ -0,0 +1,23 @@ +# ── PUT /api/admin/teams/{id} - mutation: displayName integer instead of string ── +# case_id=TC-05b44595 +# case_name=PUT /api/admin/teams/{id} - mutation: displayName integer instead of string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": "First of all, document the company and specify the rest.", + "displayName": 12345 +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_put_mutation_displayname_null_value_c587ff33.hurl b/cases/api_admin_teams_id_put_mutation_displayname_null_value_c587ff33.hurl new file mode 100644 index 0000000..993a086 --- /dev/null +++ b/cases/api_admin_teams_id_put_mutation_displayname_null_value_c587ff33.hurl @@ -0,0 +1,23 @@ +# ── PUT /api/admin/teams/{id} - mutation: displayName null value ── +# case_id=TC-c587ff33 +# case_name=PUT /api/admin/teams/{id} - mutation: displayName null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": "First of all, document the company and specify the rest.", + "displayName": null +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_put_mutation_displayname_oversized_string_300_chars_7def0ad8.hurl b/cases/api_admin_teams_id_put_mutation_displayname_oversized_string_300_chars_7def0ad8.hurl new file mode 100644 index 0000000..d716424 --- /dev/null +++ b/cases/api_admin_teams_id_put_mutation_displayname_oversized_string_300_chars_7def0ad8.hurl @@ -0,0 +1,23 @@ +# ── PUT /api/admin/teams/{id} - mutation: displayName oversized string (300 chars) ── +# case_id=TC-7def0ad8 +# case_name=PUT /api/admin/teams/{id} - mutation: displayName oversized string (300 chars) +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": "First of all, document the company and specify the rest.", + "displayName": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_put_null_injection_description_794499ad.hurl b/cases/api_admin_teams_id_put_null_injection_description_794499ad.hurl new file mode 100644 index 0000000..b22b02b --- /dev/null +++ b/cases/api_admin_teams_id_put_null_injection_description_794499ad.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/teams/{id} - null injection: description ── +# case_id=TC-794499ad +# case_name=PUT /api/admin/teams/{id} - null injection: description +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": null, + "displayName": "nervous" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_put_null_injection_displayname_6c433e61.hurl b/cases/api_admin_teams_id_put_null_injection_displayname_6c433e61.hurl new file mode 100644 index 0000000..7806003 --- /dev/null +++ b/cases/api_admin_teams_id_put_null_injection_displayname_6c433e61.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/teams/{id} - null injection: displayName ── +# case_id=TC-6c433e61 +# case_name=PUT /api/admin/teams/{id} - null injection: displayName +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": "Publish a changelog entry for the work.", + "displayName": null +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_put_owasp_api1_bola_unauthorized_access_50ace962.hurl b/cases/api_admin_teams_id_put_owasp_api1_bola_unauthorized_access_50ace962.hurl new file mode 100644 index 0000000..e310ad3 --- /dev/null +++ b/cases/api_admin_teams_id_put_owasp_api1_bola_unauthorized_access_50ace962.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API1] PUT /api/admin/teams/{id} — BOLA unauthorized access ── +# case_id=TC-50ace962 +# case_name=[OWASP-API1] PUT /api/admin/teams/{id} — BOLA unauthorized access +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/teams/{{other_resource_id}} + +HTTP 403 + diff --git a/cases/api_admin_teams_id_put_owasp_api2_broken_authentication_fea6c4f7.hurl b/cases/api_admin_teams_id_put_owasp_api2_broken_authentication_fea6c4f7.hurl new file mode 100644 index 0000000..7592b94 --- /dev/null +++ b/cases/api_admin_teams_id_put_owasp_api2_broken_authentication_fea6c4f7.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] PUT /api/admin/teams/{id} — broken authentication ── +# case_id=TC-fea6c4f7 +# case_name=[OWASP-API2] PUT /api/admin/teams/{id} — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/teams/{id} + +HTTP 401 + diff --git a/cases/api_admin_teams_id_put_owasp_api3_bopla_property_level_access_d147b4f6.hurl b/cases/api_admin_teams_id_put_owasp_api3_bopla_property_level_access_d147b4f6.hurl new file mode 100644 index 0000000..e2a71f3 --- /dev/null +++ b/cases/api_admin_teams_id_put_owasp_api3_bopla_property_level_access_d147b4f6.hurl @@ -0,0 +1,25 @@ +# ── [OWASP-API3] PUT /api/admin/teams/{id} — BOPLA property-level access ── +# case_id=TC-d147b4f6 +# case_name=[OWASP-API3] PUT /api/admin/teams/{id} — BOPLA property-level access +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": "Onward to better way!", + "displayName": "moreover", + "is_admin": true, + "role": "admin" +} +``` + +HTTP 200 + +[Asserts] +jsonpath "$.is_admin" != true +jsonpath "$.role" != "admin" + diff --git a/cases/api_admin_teams_id_put_owasp_api5_function_level_authorization_missing_06b71a7c.hurl b/cases/api_admin_teams_id_put_owasp_api5_function_level_authorization_missing_06b71a7c.hurl new file mode 100644 index 0000000..f945882 --- /dev/null +++ b/cases/api_admin_teams_id_put_owasp_api5_function_level_authorization_missing_06b71a7c.hurl @@ -0,0 +1,13 @@ +# ── [OWASP-API5] PUT /api/admin/teams/{id} — function-level authorization missing ── +# case_id=TC-06b71a7c +# case_name=[OWASP-API5] PUT /api/admin/teams/{id} — function-level authorization missing +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +PUT {{base_url}}/api/admin/teams/{id} +Authorization: Bearer {{user_token}} + +HTTP 403 + diff --git a/cases/api_admin_teams_id_put_owasp_api6_mass_assignment_6357ae57.hurl b/cases/api_admin_teams_id_put_owasp_api6_mass_assignment_6357ae57.hurl new file mode 100644 index 0000000..429223c --- /dev/null +++ b/cases/api_admin_teams_id_put_owasp_api6_mass_assignment_6357ae57.hurl @@ -0,0 +1,27 @@ +# ── [OWASP-API6] PUT /api/admin/teams/{id} — mass assignment ── +# case_id=TC-6357ae57 +# case_name=[OWASP-API6] PUT /api/admin/teams/{id} — mass assignment +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "createdAt": "2000-01-01T00:00:00Z", + "description": "Carefully massage the juicer daringly.", + "displayName": "theirs", + "id": 99999, + "updatedAt": "2000-01-01T00:00:00Z" +} +``` + +HTTP 200 + +[Asserts] +jsonpath "$.id" != 99999 +jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" +jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" + diff --git a/cases/api_admin_teams_id_put_owasp_api7_injection_path_traversal_894772da.hurl b/cases/api_admin_teams_id_put_owasp_api7_injection_path_traversal_894772da.hurl new file mode 100644 index 0000000..4ddd626 --- /dev/null +++ b/cases/api_admin_teams_id_put_owasp_api7_injection_path_traversal_894772da.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] PUT /api/admin/teams/{id} — injection (path-traversal) ── +# case_id=TC-894772da +# case_name=[OWASP-API7] PUT /api/admin/teams/{id} — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_put_owasp_api7_injection_sqli_c7f786e4.hurl b/cases/api_admin_teams_id_put_owasp_api7_injection_sqli_c7f786e4.hurl new file mode 100644 index 0000000..abf24db --- /dev/null +++ b/cases/api_admin_teams_id_put_owasp_api7_injection_sqli_c7f786e4.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] PUT /api/admin/teams/{id} — injection (sqli) ── +# case_id=TC-c7f786e4 +# case_name=[OWASP-API7] PUT /api/admin/teams/{id} — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/teams/%27%20OR%201=1-- +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_put_owasp_api7_injection_xss_d3681129.hurl b/cases/api_admin_teams_id_put_owasp_api7_injection_xss_d3681129.hurl new file mode 100644 index 0000000..7ce62a7 --- /dev/null +++ b/cases/api_admin_teams_id_put_owasp_api7_injection_xss_d3681129.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] PUT /api/admin/teams/{id} — injection (xss) ── +# case_id=TC-d3681129 +# case_name=[OWASP-API7] PUT /api/admin/teams/{id} — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_put_type_coercion_description_wrong_type_boolean_6dd640a7.hurl b/cases/api_admin_teams_id_put_type_coercion_description_wrong_type_boolean_6dd640a7.hurl new file mode 100644 index 0000000..1f4dc9c --- /dev/null +++ b/cases/api_admin_teams_id_put_type_coercion_description_wrong_type_boolean_6dd640a7.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/teams/{id} - [type_coercion] description wrong_type_boolean ── +# case_id=TC-6dd640a7 +# case_name=PUT /api/admin/teams/{id} - [type_coercion] description wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": true, + "displayName": "addition" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_put_type_coercion_description_wrong_type_integer_3296a87f.hurl b/cases/api_admin_teams_id_put_type_coercion_description_wrong_type_integer_3296a87f.hurl new file mode 100644 index 0000000..cc816ac --- /dev/null +++ b/cases/api_admin_teams_id_put_type_coercion_description_wrong_type_integer_3296a87f.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/teams/{id} - [type_coercion] description wrong_type_integer ── +# case_id=TC-3296a87f +# case_name=PUT /api/admin/teams/{id} - [type_coercion] description wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": 123, + "displayName": "addition" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_put_type_coercion_displayname_wrong_type_boolean_ccdc6ae5.hurl b/cases/api_admin_teams_id_put_type_coercion_displayname_wrong_type_boolean_ccdc6ae5.hurl new file mode 100644 index 0000000..f2bb529 --- /dev/null +++ b/cases/api_admin_teams_id_put_type_coercion_displayname_wrong_type_boolean_ccdc6ae5.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/teams/{id} - [type_coercion] displayName wrong_type_boolean ── +# case_id=TC-ccdc6ae5 +# case_name=PUT /api/admin/teams/{id} - [type_coercion] displayName wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": "Visualize hand for faster decisions.", + "displayName": true +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_put_type_coercion_displayname_wrong_type_integer_3ade9411.hurl b/cases/api_admin_teams_id_put_type_coercion_displayname_wrong_type_integer_3ade9411.hurl new file mode 100644 index 0000000..c12143b --- /dev/null +++ b/cases/api_admin_teams_id_put_type_coercion_displayname_wrong_type_integer_3ade9411.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/teams/{id} - [type_coercion] displayName wrong_type_integer ── +# case_id=TC-3ade9411 +# case_name=PUT /api/admin/teams/{id} - [type_coercion] displayName wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": "Visualize hand for faster decisions.", + "displayName": 123 +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_id_put_unicode_fuzzing_description_bidi_override_c42ef106.hurl b/cases/api_admin_teams_id_put_unicode_fuzzing_description_bidi_override_c42ef106.hurl new file mode 100644 index 0000000..ecd7409 --- /dev/null +++ b/cases/api_admin_teams_id_put_unicode_fuzzing_description_bidi_override_c42ef106.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/teams/{id} - [unicode_fuzzing] description bidi_override ── +# case_id=TC-c42ef106 +# case_name=PUT /api/admin/teams/{id} - [unicode_fuzzing] description bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": "‮hello", + "displayName": "quarterly" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_put_unicode_fuzzing_description_control_char_d9200d81.hurl b/cases/api_admin_teams_id_put_unicode_fuzzing_description_control_char_d9200d81.hurl new file mode 100644 index 0000000..399a338 --- /dev/null +++ b/cases/api_admin_teams_id_put_unicode_fuzzing_description_control_char_d9200d81.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/teams/{id} - [unicode_fuzzing] description control_char ── +# case_id=TC-d9200d81 +# case_name=PUT /api/admin/teams/{id} - [unicode_fuzzing] description control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": "hello\u0000world", + "displayName": "quarterly" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_put_unicode_fuzzing_description_overlong_a87f58e7.hurl b/cases/api_admin_teams_id_put_unicode_fuzzing_description_overlong_a87f58e7.hurl new file mode 100644 index 0000000..e4ae1f6 --- /dev/null +++ b/cases/api_admin_teams_id_put_unicode_fuzzing_description_overlong_a87f58e7.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/teams/{id} - [unicode_fuzzing] description overlong ── +# case_id=TC-a87f58e7 +# case_name=PUT /api/admin/teams/{id} - [unicode_fuzzing] description overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "displayName": "quarterly" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_put_unicode_fuzzing_description_zalgo_e354e0de.hurl b/cases/api_admin_teams_id_put_unicode_fuzzing_description_zalgo_e354e0de.hurl new file mode 100644 index 0000000..daa895e --- /dev/null +++ b/cases/api_admin_teams_id_put_unicode_fuzzing_description_zalgo_e354e0de.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/teams/{id} - [unicode_fuzzing] description zalgo ── +# case_id=TC-e354e0de +# case_name=PUT /api/admin/teams/{id} - [unicode_fuzzing] description zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": "z̀́̂̃̄̅̆̇a", + "displayName": "quarterly" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_put_unicode_fuzzing_description_zero_width_1f9507e6.hurl b/cases/api_admin_teams_id_put_unicode_fuzzing_description_zero_width_1f9507e6.hurl new file mode 100644 index 0000000..c13ec99 --- /dev/null +++ b/cases/api_admin_teams_id_put_unicode_fuzzing_description_zero_width_1f9507e6.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/teams/{id} - [unicode_fuzzing] description zero_width ── +# case_id=TC-1f9507e6 +# case_name=PUT /api/admin/teams/{id} - [unicode_fuzzing] description zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": "​hello", + "displayName": "quarterly" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_bidi_override_7c97c5e9.hurl b/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_bidi_override_7c97c5e9.hurl new file mode 100644 index 0000000..3ec1f20 --- /dev/null +++ b/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_bidi_override_7c97c5e9.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName bidi_override ── +# case_id=TC-7c97c5e9 +# case_name=PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": "Warm starts beat cold work.", + "displayName": "‮hello" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_control_char_39195267.hurl b/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_control_char_39195267.hurl new file mode 100644 index 0000000..3609a8e --- /dev/null +++ b/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_control_char_39195267.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName control_char ── +# case_id=TC-39195267 +# case_name=PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": "Warm starts beat cold work.", + "displayName": "hello\u0000world" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_overlong_cb9e326e.hurl b/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_overlong_cb9e326e.hurl new file mode 100644 index 0000000..d631292 --- /dev/null +++ b/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_overlong_cb9e326e.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName overlong ── +# case_id=TC-cb9e326e +# case_name=PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": "Warm starts beat cold work.", + "displayName": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_zalgo_5add01e6.hurl b/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_zalgo_5add01e6.hurl new file mode 100644 index 0000000..91e658d --- /dev/null +++ b/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_zalgo_5add01e6.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName zalgo ── +# case_id=TC-5add01e6 +# case_name=PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": "Warm starts beat cold work.", + "displayName": "z̀́̂̃̄̅̆̇a" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_zero_width_a1cdc859.hurl b/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_zero_width_a1cdc859.hurl new file mode 100644 index 0000000..f6f49a1 --- /dev/null +++ b/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_zero_width_a1cdc859.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName zero_width ── +# case_id=TC-a1cdc859 +# case_name=PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": "Warm starts beat cold work.", + "displayName": "​hello" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_put_valid_request_with_all_required_fields_92de58a1.hurl b/cases/api_admin_teams_id_put_valid_request_with_all_required_fields_92de58a1.hurl new file mode 100644 index 0000000..e869e37 --- /dev/null +++ b/cases/api_admin_teams_id_put_valid_request_with_all_required_fields_92de58a1.hurl @@ -0,0 +1,29 @@ +# ── PUT /api/admin/teams/{id} - valid request with all required fields ── +# case_id=TC-92de58a1 +# case_name=PUT /api/admin/teams/{id} - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: application/json +```json +{ + "description": "Optimize company for lovely clarity.", + "displayName": "snore" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.isDeletable" exists +jsonpath "$.name" exists +jsonpath "$.createdAt" exists +jsonpath "$.description" exists +jsonpath "$.displayName" exists +jsonpath "$.id" exists +jsonpath "$.isDefault" exists + diff --git a/cases/api_admin_teams_id_put_wrong_content_type_text_plain_a77a2981.hurl b/cases/api_admin_teams_id_put_wrong_content_type_text_plain_a77a2981.hurl new file mode 100644 index 0000000..a570982 --- /dev/null +++ b/cases/api_admin_teams_id_put_wrong_content_type_text_plain_a77a2981.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/teams/{id} - wrong content-type (text/plain) ── +# case_id=TC-a77a2981 +# case_name=PUT /api/admin/teams/{id} - wrong content-type (text/plain) +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +PUT {{base_url}}/api/admin/teams/{id} +Content-Type: text/plain +```json +{ + "description": "Publish a changelog entry for the work.", + "displayName": "nervous" +} +``` + +HTTP 415 + diff --git a/cases/api_admin_teams_id_services_get_idor_id_0_zero_id_405d2163.hurl b/cases/api_admin_teams_id_services_get_idor_id_0_zero_id_405d2163.hurl new file mode 100644 index 0000000..03cc3be --- /dev/null +++ b/cases/api_admin_teams_id_services_get_idor_id_0_zero_id_405d2163.hurl @@ -0,0 +1,16 @@ +# ── GET /api/admin/teams/{id}/services - IDOR id=0 (zero_id) ── +# case_id=TC-405d2163 +# case_name=GET /api/admin/teams/{id}/services - IDOR id=0 (zero_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +GET {{base_url}}/api/admin/teams/0/services + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_services_get_idor_id_99999_alt_id_09f2f077.hurl b/cases/api_admin_teams_id_services_get_idor_id_99999_alt_id_09f2f077.hurl new file mode 100644 index 0000000..6b2e007 --- /dev/null +++ b/cases/api_admin_teams_id_services_get_idor_id_99999_alt_id_09f2f077.hurl @@ -0,0 +1,16 @@ +# ── GET /api/admin/teams/{id}/services - IDOR id=99999 (alt_id) ── +# case_id=TC-09f2f077 +# case_name=GET /api/admin/teams/{id}/services - IDOR id=99999 (alt_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +GET {{base_url}}/api/admin/teams/99999/services + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_id_services_get_missing_required_param_id_bbd8e250.hurl b/cases/api_admin_teams_id_services_get_missing_required_param_id_bbd8e250.hurl new file mode 100644 index 0000000..b60670d --- /dev/null +++ b/cases/api_admin_teams_id_services_get_missing_required_param_id_bbd8e250.hurl @@ -0,0 +1,12 @@ +# ── GET /api/admin/teams/{id}/services - missing required param "id" ── +# case_id=TC-bbd8e250 +# case_name=GET /api/admin/teams/{id}/services - missing required param "id" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +GET {{base_url}}/api/admin/teams/1/services + +HTTP 422 + diff --git a/cases/api_admin_teams_id_services_get_owasp_api1_bola_unauthorized_access_ce61c6bf.hurl b/cases/api_admin_teams_id_services_get_owasp_api1_bola_unauthorized_access_ce61c6bf.hurl new file mode 100644 index 0000000..853f19b --- /dev/null +++ b/cases/api_admin_teams_id_services_get_owasp_api1_bola_unauthorized_access_ce61c6bf.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API1] GET /api/admin/teams/{id}/services — BOLA unauthorized access ── +# case_id=TC-ce61c6bf +# case_name=[OWASP-API1] GET /api/admin/teams/{id}/services — BOLA unauthorized access +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/admin/teams/{{other_resource_id}}/services + +HTTP 403 + diff --git a/cases/api_admin_teams_id_services_get_owasp_api2_broken_authentication_29194ed9.hurl b/cases/api_admin_teams_id_services_get_owasp_api2_broken_authentication_29194ed9.hurl new file mode 100644 index 0000000..6996e29 --- /dev/null +++ b/cases/api_admin_teams_id_services_get_owasp_api2_broken_authentication_29194ed9.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] GET /api/admin/teams/{id}/services — broken authentication ── +# case_id=TC-29194ed9 +# case_name=[OWASP-API2] GET /api/admin/teams/{id}/services — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/admin/teams/{id}/services + +HTTP 401 + diff --git a/cases/api_admin_teams_id_services_get_owasp_api5_function_level_authorization_missing_edc7b8fe.hurl b/cases/api_admin_teams_id_services_get_owasp_api5_function_level_authorization_missing_edc7b8fe.hurl new file mode 100644 index 0000000..e04b8d6 --- /dev/null +++ b/cases/api_admin_teams_id_services_get_owasp_api5_function_level_authorization_missing_edc7b8fe.hurl @@ -0,0 +1,13 @@ +# ── [OWASP-API5] GET /api/admin/teams/{id}/services — function-level authorization missing ── +# case_id=TC-edc7b8fe +# case_name=[OWASP-API5] GET /api/admin/teams/{id}/services — function-level authorization missing +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +GET {{base_url}}/api/admin/teams/{id}/services +Authorization: Bearer {{user_token}} + +HTTP 403 + diff --git a/cases/api_admin_teams_id_services_get_owasp_api7_injection_path_traversal_961479c7.hurl b/cases/api_admin_teams_id_services_get_owasp_api7_injection_path_traversal_961479c7.hurl new file mode 100644 index 0000000..63c5c16 --- /dev/null +++ b/cases/api_admin_teams_id_services_get_owasp_api7_injection_path_traversal_961479c7.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/admin/teams/{id}/services — injection (path-traversal) ── +# case_id=TC-961479c7 +# case_name=[OWASP-API7] GET /api/admin/teams/{id}/services — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/services +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_services_get_owasp_api7_injection_sqli_2e72efb4.hurl b/cases/api_admin_teams_id_services_get_owasp_api7_injection_sqli_2e72efb4.hurl new file mode 100644 index 0000000..515eb7e --- /dev/null +++ b/cases/api_admin_teams_id_services_get_owasp_api7_injection_sqli_2e72efb4.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/admin/teams/{id}/services — injection (sqli) ── +# case_id=TC-2e72efb4 +# case_name=[OWASP-API7] GET /api/admin/teams/{id}/services — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/admin/teams/%27%20OR%201=1--/services +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_services_get_owasp_api7_injection_xss_80ccb269.hurl b/cases/api_admin_teams_id_services_get_owasp_api7_injection_xss_80ccb269.hurl new file mode 100644 index 0000000..2f1f8f8 --- /dev/null +++ b/cases/api_admin_teams_id_services_get_owasp_api7_injection_xss_80ccb269.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/admin/teams/{id}/services — injection (xss) ── +# case_id=TC-80ccb269 +# case_name=[OWASP-API7] GET /api/admin/teams/{id}/services — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/services +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_id_services_get_valid_request_with_all_required_fields_1b69193c.hurl b/cases/api_admin_teams_id_services_get_valid_request_with_all_required_fields_1b69193c.hurl new file mode 100644 index 0000000..daeee0b --- /dev/null +++ b/cases/api_admin_teams_id_services_get_valid_request_with_all_required_fields_1b69193c.hurl @@ -0,0 +1,16 @@ +# ── GET /api/admin/teams/{id}/services - valid request with all required fields ── +# case_id=TC-1b69193c +# case_name=GET /api/admin/teams/{id}/services - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +GET {{base_url}}/api/admin/teams/{id}/services + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.services" exists + diff --git a/cases/api_admin_teams_id_services_options_owasp_api8_cors_security_configuration_84a2058d.hurl b/cases/api_admin_teams_id_services_options_owasp_api8_cors_security_configuration_84a2058d.hurl new file mode 100644 index 0000000..61484d2 --- /dev/null +++ b/cases/api_admin_teams_id_services_options_owasp_api8_cors_security_configuration_84a2058d.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/admin/teams/{id}/services — CORS security configuration ── +# case_id=TC-84a2058d +# case_name=[OWASP-API8] OPTIONS /api/admin/teams/{id}/services — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/admin/teams/{id}/services +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_admin_teams_options_owasp_api8_cors_security_configuration_ad2f2f8a.hurl b/cases/api_admin_teams_options_owasp_api8_cors_security_configuration_ad2f2f8a.hurl new file mode 100644 index 0000000..1b53a8f --- /dev/null +++ b/cases/api_admin_teams_options_owasp_api8_cors_security_configuration_ad2f2f8a.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/admin/teams — CORS security configuration ── +# case_id=TC-ad2f2f8a +# case_name=[OWASP-API8] OPTIONS /api/admin/teams — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/admin/teams +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_admin_teams_post_auth_chain_4c68c418.hurl b/cases/api_admin_teams_post_auth_chain_4c68c418.hurl new file mode 100644 index 0000000..a3eb594 --- /dev/null +++ b/cases/api_admin_teams_post_auth_chain_4c68c418.hurl @@ -0,0 +1,52 @@ +# ══════════════════════════════════════════════════ +# auth chain: POST /api/admin/teams +# case_id=TC-4c68c418 +# case_name=auth chain: POST /api/admin/teams +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── authenticate via POST /api/tokens [setup] ── +# step_id=step-auth +# step_type=setup +# title=authenticate via POST /api/tokens + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Jakob Jensen", + "scope": "write" +} +``` + +HTTP * + +[Captures] +authToken: jsonpath "$.token" + +[Asserts] +status < 300 + +# ── POST /api/admin/teams with auth token [test] ── +# step_id=step-test +# step_type=test +# title=POST /api/admin/teams with auth token +# depends_on=step-auth + +POST {{base_url}}/api/admin/teams +Authorization: Bearer {{authToken}} +Content-Type: application/json +```json +{ + "description": "The government should confusing.", + "displayName": "yours", + "name": "Lee Burton" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_teams_post_field_boundary_name_invalid_below_min_f9b893d9.hurl b/cases/api_admin_teams_post_field_boundary_name_invalid_below_min_f9b893d9.hurl new file mode 100644 index 0000000..19c541f --- /dev/null +++ b/cases/api_admin_teams_post_field_boundary_name_invalid_below_min_f9b893d9.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams - [field_boundary] name invalid_below_min ── +# case_id=TC-f9b893d9 +# case_name=POST /api/admin/teams - [field_boundary] name invalid_below_min +# step_id=step-main +# step_type=test +# technique=field_boundary +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "The lingering fact been unexpectedly tensely.", + "displayName": "yours", + "name": "" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_post_field_boundary_name_valid_min_787507a6.hurl b/cases/api_admin_teams_post_field_boundary_name_valid_min_787507a6.hurl new file mode 100644 index 0000000..924b706 --- /dev/null +++ b/cases/api_admin_teams_post_field_boundary_name_valid_min_787507a6.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams - [field_boundary] name valid_min ── +# case_id=TC-787507a6 +# case_name=POST /api/admin/teams - [field_boundary] name valid_min +# step_id=step-main +# step_type=test +# technique=field_boundary +# priority=P1 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Guard world with sensible limits.", + "displayName": "those", + "name": "a" +} +``` + +HTTP * + +[Asserts] +status >= 200 +status < 300 + diff --git a/cases/api_admin_teams_post_idempotent_second_call_must_be_safe_bee426f4.hurl b/cases/api_admin_teams_post_idempotent_second_call_must_be_safe_bee426f4.hurl new file mode 100644 index 0000000..d18d264 --- /dev/null +++ b/cases/api_admin_teams_post_idempotent_second_call_must_be_safe_bee426f4.hurl @@ -0,0 +1,49 @@ +# ══════════════════════════════════════════════════ +# POST /api/admin/teams - idempotent: second call must be safe +# case_id=TC-bee426f4 +# case_name=POST /api/admin/teams - idempotent: second call must be safe +# case_kind=chain +# priority=P2 +# ══════════════════════════════════════════════════ + +# ── POST /api/admin/teams — first call [setup] ── +# step_id=step-setup +# step_type=setup +# title=POST /api/admin/teams — first call + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Theirs year do ready for idea.", + "displayName": "quality", + "name": "Lillie Hart" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + +# ── POST /api/admin/teams — identical second call must be safe [test] ── +# step_id=step-test +# step_type=test +# title=POST /api/admin/teams — identical second call must be safe +# depends_on=step-setup + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Theirs year do ready for idea.", + "displayName": "quality", + "name": "Lillie Hart" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_teams_post_invalid_name_empty_string_violates_minlength_1_97aa6ff1.hurl b/cases/api_admin_teams_post_invalid_name_empty_string_violates_minlength_1_97aa6ff1.hurl new file mode 100644 index 0000000..ee601e7 --- /dev/null +++ b/cases/api_admin_teams_post_invalid_name_empty_string_violates_minlength_1_97aa6ff1.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - invalid name: empty string violates minLength 1 ── +# case_id=TC-97aa6ff1 +# case_name=POST /api/admin/teams - invalid name: empty string violates minLength 1 +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Track thing over time weekly.", + "displayName": "everybody", + "name": "" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_post_mass_assignment_financial_probe_3c2025cc.hurl b/cases/api_admin_teams_post_mass_assignment_financial_probe_3c2025cc.hurl new file mode 100644 index 0000000..9ecfe2c --- /dev/null +++ b/cases/api_admin_teams_post_mass_assignment_financial_probe_3c2025cc.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams - [mass_assignment] financial probe ── +# case_id=TC-3c2025cc +# case_name=POST /api/admin/teams - [mass_assignment] financial probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "balance": 1, + "credits": 1, + "description": "Prefer predictable group over surprising thing.", + "discount": 0, + "displayName": "tensely", + "name": "Jalen Lyons", + "price": 1 +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_post_mass_assignment_identity_probe_82f380ef.hurl b/cases/api_admin_teams_post_mass_assignment_identity_probe_82f380ef.hurl new file mode 100644 index 0000000..96f918a --- /dev/null +++ b/cases/api_admin_teams_post_mass_assignment_identity_probe_82f380ef.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams - [mass_assignment] identity probe ── +# case_id=TC-82f380ef +# case_name=POST /api/admin/teams - [mass_assignment] identity probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "createdBy": "__probe__", + "description": "Prefer predictable group over surprising thing.", + "displayName": "tensely", + "name": "Jalen Lyons", + "ownerId": "__probe__", + "userId": "__probe__", + "user_id": "__probe__" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_post_mass_assignment_privilege_probe_ed2bac60.hurl b/cases/api_admin_teams_post_mass_assignment_privilege_probe_ed2bac60.hurl new file mode 100644 index 0000000..b5a9ae5 --- /dev/null +++ b/cases/api_admin_teams_post_mass_assignment_privilege_probe_ed2bac60.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams - [mass_assignment] privilege probe ── +# case_id=TC-ed2bac60 +# case_name=POST /api/admin/teams - [mass_assignment] privilege probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "admin": true, + "description": "Prefer predictable group over surprising thing.", + "displayName": "tensely", + "isAdmin": true, + "is_admin": true, + "name": "Jalen Lyons", + "role": "__probe__" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_post_mass_assignment_status_probe_9b89bdf9.hurl b/cases/api_admin_teams_post_mass_assignment_status_probe_9b89bdf9.hurl new file mode 100644 index 0000000..fea83e7 --- /dev/null +++ b/cases/api_admin_teams_post_mass_assignment_status_probe_9b89bdf9.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams - [mass_assignment] status probe ── +# case_id=TC-9b89bdf9 +# case_name=POST /api/admin/teams - [mass_assignment] status probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "approved": true, + "banned": false, + "description": "Prefer predictable group over surprising thing.", + "disabled": false, + "displayName": "tensely", + "name": "Jalen Lyons", + "verified": true +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_post_missing_required_field_name_11fe758b.hurl b/cases/api_admin_teams_post_missing_required_field_name_11fe758b.hurl new file mode 100644 index 0000000..2ed39c1 --- /dev/null +++ b/cases/api_admin_teams_post_missing_required_field_name_11fe758b.hurl @@ -0,0 +1,19 @@ +# ── POST /api/admin/teams - missing required field "name" ── +# case_id=TC-11fe758b +# case_name=POST /api/admin/teams - missing required field "name" +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P1 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Celebrate wins tied to the man.", + "displayName": "lastly" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_post_missing_required_field_name_80c70bf8.hurl b/cases/api_admin_teams_post_missing_required_field_name_80c70bf8.hurl new file mode 100644 index 0000000..fa0a76f --- /dev/null +++ b/cases/api_admin_teams_post_missing_required_field_name_80c70bf8.hurl @@ -0,0 +1,19 @@ +# ── POST /api/admin/teams - missing required field "name" ── +# case_id=TC-80c70bf8 +# case_name=POST /api/admin/teams - missing required field "name" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Track thing over time weekly.", + "displayName": "everybody" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_post_mutation_description_empty_string_569a3993.hurl b/cases/api_admin_teams_post_mutation_description_empty_string_569a3993.hurl new file mode 100644 index 0000000..2cd8e86 --- /dev/null +++ b/cases/api_admin_teams_post_mutation_description_empty_string_569a3993.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams - mutation: description empty string ── +# case_id=TC-569a3993 +# case_name=POST /api/admin/teams - mutation: description empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "", + "displayName": "his", + "name": "Alysson Tucker" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_post_mutation_description_integer_instead_of_string_4d295fcc.hurl b/cases/api_admin_teams_post_mutation_description_integer_instead_of_string_4d295fcc.hurl new file mode 100644 index 0000000..4fe4b43 --- /dev/null +++ b/cases/api_admin_teams_post_mutation_description_integer_instead_of_string_4d295fcc.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams - mutation: description integer instead of string ── +# case_id=TC-4d295fcc +# case_name=POST /api/admin/teams - mutation: description integer instead of string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": 12345, + "displayName": "his", + "name": "Alysson Tucker" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_post_mutation_description_null_value_672e2bba.hurl b/cases/api_admin_teams_post_mutation_description_null_value_672e2bba.hurl new file mode 100644 index 0000000..e56d5d8 --- /dev/null +++ b/cases/api_admin_teams_post_mutation_description_null_value_672e2bba.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams - mutation: description null value ── +# case_id=TC-672e2bba +# case_name=POST /api/admin/teams - mutation: description null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": null, + "displayName": "his", + "name": "Alysson Tucker" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_post_mutation_description_oversized_string_300_chars_20eb5b64.hurl b/cases/api_admin_teams_post_mutation_description_oversized_string_300_chars_20eb5b64.hurl new file mode 100644 index 0000000..f102517 --- /dev/null +++ b/cases/api_admin_teams_post_mutation_description_oversized_string_300_chars_20eb5b64.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams - mutation: description oversized string (300 chars) ── +# case_id=TC-20eb5b64 +# case_name=POST /api/admin/teams - mutation: description oversized string (300 chars) +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "displayName": "his", + "name": "Alysson Tucker" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_post_mutation_displayname_empty_string_34993282.hurl b/cases/api_admin_teams_post_mutation_displayname_empty_string_34993282.hurl new file mode 100644 index 0000000..52ec2e1 --- /dev/null +++ b/cases/api_admin_teams_post_mutation_displayname_empty_string_34993282.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams - mutation: displayName empty string ── +# case_id=TC-34993282 +# case_name=POST /api/admin/teams - mutation: displayName empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "At this point the review, you want the number.", + "displayName": "", + "name": "Alysson Tucker" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_post_mutation_displayname_integer_instead_of_string_c361779d.hurl b/cases/api_admin_teams_post_mutation_displayname_integer_instead_of_string_c361779d.hurl new file mode 100644 index 0000000..55f43c7 --- /dev/null +++ b/cases/api_admin_teams_post_mutation_displayname_integer_instead_of_string_c361779d.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams - mutation: displayName integer instead of string ── +# case_id=TC-c361779d +# case_name=POST /api/admin/teams - mutation: displayName integer instead of string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "At this point the review, you want the number.", + "displayName": 12345, + "name": "Alysson Tucker" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_post_mutation_displayname_null_value_782f4da8.hurl b/cases/api_admin_teams_post_mutation_displayname_null_value_782f4da8.hurl new file mode 100644 index 0000000..f9a802a --- /dev/null +++ b/cases/api_admin_teams_post_mutation_displayname_null_value_782f4da8.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams - mutation: displayName null value ── +# case_id=TC-782f4da8 +# case_name=POST /api/admin/teams - mutation: displayName null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "At this point the review, you want the number.", + "displayName": null, + "name": "Alysson Tucker" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_post_mutation_displayname_oversized_string_300_chars_b00969d7.hurl b/cases/api_admin_teams_post_mutation_displayname_oversized_string_300_chars_b00969d7.hurl new file mode 100644 index 0000000..8664ae6 --- /dev/null +++ b/cases/api_admin_teams_post_mutation_displayname_oversized_string_300_chars_b00969d7.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams - mutation: displayName oversized string (300 chars) ── +# case_id=TC-b00969d7 +# case_name=POST /api/admin/teams - mutation: displayName oversized string (300 chars) +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "At this point the review, you want the number.", + "displayName": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "name": "Alysson Tucker" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_post_mutation_name_empty_string_e4058fd4.hurl b/cases/api_admin_teams_post_mutation_name_empty_string_e4058fd4.hurl new file mode 100644 index 0000000..04676c9 --- /dev/null +++ b/cases/api_admin_teams_post_mutation_name_empty_string_e4058fd4.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams - mutation: name empty string ── +# case_id=TC-e4058fd4 +# case_name=POST /api/admin/teams - mutation: name empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "At this point the review, you want the number.", + "displayName": "his", + "name": "" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_post_mutation_name_null_value_ec9e6e43.hurl b/cases/api_admin_teams_post_mutation_name_null_value_ec9e6e43.hurl new file mode 100644 index 0000000..53c6a67 --- /dev/null +++ b/cases/api_admin_teams_post_mutation_name_null_value_ec9e6e43.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/teams - mutation: name null value ── +# case_id=TC-ec9e6e43 +# case_name=POST /api/admin/teams - mutation: name null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "At this point the review, you want the number.", + "displayName": "his", + "name": null +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_post_name_at_max_plus_one_invalid_boundary_5330751c.hurl b/cases/api_admin_teams_post_name_at_max_plus_one_invalid_boundary_5330751c.hurl new file mode 100644 index 0000000..206447d --- /dev/null +++ b/cases/api_admin_teams_post_name_at_max_plus_one_invalid_boundary_5330751c.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - name at max_plus_one_invalid boundary ── +# case_id=TC-5330751c +# case_name=POST /api/admin/teams - name at max_plus_one_invalid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Set a realistic target for year.", + "displayName": "moreover", + "name": "NsuMXKIpRYHIsYlDqMIwHXCpmoJEoGRjveFxqkteFFRHsDPXXDkOZQyCTvmlDediiHwswqMHROyBnxWdJtPOyhacYUuBuSvUUwXvrUKWVzudMnyjVntJuUYzBPFCotHeHkpYmkHdUOShzqofcgBtwMxJUjYmOXFRzNOHavFSdrdDbcwRZENjxPYAsrFWybsnpNXjCoirqTPMReAhczhfudWubkAFgtGBfAYCjEEcpOFGrDbNiwwxeNwTsovFnExW" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_post_name_at_max_valid_boundary_b9c84944.hurl b/cases/api_admin_teams_post_name_at_max_valid_boundary_b9c84944.hurl new file mode 100644 index 0000000..69578f8 --- /dev/null +++ b/cases/api_admin_teams_post_name_at_max_valid_boundary_b9c84944.hurl @@ -0,0 +1,23 @@ +# ── POST /api/admin/teams - name at max_valid boundary ── +# case_id=TC-b9c84944 +# case_name=POST /api/admin/teams - name at max_valid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P1 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Set a realistic target for year.", + "displayName": "moreover", + "name": "QwCYspLXkpxGOghGBAQQBwflPXgoWvhGdSfHetGtYilHuuDTyQSJhKPGDgKczaCxDpqtPwSxTRBXZsvwyOKFUjPlXpiZYdiKJDkXXVdorLRBbSwkWgnsOYWFORpmxttOkrxBSpnwCjUTtdlyJAHEngHXxdIWDaffLvZkTZkWCJUVyiifCZgqSawuIlAGbEiAnDOroikvCBKifoHJslPiNnNblPtqCBgLmeBPgAYPdKbwYJijByQnQztRjhIMyOD" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_teams_post_name_at_min_minus_one_invalid_boundary_2ccbadc2.hurl b/cases/api_admin_teams_post_name_at_min_minus_one_invalid_boundary_2ccbadc2.hurl new file mode 100644 index 0000000..ffe500c --- /dev/null +++ b/cases/api_admin_teams_post_name_at_min_minus_one_invalid_boundary_2ccbadc2.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - name at min_minus_one_invalid boundary ── +# case_id=TC-2ccbadc2 +# case_name=POST /api/admin/teams - name at min_minus_one_invalid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Set a realistic target for year.", + "displayName": "moreover", + "name": "s" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_post_name_at_min_valid_boundary_084178e7.hurl b/cases/api_admin_teams_post_name_at_min_valid_boundary_084178e7.hurl new file mode 100644 index 0000000..161dd96 --- /dev/null +++ b/cases/api_admin_teams_post_name_at_min_valid_boundary_084178e7.hurl @@ -0,0 +1,23 @@ +# ── POST /api/admin/teams - name at min_valid boundary ── +# case_id=TC-084178e7 +# case_name=POST /api/admin/teams - name at min_valid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P1 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Set a realistic target for year.", + "displayName": "moreover", + "name": "X" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_teams_post_null_injection_description_5294fe7b.hurl b/cases/api_admin_teams_post_null_injection_description_5294fe7b.hurl new file mode 100644 index 0000000..5729613 --- /dev/null +++ b/cases/api_admin_teams_post_null_injection_description_5294fe7b.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - null injection: description ── +# case_id=TC-5294fe7b +# case_name=POST /api/admin/teams - null injection: description +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": null, + "displayName": "should", + "name": "Chloe Oliver" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_post_null_injection_displayname_acaa7cdb.hurl b/cases/api_admin_teams_post_null_injection_displayname_acaa7cdb.hurl new file mode 100644 index 0000000..1ac66d8 --- /dev/null +++ b/cases/api_admin_teams_post_null_injection_displayname_acaa7cdb.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - null injection: displayName ── +# case_id=TC-acaa7cdb +# case_name=POST /api/admin/teams - null injection: displayName +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Explicitly name the person before you wrap it.", + "displayName": null, + "name": "Chloe Oliver" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_post_null_injection_name_abe4e3e2.hurl b/cases/api_admin_teams_post_null_injection_name_abe4e3e2.hurl new file mode 100644 index 0000000..f3eef6c --- /dev/null +++ b/cases/api_admin_teams_post_null_injection_name_abe4e3e2.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - null injection: name ── +# case_id=TC-abe4e3e2 +# case_name=POST /api/admin/teams - null injection: name +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Explicitly name the person before you wrap it.", + "displayName": "should", + "name": null +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_post_owasp_api2_broken_authentication_0f5c6cec.hurl b/cases/api_admin_teams_post_owasp_api2_broken_authentication_0f5c6cec.hurl new file mode 100644 index 0000000..70ef75b --- /dev/null +++ b/cases/api_admin_teams_post_owasp_api2_broken_authentication_0f5c6cec.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] POST /api/admin/teams — broken authentication ── +# case_id=TC-0f5c6cec +# case_name=[OWASP-API2] POST /api/admin/teams — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/teams + +HTTP 401 + diff --git a/cases/api_admin_teams_post_owasp_api5_function_level_authorization_missing_2df9f5ad.hurl b/cases/api_admin_teams_post_owasp_api5_function_level_authorization_missing_2df9f5ad.hurl new file mode 100644 index 0000000..d6f775b --- /dev/null +++ b/cases/api_admin_teams_post_owasp_api5_function_level_authorization_missing_2df9f5ad.hurl @@ -0,0 +1,13 @@ +# ── [OWASP-API5] POST /api/admin/teams — function-level authorization missing ── +# case_id=TC-2df9f5ad +# case_name=[OWASP-API5] POST /api/admin/teams — function-level authorization missing +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +POST {{base_url}}/api/admin/teams +Authorization: Bearer {{user_token}} + +HTTP 403 + diff --git a/cases/api_admin_teams_post_owasp_api6_mass_assignment_e17876cf.hurl b/cases/api_admin_teams_post_owasp_api6_mass_assignment_e17876cf.hurl new file mode 100644 index 0000000..d4e368c --- /dev/null +++ b/cases/api_admin_teams_post_owasp_api6_mass_assignment_e17876cf.hurl @@ -0,0 +1,28 @@ +# ── [OWASP-API6] POST /api/admin/teams — mass assignment ── +# case_id=TC-e17876cf +# case_name=[OWASP-API6] POST /api/admin/teams — mass assignment +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "createdAt": "2000-01-01T00:00:00Z", + "description": "Prefer predictable government over surprising work.", + "displayName": "can", + "id": 99999, + "name": "Dane Bates", + "updatedAt": "2000-01-01T00:00:00Z" +} +``` + +HTTP 201 + +[Asserts] +jsonpath "$.id" != 99999 +jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" +jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" + diff --git a/cases/api_admin_teams_post_owasp_api7_injection_path_traversal_a1f1c968.hurl b/cases/api_admin_teams_post_owasp_api7_injection_path_traversal_a1f1c968.hurl new file mode 100644 index 0000000..8d55b56 --- /dev/null +++ b/cases/api_admin_teams_post_owasp_api7_injection_path_traversal_a1f1c968.hurl @@ -0,0 +1,18 @@ +# ── [OWASP-API7] POST /api/admin/teams — injection (path-traversal) ── +# case_id=TC-a1f1c968 +# case_name=[OWASP-API7] POST /api/admin/teams — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "../../../etc/passwd" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_post_owasp_api7_injection_sqli_3e99ea9b.hurl b/cases/api_admin_teams_post_owasp_api7_injection_sqli_3e99ea9b.hurl new file mode 100644 index 0000000..957af36 --- /dev/null +++ b/cases/api_admin_teams_post_owasp_api7_injection_sqli_3e99ea9b.hurl @@ -0,0 +1,18 @@ +# ── [OWASP-API7] POST /api/admin/teams — injection (sqli) ── +# case_id=TC-3e99ea9b +# case_name=[OWASP-API7] POST /api/admin/teams — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "' OR 1=1--" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_post_owasp_api7_injection_xss_a582e336.hurl b/cases/api_admin_teams_post_owasp_api7_injection_xss_a582e336.hurl new file mode 100644 index 0000000..0b1ba85 --- /dev/null +++ b/cases/api_admin_teams_post_owasp_api7_injection_xss_a582e336.hurl @@ -0,0 +1,18 @@ +# ── [OWASP-API7] POST /api/admin/teams — injection (xss) ── +# case_id=TC-a582e336 +# case_name=[OWASP-API7] POST /api/admin/teams — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_post_required_omission_name_absent_7a6a3b1a.hurl b/cases/api_admin_teams_post_required_omission_name_absent_7a6a3b1a.hurl new file mode 100644 index 0000000..29e42b2 --- /dev/null +++ b/cases/api_admin_teams_post_required_omission_name_absent_7a6a3b1a.hurl @@ -0,0 +1,23 @@ +# ── POST /api/admin/teams - [required_omission] name absent ── +# case_id=TC-7a6a3b1a +# case_name=POST /api/admin/teams - [required_omission] name absent +# step_id=step-main +# step_type=test +# technique=required_omission +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Sample week at 11s intervals.", + "displayName": "annually" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_teams_post_schema_violation_name_missing_required_144ca893.hurl b/cases/api_admin_teams_post_schema_violation_name_missing_required_144ca893.hurl new file mode 100644 index 0000000..670dc7a --- /dev/null +++ b/cases/api_admin_teams_post_schema_violation_name_missing_required_144ca893.hurl @@ -0,0 +1,19 @@ +# ── POST /api/admin/teams - [schema_violation] name_missing_required ── +# case_id=TC-144ca893 +# case_name=POST /api/admin/teams - [schema_violation] name_missing_required +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Alert on person thresholds then.", + "displayName": "most" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_post_schema_violation_name_too_short_2d1be97b.hurl b/cases/api_admin_teams_post_schema_violation_name_too_short_2d1be97b.hurl new file mode 100644 index 0000000..1d1b43b --- /dev/null +++ b/cases/api_admin_teams_post_schema_violation_name_too_short_2d1be97b.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - [schema_violation] name_too_short ── +# case_id=TC-2d1be97b +# case_name=POST /api/admin/teams - [schema_violation] name_too_short +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Alert on person thresholds then.", + "displayName": "most", + "name": "" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_post_type_coercion_description_wrong_type_boolean_bf50b6f1.hurl b/cases/api_admin_teams_post_type_coercion_description_wrong_type_boolean_bf50b6f1.hurl new file mode 100644 index 0000000..b183cee --- /dev/null +++ b/cases/api_admin_teams_post_type_coercion_description_wrong_type_boolean_bf50b6f1.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - [type_coercion] description wrong_type_boolean ── +# case_id=TC-bf50b6f1 +# case_name=POST /api/admin/teams - [type_coercion] description wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": true, + "displayName": "yet", + "name": "Ardith Cole" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_post_type_coercion_description_wrong_type_integer_1aea557e.hurl b/cases/api_admin_teams_post_type_coercion_description_wrong_type_integer_1aea557e.hurl new file mode 100644 index 0000000..1d72f17 --- /dev/null +++ b/cases/api_admin_teams_post_type_coercion_description_wrong_type_integer_1aea557e.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - [type_coercion] description wrong_type_integer ── +# case_id=TC-1aea557e +# case_name=POST /api/admin/teams - [type_coercion] description wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": 123, + "displayName": "yet", + "name": "Ardith Cole" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_post_type_coercion_displayname_wrong_type_boolean_97c4c8ca.hurl b/cases/api_admin_teams_post_type_coercion_displayname_wrong_type_boolean_97c4c8ca.hurl new file mode 100644 index 0000000..3355aa3 --- /dev/null +++ b/cases/api_admin_teams_post_type_coercion_displayname_wrong_type_boolean_97c4c8ca.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - [type_coercion] displayName wrong_type_boolean ── +# case_id=TC-97c4c8ca +# case_name=POST /api/admin/teams - [type_coercion] displayName wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Map the happy path through part.", + "displayName": true, + "name": "Ardith Cole" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_post_type_coercion_displayname_wrong_type_integer_759d30e5.hurl b/cases/api_admin_teams_post_type_coercion_displayname_wrong_type_integer_759d30e5.hurl new file mode 100644 index 0000000..bbc24b4 --- /dev/null +++ b/cases/api_admin_teams_post_type_coercion_displayname_wrong_type_integer_759d30e5.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - [type_coercion] displayName wrong_type_integer ── +# case_id=TC-759d30e5 +# case_name=POST /api/admin/teams - [type_coercion] displayName wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Map the happy path through part.", + "displayName": 123, + "name": "Ardith Cole" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_post_type_coercion_name_wrong_type_boolean_b516cdc6.hurl b/cases/api_admin_teams_post_type_coercion_name_wrong_type_boolean_b516cdc6.hurl new file mode 100644 index 0000000..164b9d0 --- /dev/null +++ b/cases/api_admin_teams_post_type_coercion_name_wrong_type_boolean_b516cdc6.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - [type_coercion] name wrong_type_boolean ── +# case_id=TC-b516cdc6 +# case_name=POST /api/admin/teams - [type_coercion] name wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Map the happy path through part.", + "displayName": "yet", + "name": true +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_post_type_coercion_name_wrong_type_integer_05c0d231.hurl b/cases/api_admin_teams_post_type_coercion_name_wrong_type_integer_05c0d231.hurl new file mode 100644 index 0000000..5e97c67 --- /dev/null +++ b/cases/api_admin_teams_post_type_coercion_name_wrong_type_integer_05c0d231.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - [type_coercion] name wrong_type_integer ── +# case_id=TC-05c0d231 +# case_name=POST /api/admin/teams - [type_coercion] name wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Map the happy path through part.", + "displayName": "yet", + "name": 123 +} +``` + +HTTP 422 + diff --git a/cases/api_admin_teams_post_unicode_fuzzing_description_bidi_override_d96ca637.hurl b/cases/api_admin_teams_post_unicode_fuzzing_description_bidi_override_d96ca637.hurl new file mode 100644 index 0000000..449e958 --- /dev/null +++ b/cases/api_admin_teams_post_unicode_fuzzing_description_bidi_override_d96ca637.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - [unicode_fuzzing] description bidi_override ── +# case_id=TC-d96ca637 +# case_name=POST /api/admin/teams - [unicode_fuzzing] description bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "‮hello", + "displayName": "example", + "name": "Thomas Castillo" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_post_unicode_fuzzing_description_control_char_8656dd0b.hurl b/cases/api_admin_teams_post_unicode_fuzzing_description_control_char_8656dd0b.hurl new file mode 100644 index 0000000..6755807 --- /dev/null +++ b/cases/api_admin_teams_post_unicode_fuzzing_description_control_char_8656dd0b.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - [unicode_fuzzing] description control_char ── +# case_id=TC-8656dd0b +# case_name=POST /api/admin/teams - [unicode_fuzzing] description control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "hello\u0000world", + "displayName": "example", + "name": "Thomas Castillo" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_post_unicode_fuzzing_description_overlong_432c6afa.hurl b/cases/api_admin_teams_post_unicode_fuzzing_description_overlong_432c6afa.hurl new file mode 100644 index 0000000..1cc92d7 --- /dev/null +++ b/cases/api_admin_teams_post_unicode_fuzzing_description_overlong_432c6afa.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - [unicode_fuzzing] description overlong ── +# case_id=TC-432c6afa +# case_name=POST /api/admin/teams - [unicode_fuzzing] description overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "displayName": "example", + "name": "Thomas Castillo" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_post_unicode_fuzzing_description_zalgo_760794e2.hurl b/cases/api_admin_teams_post_unicode_fuzzing_description_zalgo_760794e2.hurl new file mode 100644 index 0000000..d9ca2dd --- /dev/null +++ b/cases/api_admin_teams_post_unicode_fuzzing_description_zalgo_760794e2.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - [unicode_fuzzing] description zalgo ── +# case_id=TC-760794e2 +# case_name=POST /api/admin/teams - [unicode_fuzzing] description zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "z̀́̂̃̄̅̆̇a", + "displayName": "example", + "name": "Thomas Castillo" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_post_unicode_fuzzing_description_zero_width_5161dc9c.hurl b/cases/api_admin_teams_post_unicode_fuzzing_description_zero_width_5161dc9c.hurl new file mode 100644 index 0000000..73b7b02 --- /dev/null +++ b/cases/api_admin_teams_post_unicode_fuzzing_description_zero_width_5161dc9c.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - [unicode_fuzzing] description zero_width ── +# case_id=TC-5161dc9c +# case_name=POST /api/admin/teams - [unicode_fuzzing] description zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "​hello", + "displayName": "example", + "name": "Thomas Castillo" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_post_unicode_fuzzing_displayname_bidi_override_693c8224.hurl b/cases/api_admin_teams_post_unicode_fuzzing_displayname_bidi_override_693c8224.hurl new file mode 100644 index 0000000..a3c3e0b --- /dev/null +++ b/cases/api_admin_teams_post_unicode_fuzzing_displayname_bidi_override_693c8224.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - [unicode_fuzzing] displayName bidi_override ── +# case_id=TC-693c8224 +# case_name=POST /api/admin/teams - [unicode_fuzzing] displayName bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Review the woman every 2 weeks.", + "displayName": "‮hello", + "name": "Thomas Castillo" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_post_unicode_fuzzing_displayname_control_char_7ead4ab7.hurl b/cases/api_admin_teams_post_unicode_fuzzing_displayname_control_char_7ead4ab7.hurl new file mode 100644 index 0000000..48e9fa4 --- /dev/null +++ b/cases/api_admin_teams_post_unicode_fuzzing_displayname_control_char_7ead4ab7.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - [unicode_fuzzing] displayName control_char ── +# case_id=TC-7ead4ab7 +# case_name=POST /api/admin/teams - [unicode_fuzzing] displayName control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Review the woman every 2 weeks.", + "displayName": "hello\u0000world", + "name": "Thomas Castillo" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_post_unicode_fuzzing_displayname_overlong_3d12d252.hurl b/cases/api_admin_teams_post_unicode_fuzzing_displayname_overlong_3d12d252.hurl new file mode 100644 index 0000000..b40c8be --- /dev/null +++ b/cases/api_admin_teams_post_unicode_fuzzing_displayname_overlong_3d12d252.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - [unicode_fuzzing] displayName overlong ── +# case_id=TC-3d12d252 +# case_name=POST /api/admin/teams - [unicode_fuzzing] displayName overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Review the woman every 2 weeks.", + "displayName": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "name": "Thomas Castillo" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_post_unicode_fuzzing_displayname_zalgo_6474b9c1.hurl b/cases/api_admin_teams_post_unicode_fuzzing_displayname_zalgo_6474b9c1.hurl new file mode 100644 index 0000000..bf3a1ad --- /dev/null +++ b/cases/api_admin_teams_post_unicode_fuzzing_displayname_zalgo_6474b9c1.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - [unicode_fuzzing] displayName zalgo ── +# case_id=TC-6474b9c1 +# case_name=POST /api/admin/teams - [unicode_fuzzing] displayName zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Review the woman every 2 weeks.", + "displayName": "z̀́̂̃̄̅̆̇a", + "name": "Thomas Castillo" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_post_unicode_fuzzing_displayname_zero_width_8b028ce1.hurl b/cases/api_admin_teams_post_unicode_fuzzing_displayname_zero_width_8b028ce1.hurl new file mode 100644 index 0000000..8cb7aa4 --- /dev/null +++ b/cases/api_admin_teams_post_unicode_fuzzing_displayname_zero_width_8b028ce1.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - [unicode_fuzzing] displayName zero_width ── +# case_id=TC-8b028ce1 +# case_name=POST /api/admin/teams - [unicode_fuzzing] displayName zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Review the woman every 2 weeks.", + "displayName": "​hello", + "name": "Thomas Castillo" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_post_unicode_fuzzing_name_bidi_override_19447855.hurl b/cases/api_admin_teams_post_unicode_fuzzing_name_bidi_override_19447855.hurl new file mode 100644 index 0000000..b212481 --- /dev/null +++ b/cases/api_admin_teams_post_unicode_fuzzing_name_bidi_override_19447855.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - [unicode_fuzzing] name bidi_override ── +# case_id=TC-19447855 +# case_name=POST /api/admin/teams - [unicode_fuzzing] name bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Review the woman every 2 weeks.", + "displayName": "example", + "name": "‮hello" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_post_unicode_fuzzing_name_control_char_4e8b3875.hurl b/cases/api_admin_teams_post_unicode_fuzzing_name_control_char_4e8b3875.hurl new file mode 100644 index 0000000..ad5cf22 --- /dev/null +++ b/cases/api_admin_teams_post_unicode_fuzzing_name_control_char_4e8b3875.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - [unicode_fuzzing] name control_char ── +# case_id=TC-4e8b3875 +# case_name=POST /api/admin/teams - [unicode_fuzzing] name control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Review the woman every 2 weeks.", + "displayName": "example", + "name": "hello\u0000world" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_post_unicode_fuzzing_name_overlong_ee78ddc5.hurl b/cases/api_admin_teams_post_unicode_fuzzing_name_overlong_ee78ddc5.hurl new file mode 100644 index 0000000..9f97995 --- /dev/null +++ b/cases/api_admin_teams_post_unicode_fuzzing_name_overlong_ee78ddc5.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - [unicode_fuzzing] name overlong ── +# case_id=TC-ee78ddc5 +# case_name=POST /api/admin/teams - [unicode_fuzzing] name overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Review the woman every 2 weeks.", + "displayName": "example", + "name": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_post_unicode_fuzzing_name_zalgo_b42d8584.hurl b/cases/api_admin_teams_post_unicode_fuzzing_name_zalgo_b42d8584.hurl new file mode 100644 index 0000000..103009e --- /dev/null +++ b/cases/api_admin_teams_post_unicode_fuzzing_name_zalgo_b42d8584.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - [unicode_fuzzing] name zalgo ── +# case_id=TC-b42d8584 +# case_name=POST /api/admin/teams - [unicode_fuzzing] name zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Review the woman every 2 weeks.", + "displayName": "example", + "name": "z̀́̂̃̄̅̆̇a" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_post_unicode_fuzzing_name_zero_width_76a6b2ca.hurl b/cases/api_admin_teams_post_unicode_fuzzing_name_zero_width_76a6b2ca.hurl new file mode 100644 index 0000000..d3f1838 --- /dev/null +++ b/cases/api_admin_teams_post_unicode_fuzzing_name_zero_width_76a6b2ca.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - [unicode_fuzzing] name zero_width ── +# case_id=TC-76a6b2ca +# case_name=POST /api/admin/teams - [unicode_fuzzing] name zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Review the woman every 2 weeks.", + "displayName": "example", + "name": "​hello" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_teams_post_valid_request_with_all_required_fields_17f73440.hurl b/cases/api_admin_teams_post_valid_request_with_all_required_fields_17f73440.hurl new file mode 100644 index 0000000..66f3b9e --- /dev/null +++ b/cases/api_admin_teams_post_valid_request_with_all_required_fields_17f73440.hurl @@ -0,0 +1,30 @@ +# ── POST /api/admin/teams - valid request with all required fields ── +# case_id=TC-17f73440 +# case_name=POST /api/admin/teams - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Explicitly name the year before you enlist it.", + "displayName": "downstairs", + "name": "Amie Paul" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.isDefault" exists +jsonpath "$.isDeletable" exists +jsonpath "$.name" exists +jsonpath "$.createdAt" exists +jsonpath "$.description" exists +jsonpath "$.displayName" exists +jsonpath "$.id" exists + diff --git a/cases/api_admin_teams_post_wrong_content_type_text_plain_bd5b4e9e.hurl b/cases/api_admin_teams_post_wrong_content_type_text_plain_bd5b4e9e.hurl new file mode 100644 index 0000000..76fc873 --- /dev/null +++ b/cases/api_admin_teams_post_wrong_content_type_text_plain_bd5b4e9e.hurl @@ -0,0 +1,20 @@ +# ── POST /api/admin/teams - wrong content-type (text/plain) ── +# case_id=TC-bd5b4e9e +# case_name=POST /api/admin/teams - wrong content-type (text/plain) +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/admin/teams +Content-Type: text/plain +```json +{ + "description": "Explicitly name the person before you wrap it.", + "displayName": "should", + "name": "Chloe Oliver" +} +``` + +HTTP 415 + diff --git a/cases/api_admin_teams_sequence_chain_delete_api_admin_grants_id_70b060a1.hurl b/cases/api_admin_teams_sequence_chain_delete_api_admin_grants_id_70b060a1.hurl new file mode 100644 index 0000000..1c29620 --- /dev/null +++ b/cases/api_admin_teams_sequence_chain_delete_api_admin_grants_id_70b060a1.hurl @@ -0,0 +1,44 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/teams → DELETE /api/admin/grants/{id} +# case_id=TC-70b060a1 +# case_name=sequence chain: /api/admin/teams → DELETE /api/admin/grants/{id} +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/teams [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/teams + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Ours child be ready for irritation.", + "displayName": "daily", + "name": "Cordell Marshall" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via DELETE /api/admin/grants/{id} [test] ── +# step_id=step-test +# step_type=test +# title=use via DELETE /api/admin/grants/{id} +# depends_on=step-setup + +DELETE {{base_url}}/api/admin/grants/{{id}} + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_teams_sequence_chain_delete_api_admin_users_id_f0f67b06.hurl b/cases/api_admin_teams_sequence_chain_delete_api_admin_users_id_f0f67b06.hurl new file mode 100644 index 0000000..c2a6801 --- /dev/null +++ b/cases/api_admin_teams_sequence_chain_delete_api_admin_users_id_f0f67b06.hurl @@ -0,0 +1,44 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/teams → DELETE /api/admin/users/{id} +# case_id=TC-f0f67b06 +# case_name=sequence chain: /api/admin/teams → DELETE /api/admin/users/{id} +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/teams [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/teams + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Invite review for the group in Birmingham.", + "displayName": "eventually", + "name": "Robyn Williams" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via DELETE /api/admin/users/{id} [test] ── +# step_id=step-test +# step_type=test +# title=use via DELETE /api/admin/users/{id} +# depends_on=step-setup + +DELETE {{base_url}}/api/admin/users/{{id}} + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_grants_6aeda09f.hurl b/cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_grants_6aeda09f.hurl new file mode 100644 index 0000000..491aca1 --- /dev/null +++ b/cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_grants_6aeda09f.hurl @@ -0,0 +1,44 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/teams → GET /api/admin/teams/{id}/grants +# case_id=TC-6aeda09f +# case_name=sequence chain: /api/admin/teams → GET /api/admin/teams/{id}/grants +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/teams [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/teams + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "They ski patiently to stabilize the year.", + "displayName": "fiercely", + "name": "Cassandra Robbins" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via GET /api/admin/teams/{id}/grants [test] ── +# step_id=step-test +# step_type=test +# title=use via GET /api/admin/teams/{id}/grants +# depends_on=step-setup + +GET {{base_url}}/api/admin/teams/{{id}}/grants + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_members_0cb6ef87.hurl b/cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_members_0cb6ef87.hurl new file mode 100644 index 0000000..02479c0 --- /dev/null +++ b/cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_members_0cb6ef87.hurl @@ -0,0 +1,44 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/teams → GET /api/admin/teams/{id}/members +# case_id=TC-0cb6ef87 +# case_name=sequence chain: /api/admin/teams → GET /api/admin/teams/{id}/members +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/teams [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/teams + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Mind the hand, then celebrate!", + "displayName": "ride", + "name": "Dolores Grady" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via GET /api/admin/teams/{id}/members [test] ── +# step_id=step-test +# step_type=test +# title=use via GET /api/admin/teams/{id}/members +# depends_on=step-setup + +GET {{base_url}}/api/admin/teams/{{id}}/members + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_services_3642a068.hurl b/cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_services_3642a068.hurl new file mode 100644 index 0000000..dff1e62 --- /dev/null +++ b/cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_services_3642a068.hurl @@ -0,0 +1,44 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/teams → GET /api/admin/teams/{id}/services +# case_id=TC-3642a068 +# case_name=sequence chain: /api/admin/teams → GET /api/admin/teams/{id}/services +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/teams [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/teams + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Track problem over time weekly.", + "displayName": "of", + "name": "Owen Perez" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via GET /api/admin/teams/{id}/services [test] ── +# step_id=step-test +# step_type=test +# title=use via GET /api/admin/teams/{id}/services +# depends_on=step-setup + +GET {{base_url}}/api/admin/teams/{{id}}/services + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_teams_sequence_chain_post_api_admin_teams_id_grants_1b66938a.hurl b/cases/api_admin_teams_sequence_chain_post_api_admin_teams_id_grants_1b66938a.hurl new file mode 100644 index 0000000..3fbe3eb --- /dev/null +++ b/cases/api_admin_teams_sequence_chain_post_api_admin_teams_id_grants_1b66938a.hurl @@ -0,0 +1,56 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/teams → POST /api/admin/teams/{id}/grants +# case_id=TC-1b66938a +# case_name=sequence chain: /api/admin/teams → POST /api/admin/teams/{id}/grants +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/teams [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/teams + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Evenings in Oakland invite quieter man.", + "displayName": "which", + "name": "Clifton Shields" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via POST /api/admin/teams/{id}/grants [test] ── +# step_id=step-test +# step_type=test +# title=use via POST /api/admin/teams/{id}/grants +# depends_on=step-setup + +POST {{base_url}}/api/admin/teams/{{id}}/grants +Content-Type: application/json +```json +{ + "branches": [ + "it" + ], + "expiresAt": "2001-12-10T08:50:19Z", + "granteeTeamId": "722fd61c-8b80-44f6-9e81-c9c8550ab73d", + "granteeUserId": "a1efd1eb-3a36-4f78-85fb-7edd1d4af481", + "serviceId": "2a7ed0b1-582d-4271-9b40-91828aded5f0" +} +``` + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_teams_sequence_chain_post_api_admin_teams_id_members_210690e6.hurl b/cases/api_admin_teams_sequence_chain_post_api_admin_teams_id_members_210690e6.hurl new file mode 100644 index 0000000..8a0ee99 --- /dev/null +++ b/cases/api_admin_teams_sequence_chain_post_api_admin_teams_id_members_210690e6.hurl @@ -0,0 +1,51 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/teams → POST /api/admin/teams/{id}/members +# case_id=TC-210690e6 +# case_name=sequence chain: /api/admin/teams → POST /api/admin/teams/{id}/members +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/teams [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/teams + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Weekends reserve time for Animation and fact.", + "displayName": "today", + "name": "Jeffrey Lyons" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via POST /api/admin/teams/{id}/members [test] ── +# step_id=step-test +# step_type=test +# title=use via POST /api/admin/teams/{id}/members +# depends_on=step-setup + +POST {{base_url}}/api/admin/teams/{{id}}/members +Content-Type: application/json +```json +{ + "role": "owner", + "userId": "45f53f9f-487d-4010-8fff-c2d438433278" +} +``` + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_teams_sequence_chain_put_api_admin_services_serviceid_team_8cbdf061.hurl b/cases/api_admin_teams_sequence_chain_put_api_admin_services_serviceid_team_8cbdf061.hurl new file mode 100644 index 0000000..be2149e --- /dev/null +++ b/cases/api_admin_teams_sequence_chain_put_api_admin_services_serviceid_team_8cbdf061.hurl @@ -0,0 +1,50 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/teams → PUT /api/admin/services/{serviceId}/team +# case_id=TC-8cbdf061 +# case_name=sequence chain: /api/admin/teams → PUT /api/admin/services/{serviceId}/team +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/teams [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/teams + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Optimize company for light clarity.", + "displayName": "many", + "name": "Christina Patterson" +} +``` + +HTTP * + +[Captures] +serviceId: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via PUT /api/admin/services/{serviceId}/team [test] ── +# step_id=step-test +# step_type=test +# title=use via PUT /api/admin/services/{serviceId}/team +# depends_on=step-setup + +PUT {{base_url}}/api/admin/services/{{serviceId}}/team +Content-Type: application/json +```json +{ + "teamId": "40d2db88-109b-49a0-8983-e2740333822a" +} +``` + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_teams_sequence_chain_put_api_admin_users_id_2d5ea99d.hurl b/cases/api_admin_teams_sequence_chain_put_api_admin_users_id_2d5ea99d.hurl new file mode 100644 index 0000000..6b07181 --- /dev/null +++ b/cases/api_admin_teams_sequence_chain_put_api_admin_users_id_2d5ea99d.hurl @@ -0,0 +1,51 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/teams → PUT /api/admin/users/{id} +# case_id=TC-2d5ea99d +# case_name=sequence chain: /api/admin/teams → PUT /api/admin/users/{id} +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/teams [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/teams + +POST {{base_url}}/api/admin/teams +Content-Type: application/json +```json +{ + "description": "Stage number behind feature flags.", + "displayName": "sew", + "name": "Stanley Purdy" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via PUT /api/admin/users/{id} [test] ── +# step_id=step-test +# step_type=test +# title=use via PUT /api/admin/users/{id} +# depends_on=step-setup + +PUT {{base_url}}/api/admin/users/{{id}} +Content-Type: application/json +```json +{ + "isActive": false, + "role": "super_admin" +} +``` + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_users_get_auth_chain_e4ef12fa.hurl b/cases/api_admin_users_get_auth_chain_e4ef12fa.hurl new file mode 100644 index 0000000..da20d31 --- /dev/null +++ b/cases/api_admin_users_get_auth_chain_e4ef12fa.hurl @@ -0,0 +1,44 @@ +# ══════════════════════════════════════════════════ +# auth chain: GET /api/admin/users +# case_id=TC-e4ef12fa +# case_name=auth chain: GET /api/admin/users +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── authenticate via POST /api/tokens [setup] ── +# step_id=step-auth +# step_type=setup +# title=authenticate via POST /api/tokens + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Jakob Jensen", + "scope": "write" +} +``` + +HTTP * + +[Captures] +authToken: jsonpath "$.token" + +[Asserts] +status < 300 + +# ── GET /api/admin/users with auth token [test] ── +# step_id=step-test +# step_type=test +# title=GET /api/admin/users with auth token +# depends_on=step-auth + +GET {{base_url}}/api/admin/users +Authorization: Bearer {{authToken}} + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_users_get_owasp_api2_broken_authentication_aaffe36c.hurl b/cases/api_admin_users_get_owasp_api2_broken_authentication_aaffe36c.hurl new file mode 100644 index 0000000..71f0d88 --- /dev/null +++ b/cases/api_admin_users_get_owasp_api2_broken_authentication_aaffe36c.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] GET /api/admin/users — broken authentication ── +# case_id=TC-aaffe36c +# case_name=[OWASP-API2] GET /api/admin/users — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/admin/users + +HTTP 401 + diff --git a/cases/api_admin_users_get_owasp_api5_function_level_authorization_missing_3724bb26.hurl b/cases/api_admin_users_get_owasp_api5_function_level_authorization_missing_3724bb26.hurl new file mode 100644 index 0000000..c263b3f --- /dev/null +++ b/cases/api_admin_users_get_owasp_api5_function_level_authorization_missing_3724bb26.hurl @@ -0,0 +1,13 @@ +# ── [OWASP-API5] GET /api/admin/users — function-level authorization missing ── +# case_id=TC-3724bb26 +# case_name=[OWASP-API5] GET /api/admin/users — function-level authorization missing +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +GET {{base_url}}/api/admin/users +Authorization: Bearer {{user_token}} + +HTTP 403 + diff --git a/cases/api_admin_users_get_valid_request_with_all_required_fields_e7fb82c9.hurl b/cases/api_admin_users_get_valid_request_with_all_required_fields_e7fb82c9.hurl new file mode 100644 index 0000000..1c82d4f --- /dev/null +++ b/cases/api_admin_users_get_valid_request_with_all_required_fields_e7fb82c9.hurl @@ -0,0 +1,16 @@ +# ── GET /api/admin/users - valid request with all required fields ── +# case_id=TC-e7fb82c9 +# case_name=GET /api/admin/users - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +GET {{base_url}}/api/admin/users + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.users" exists + diff --git a/cases/api_admin_users_id_delete_idempotent_second_call_must_be_safe_380dcf78.hurl b/cases/api_admin_users_id_delete_idempotent_second_call_must_be_safe_380dcf78.hurl new file mode 100644 index 0000000..858736b --- /dev/null +++ b/cases/api_admin_users_id_delete_idempotent_second_call_must_be_safe_380dcf78.hurl @@ -0,0 +1,33 @@ +# ══════════════════════════════════════════════════ +# DELETE /api/admin/users/{id} - idempotent: second call must be safe +# case_id=TC-380dcf78 +# case_name=DELETE /api/admin/users/{id} - idempotent: second call must be safe +# case_kind=chain +# priority=P2 +# ══════════════════════════════════════════════════ + +# ── DELETE /api/admin/users/{id} — first call [setup] ── +# step_id=step-setup +# step_type=setup +# title=DELETE /api/admin/users/{id} — first call + +DELETE {{base_url}}/api/admin/users/{id} + +HTTP 200 + +[Asserts] +duration < 2000 + +# ── DELETE /api/admin/users/{id} — identical second call must be safe [test] ── +# step_id=step-test +# step_type=test +# title=DELETE /api/admin/users/{id} — identical second call must be safe +# depends_on=step-setup + +DELETE {{base_url}}/api/admin/users/{id} + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_users_id_delete_idor_id_0_zero_id_f8eac138.hurl b/cases/api_admin_users_id_delete_idor_id_0_zero_id_f8eac138.hurl new file mode 100644 index 0000000..cb17122 --- /dev/null +++ b/cases/api_admin_users_id_delete_idor_id_0_zero_id_f8eac138.hurl @@ -0,0 +1,16 @@ +# ── DELETE /api/admin/users/{id} - IDOR id=0 (zero_id) ── +# case_id=TC-f8eac138 +# case_name=DELETE /api/admin/users/{id} - IDOR id=0 (zero_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +DELETE {{base_url}}/api/admin/users/0 + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_users_id_delete_idor_id_99999_alt_id_f53c958f.hurl b/cases/api_admin_users_id_delete_idor_id_99999_alt_id_f53c958f.hurl new file mode 100644 index 0000000..eef2278 --- /dev/null +++ b/cases/api_admin_users_id_delete_idor_id_99999_alt_id_f53c958f.hurl @@ -0,0 +1,16 @@ +# ── DELETE /api/admin/users/{id} - IDOR id=99999 (alt_id) ── +# case_id=TC-f53c958f +# case_name=DELETE /api/admin/users/{id} - IDOR id=99999 (alt_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +DELETE {{base_url}}/api/admin/users/99999 + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_users_id_delete_missing_required_param_id_abfeb37c.hurl b/cases/api_admin_users_id_delete_missing_required_param_id_abfeb37c.hurl new file mode 100644 index 0000000..2f64d33 --- /dev/null +++ b/cases/api_admin_users_id_delete_missing_required_param_id_abfeb37c.hurl @@ -0,0 +1,12 @@ +# ── DELETE /api/admin/users/{id} - missing required param "id" ── +# case_id=TC-abfeb37c +# case_name=DELETE /api/admin/users/{id} - missing required param "id" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +DELETE {{base_url}}/api/admin/users/1 + +HTTP 422 + diff --git a/cases/api_admin_users_id_delete_owasp_api1_bola_unauthorized_access_073a78a5.hurl b/cases/api_admin_users_id_delete_owasp_api1_bola_unauthorized_access_073a78a5.hurl new file mode 100644 index 0000000..bb549c8 --- /dev/null +++ b/cases/api_admin_users_id_delete_owasp_api1_bola_unauthorized_access_073a78a5.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API1] DELETE /api/admin/users/{id} — BOLA unauthorized access ── +# case_id=TC-073a78a5 +# case_name=[OWASP-API1] DELETE /api/admin/users/{id} — BOLA unauthorized access +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/users/{{other_resource_id}} + +HTTP 403 + diff --git a/cases/api_admin_users_id_delete_owasp_api2_broken_authentication_5cc69e63.hurl b/cases/api_admin_users_id_delete_owasp_api2_broken_authentication_5cc69e63.hurl new file mode 100644 index 0000000..a0e4871 --- /dev/null +++ b/cases/api_admin_users_id_delete_owasp_api2_broken_authentication_5cc69e63.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] DELETE /api/admin/users/{id} — broken authentication ── +# case_id=TC-5cc69e63 +# case_name=[OWASP-API2] DELETE /api/admin/users/{id} — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/users/{id} + +HTTP 401 + diff --git a/cases/api_admin_users_id_delete_owasp_api5_function_level_authorization_missing_4c861285.hurl b/cases/api_admin_users_id_delete_owasp_api5_function_level_authorization_missing_4c861285.hurl new file mode 100644 index 0000000..91e139e --- /dev/null +++ b/cases/api_admin_users_id_delete_owasp_api5_function_level_authorization_missing_4c861285.hurl @@ -0,0 +1,13 @@ +# ── [OWASP-API5] DELETE /api/admin/users/{id} — function-level authorization missing ── +# case_id=TC-4c861285 +# case_name=[OWASP-API5] DELETE /api/admin/users/{id} — function-level authorization missing +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +DELETE {{base_url}}/api/admin/users/{id} +Authorization: Bearer {{user_token}} + +HTTP 403 + diff --git a/cases/api_admin_users_id_delete_owasp_api7_injection_path_traversal_9a54d420.hurl b/cases/api_admin_users_id_delete_owasp_api7_injection_path_traversal_9a54d420.hurl new file mode 100644 index 0000000..db4ad2b --- /dev/null +++ b/cases/api_admin_users_id_delete_owasp_api7_injection_path_traversal_9a54d420.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] DELETE /api/admin/users/{id} — injection (path-traversal) ── +# case_id=TC-9a54d420 +# case_name=[OWASP-API7] DELETE /api/admin/users/{id} — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/users/..%2F..%2F..%2Fetc%2Fpasswd +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_users_id_delete_owasp_api7_injection_sqli_35704eb4.hurl b/cases/api_admin_users_id_delete_owasp_api7_injection_sqli_35704eb4.hurl new file mode 100644 index 0000000..0a045e8 --- /dev/null +++ b/cases/api_admin_users_id_delete_owasp_api7_injection_sqli_35704eb4.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] DELETE /api/admin/users/{id} — injection (sqli) ── +# case_id=TC-35704eb4 +# case_name=[OWASP-API7] DELETE /api/admin/users/{id} — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/users/%27%20OR%201=1-- +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_users_id_delete_owasp_api7_injection_xss_ae1228c7.hurl b/cases/api_admin_users_id_delete_owasp_api7_injection_xss_ae1228c7.hurl new file mode 100644 index 0000000..a0d26d7 --- /dev/null +++ b/cases/api_admin_users_id_delete_owasp_api7_injection_xss_ae1228c7.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] DELETE /api/admin/users/{id} — injection (xss) ── +# case_id=TC-ae1228c7 +# case_name=[OWASP-API7] DELETE /api/admin/users/{id} — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/users/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_users_id_delete_valid_request_with_all_required_fields_fd2d7e20.hurl b/cases/api_admin_users_id_delete_valid_request_with_all_required_fields_fd2d7e20.hurl new file mode 100644 index 0000000..f65ceba --- /dev/null +++ b/cases/api_admin_users_id_delete_valid_request_with_all_required_fields_fd2d7e20.hurl @@ -0,0 +1,16 @@ +# ── DELETE /api/admin/users/{id} - valid request with all required fields ── +# case_id=TC-fd2d7e20 +# case_name=DELETE /api/admin/users/{id} - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +DELETE {{base_url}}/api/admin/users/{id} + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.ok" exists + diff --git a/cases/api_admin_users_id_options_owasp_api8_cors_security_configuration_e0b5b44a.hurl b/cases/api_admin_users_id_options_owasp_api8_cors_security_configuration_e0b5b44a.hurl new file mode 100644 index 0000000..3041b34 --- /dev/null +++ b/cases/api_admin_users_id_options_owasp_api8_cors_security_configuration_e0b5b44a.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/admin/users/{id} — CORS security configuration ── +# case_id=TC-e0b5b44a +# case_name=[OWASP-API8] OPTIONS /api/admin/users/{id} — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/admin/users/{id} +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_admin_users_id_put_idempotent_second_call_must_be_safe_383d2878.hurl b/cases/api_admin_users_id_put_idempotent_second_call_must_be_safe_383d2878.hurl new file mode 100644 index 0000000..ce8253a --- /dev/null +++ b/cases/api_admin_users_id_put_idempotent_second_call_must_be_safe_383d2878.hurl @@ -0,0 +1,47 @@ +# ══════════════════════════════════════════════════ +# PUT /api/admin/users/{id} - idempotent: second call must be safe +# case_id=TC-383d2878 +# case_name=PUT /api/admin/users/{id} - idempotent: second call must be safe +# case_kind=chain +# priority=P2 +# ══════════════════════════════════════════════════ + +# ── PUT /api/admin/users/{id} — first call [setup] ── +# step_id=step-setup +# step_type=setup +# title=PUT /api/admin/users/{id} — first call + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": false, + "role": "team_owner" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + +# ── PUT /api/admin/users/{id} — identical second call must be safe [test] ── +# step_id=step-test +# step_type=test +# title=PUT /api/admin/users/{id} — identical second call must be safe +# depends_on=step-setup + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": false, + "role": "team_owner" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_users_id_put_idor_id_0_zero_id_1420839c.hurl b/cases/api_admin_users_id_put_idor_id_0_zero_id_1420839c.hurl new file mode 100644 index 0000000..174d5f8 --- /dev/null +++ b/cases/api_admin_users_id_put_idor_id_0_zero_id_1420839c.hurl @@ -0,0 +1,16 @@ +# ── PUT /api/admin/users/{id} - IDOR id=0 (zero_id) ── +# case_id=TC-1420839c +# case_name=PUT /api/admin/users/{id} - IDOR id=0 (zero_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +PUT {{base_url}}/api/admin/users/0 + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_users_id_put_idor_id_99999_alt_id_b306fbb7.hurl b/cases/api_admin_users_id_put_idor_id_99999_alt_id_b306fbb7.hurl new file mode 100644 index 0000000..8982860 --- /dev/null +++ b/cases/api_admin_users_id_put_idor_id_99999_alt_id_b306fbb7.hurl @@ -0,0 +1,16 @@ +# ── PUT /api/admin/users/{id} - IDOR id=99999 (alt_id) ── +# case_id=TC-b306fbb7 +# case_name=PUT /api/admin/users/{id} - IDOR id=99999 (alt_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +PUT {{base_url}}/api/admin/users/99999 + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_users_id_put_invalid_isactive_wrong_type_string_for_boolean_9a696767.hurl b/cases/api_admin_users_id_put_invalid_isactive_wrong_type_string_for_boolean_9a696767.hurl new file mode 100644 index 0000000..2a499de --- /dev/null +++ b/cases/api_admin_users_id_put_invalid_isactive_wrong_type_string_for_boolean_9a696767.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/users/{id} - invalid isActive: wrong type (string for boolean) ── +# case_id=TC-9a696767 +# case_name=PUT /api/admin/users/{id} - invalid isActive: wrong type (string for boolean) +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P2 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": "not_a_boolean", + "role": "super_admin" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_users_id_put_invalid_role_value_not_in_enum_be8b477d.hurl b/cases/api_admin_users_id_put_invalid_role_value_not_in_enum_be8b477d.hurl new file mode 100644 index 0000000..5f2fb8a --- /dev/null +++ b/cases/api_admin_users_id_put_invalid_role_value_not_in_enum_be8b477d.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/users/{id} - invalid role: value not in enum ── +# case_id=TC-be8b477d +# case_name=PUT /api/admin/users/{id} - invalid role: value not in enum +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P2 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": true, + "role": "__invalid_enum__" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_users_id_put_isactive_false_307b2101.hurl b/cases/api_admin_users_id_put_isactive_false_307b2101.hurl new file mode 100644 index 0000000..1ddcd12 --- /dev/null +++ b/cases/api_admin_users_id_put_isactive_false_307b2101.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/users/{id} - isActive = false ── +# case_id=TC-307b2101 +# case_name=PUT /api/admin/users/{id} - isActive = false +# step_id=step-main +# step_type=test +# technique=decision_table +# priority=P1 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": false, + "role": "team_member" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_users_id_put_isactive_true_920617a8.hurl b/cases/api_admin_users_id_put_isactive_true_920617a8.hurl new file mode 100644 index 0000000..e689f1e --- /dev/null +++ b/cases/api_admin_users_id_put_isactive_true_920617a8.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/users/{id} - isActive = true ── +# case_id=TC-920617a8 +# case_name=PUT /api/admin/users/{id} - isActive = true +# step_id=step-main +# step_type=test +# technique=decision_table +# priority=P1 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": true, + "role": "super_admin" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_users_id_put_mass_assignment_financial_probe_9e2cf67b.hurl b/cases/api_admin_users_id_put_mass_assignment_financial_probe_9e2cf67b.hurl new file mode 100644 index 0000000..55d8fae --- /dev/null +++ b/cases/api_admin_users_id_put_mass_assignment_financial_probe_9e2cf67b.hurl @@ -0,0 +1,23 @@ +# ── PUT /api/admin/users/{id} - [mass_assignment] financial probe ── +# case_id=TC-9e2cf67b +# case_name=PUT /api/admin/users/{id} - [mass_assignment] financial probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "balance": 1, + "credits": 1, + "discount": 0, + "isActive": true, + "price": 1, + "role": "super_admin" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_users_id_put_mass_assignment_identity_probe_4fb556e6.hurl b/cases/api_admin_users_id_put_mass_assignment_identity_probe_4fb556e6.hurl new file mode 100644 index 0000000..53016b2 --- /dev/null +++ b/cases/api_admin_users_id_put_mass_assignment_identity_probe_4fb556e6.hurl @@ -0,0 +1,23 @@ +# ── PUT /api/admin/users/{id} - [mass_assignment] identity probe ── +# case_id=TC-4fb556e6 +# case_name=PUT /api/admin/users/{id} - [mass_assignment] identity probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "createdBy": "__probe__", + "isActive": true, + "ownerId": "__probe__", + "role": "super_admin", + "userId": "__probe__", + "user_id": "__probe__" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_users_id_put_mass_assignment_privilege_probe_a6a6cd31.hurl b/cases/api_admin_users_id_put_mass_assignment_privilege_probe_a6a6cd31.hurl new file mode 100644 index 0000000..dd3d9c1 --- /dev/null +++ b/cases/api_admin_users_id_put_mass_assignment_privilege_probe_a6a6cd31.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/users/{id} - [mass_assignment] privilege probe ── +# case_id=TC-a6a6cd31 +# case_name=PUT /api/admin/users/{id} - [mass_assignment] privilege probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "admin": true, + "isActive": true, + "isAdmin": true, + "is_admin": true, + "role": "__probe__" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_users_id_put_mass_assignment_status_probe_1054f864.hurl b/cases/api_admin_users_id_put_mass_assignment_status_probe_1054f864.hurl new file mode 100644 index 0000000..d4c4a06 --- /dev/null +++ b/cases/api_admin_users_id_put_mass_assignment_status_probe_1054f864.hurl @@ -0,0 +1,23 @@ +# ── PUT /api/admin/users/{id} - [mass_assignment] status probe ── +# case_id=TC-1054f864 +# case_name=PUT /api/admin/users/{id} - [mass_assignment] status probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "approved": true, + "banned": false, + "disabled": false, + "isActive": true, + "role": "super_admin", + "verified": true +} +``` + +HTTP 400 + diff --git a/cases/api_admin_users_id_put_missing_required_param_id_fe77f880.hurl b/cases/api_admin_users_id_put_missing_required_param_id_fe77f880.hurl new file mode 100644 index 0000000..bfe5316 --- /dev/null +++ b/cases/api_admin_users_id_put_missing_required_param_id_fe77f880.hurl @@ -0,0 +1,12 @@ +# ── PUT /api/admin/users/{id} - missing required param "id" ── +# case_id=TC-fe77f880 +# case_name=PUT /api/admin/users/{id} - missing required param "id" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +PUT {{base_url}}/api/admin/users/1 + +HTTP 422 + diff --git a/cases/api_admin_users_id_put_mutation_isactive_integer_instead_of_boolean_56c3f6cc.hurl b/cases/api_admin_users_id_put_mutation_isactive_integer_instead_of_boolean_56c3f6cc.hurl new file mode 100644 index 0000000..0f3de0e --- /dev/null +++ b/cases/api_admin_users_id_put_mutation_isactive_integer_instead_of_boolean_56c3f6cc.hurl @@ -0,0 +1,23 @@ +# ── PUT /api/admin/users/{id} - mutation: isActive integer instead of boolean ── +# case_id=TC-56c3f6cc +# case_name=PUT /api/admin/users/{id} - mutation: isActive integer instead of boolean +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": 1, + "role": "super_admin" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_users_id_put_mutation_isactive_null_value_48706298.hurl b/cases/api_admin_users_id_put_mutation_isactive_null_value_48706298.hurl new file mode 100644 index 0000000..055b2b5 --- /dev/null +++ b/cases/api_admin_users_id_put_mutation_isactive_null_value_48706298.hurl @@ -0,0 +1,23 @@ +# ── PUT /api/admin/users/{id} - mutation: isActive null value ── +# case_id=TC-48706298 +# case_name=PUT /api/admin/users/{id} - mutation: isActive null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": null, + "role": "super_admin" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_users_id_put_mutation_isactive_string_instead_of_boolean_c83a8b69.hurl b/cases/api_admin_users_id_put_mutation_isactive_string_instead_of_boolean_c83a8b69.hurl new file mode 100644 index 0000000..ea4b56f --- /dev/null +++ b/cases/api_admin_users_id_put_mutation_isactive_string_instead_of_boolean_c83a8b69.hurl @@ -0,0 +1,23 @@ +# ── PUT /api/admin/users/{id} - mutation: isActive string instead of boolean ── +# case_id=TC-c83a8b69 +# case_name=PUT /api/admin/users/{id} - mutation: isActive string instead of boolean +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": "yes", + "role": "super_admin" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_users_id_put_mutation_role_empty_string_f4802a98.hurl b/cases/api_admin_users_id_put_mutation_role_empty_string_f4802a98.hurl new file mode 100644 index 0000000..2ecaad1 --- /dev/null +++ b/cases/api_admin_users_id_put_mutation_role_empty_string_f4802a98.hurl @@ -0,0 +1,23 @@ +# ── PUT /api/admin/users/{id} - mutation: role empty string ── +# case_id=TC-f4802a98 +# case_name=PUT /api/admin/users/{id} - mutation: role empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": false, + "role": "" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_users_id_put_mutation_role_integer_instead_of_string_1d2d0cbd.hurl b/cases/api_admin_users_id_put_mutation_role_integer_instead_of_string_1d2d0cbd.hurl new file mode 100644 index 0000000..beb566a --- /dev/null +++ b/cases/api_admin_users_id_put_mutation_role_integer_instead_of_string_1d2d0cbd.hurl @@ -0,0 +1,23 @@ +# ── PUT /api/admin/users/{id} - mutation: role integer instead of string ── +# case_id=TC-1d2d0cbd +# case_name=PUT /api/admin/users/{id} - mutation: role integer instead of string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": false, + "role": 12345 +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_users_id_put_mutation_role_null_value_091acd05.hurl b/cases/api_admin_users_id_put_mutation_role_null_value_091acd05.hurl new file mode 100644 index 0000000..d0e6a39 --- /dev/null +++ b/cases/api_admin_users_id_put_mutation_role_null_value_091acd05.hurl @@ -0,0 +1,23 @@ +# ── PUT /api/admin/users/{id} - mutation: role null value ── +# case_id=TC-091acd05 +# case_name=PUT /api/admin/users/{id} - mutation: role null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": false, + "role": null +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_users_id_put_mutation_role_oversized_string_300_chars_786de8b3.hurl b/cases/api_admin_users_id_put_mutation_role_oversized_string_300_chars_786de8b3.hurl new file mode 100644 index 0000000..cfaa166 --- /dev/null +++ b/cases/api_admin_users_id_put_mutation_role_oversized_string_300_chars_786de8b3.hurl @@ -0,0 +1,23 @@ +# ── PUT /api/admin/users/{id} - mutation: role oversized string (300 chars) ── +# case_id=TC-786de8b3 +# case_name=PUT /api/admin/users/{id} - mutation: role oversized string (300 chars) +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": false, + "role": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_users_id_put_null_injection_isactive_c8deaf48.hurl b/cases/api_admin_users_id_put_null_injection_isactive_c8deaf48.hurl new file mode 100644 index 0000000..5ceb90f --- /dev/null +++ b/cases/api_admin_users_id_put_null_injection_isactive_c8deaf48.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/users/{id} - null injection: isActive ── +# case_id=TC-c8deaf48 +# case_name=PUT /api/admin/users/{id} - null injection: isActive +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": null, + "role": "super_admin" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_users_id_put_null_injection_role_e890383a.hurl b/cases/api_admin_users_id_put_null_injection_role_e890383a.hurl new file mode 100644 index 0000000..2a28479 --- /dev/null +++ b/cases/api_admin_users_id_put_null_injection_role_e890383a.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/users/{id} - null injection: role ── +# case_id=TC-e890383a +# case_name=PUT /api/admin/users/{id} - null injection: role +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": false, + "role": null +} +``` + +HTTP 422 + diff --git a/cases/api_admin_users_id_put_owasp_api1_bola_unauthorized_access_91b47863.hurl b/cases/api_admin_users_id_put_owasp_api1_bola_unauthorized_access_91b47863.hurl new file mode 100644 index 0000000..8d9b3b8 --- /dev/null +++ b/cases/api_admin_users_id_put_owasp_api1_bola_unauthorized_access_91b47863.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API1] PUT /api/admin/users/{id} — BOLA unauthorized access ── +# case_id=TC-91b47863 +# case_name=[OWASP-API1] PUT /api/admin/users/{id} — BOLA unauthorized access +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/users/{{other_resource_id}} + +HTTP 403 + diff --git a/cases/api_admin_users_id_put_owasp_api2_broken_authentication_3552a6c6.hurl b/cases/api_admin_users_id_put_owasp_api2_broken_authentication_3552a6c6.hurl new file mode 100644 index 0000000..6f73ef5 --- /dev/null +++ b/cases/api_admin_users_id_put_owasp_api2_broken_authentication_3552a6c6.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] PUT /api/admin/users/{id} — broken authentication ── +# case_id=TC-3552a6c6 +# case_name=[OWASP-API2] PUT /api/admin/users/{id} — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/users/{id} + +HTTP 401 + diff --git a/cases/api_admin_users_id_put_owasp_api3_bopla_property_level_access_4ae5244a.hurl b/cases/api_admin_users_id_put_owasp_api3_bopla_property_level_access_4ae5244a.hurl new file mode 100644 index 0000000..f8d2e1a --- /dev/null +++ b/cases/api_admin_users_id_put_owasp_api3_bopla_property_level_access_4ae5244a.hurl @@ -0,0 +1,24 @@ +# ── [OWASP-API3] PUT /api/admin/users/{id} — BOPLA property-level access ── +# case_id=TC-4ae5244a +# case_name=[OWASP-API3] PUT /api/admin/users/{id} — BOPLA property-level access +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": true, + "is_admin": true, + "role": "admin" +} +``` + +HTTP 200 + +[Asserts] +jsonpath "$.is_admin" != true +jsonpath "$.role" != "admin" + diff --git a/cases/api_admin_users_id_put_owasp_api5_function_level_authorization_missing_8f0d7884.hurl b/cases/api_admin_users_id_put_owasp_api5_function_level_authorization_missing_8f0d7884.hurl new file mode 100644 index 0000000..2490995 --- /dev/null +++ b/cases/api_admin_users_id_put_owasp_api5_function_level_authorization_missing_8f0d7884.hurl @@ -0,0 +1,13 @@ +# ── [OWASP-API5] PUT /api/admin/users/{id} — function-level authorization missing ── +# case_id=TC-8f0d7884 +# case_name=[OWASP-API5] PUT /api/admin/users/{id} — function-level authorization missing +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +PUT {{base_url}}/api/admin/users/{id} +Authorization: Bearer {{user_token}} + +HTTP 403 + diff --git a/cases/api_admin_users_id_put_owasp_api6_mass_assignment_38dd166b.hurl b/cases/api_admin_users_id_put_owasp_api6_mass_assignment_38dd166b.hurl new file mode 100644 index 0000000..9cd2e00 --- /dev/null +++ b/cases/api_admin_users_id_put_owasp_api6_mass_assignment_38dd166b.hurl @@ -0,0 +1,27 @@ +# ── [OWASP-API6] PUT /api/admin/users/{id} — mass assignment ── +# case_id=TC-38dd166b +# case_name=[OWASP-API6] PUT /api/admin/users/{id} — mass assignment +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "createdAt": "2000-01-01T00:00:00Z", + "id": 99999, + "isActive": false, + "role": "team_member", + "updatedAt": "2000-01-01T00:00:00Z" +} +``` + +HTTP 200 + +[Asserts] +jsonpath "$.id" != 99999 +jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" +jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" + diff --git a/cases/api_admin_users_id_put_owasp_api7_injection_path_traversal_e9f5a9c9.hurl b/cases/api_admin_users_id_put_owasp_api7_injection_path_traversal_e9f5a9c9.hurl new file mode 100644 index 0000000..6d46993 --- /dev/null +++ b/cases/api_admin_users_id_put_owasp_api7_injection_path_traversal_e9f5a9c9.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] PUT /api/admin/users/{id} — injection (path-traversal) ── +# case_id=TC-e9f5a9c9 +# case_name=[OWASP-API7] PUT /api/admin/users/{id} — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/users/..%2F..%2F..%2Fetc%2Fpasswd +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_users_id_put_owasp_api7_injection_sqli_c653b26d.hurl b/cases/api_admin_users_id_put_owasp_api7_injection_sqli_c653b26d.hurl new file mode 100644 index 0000000..a7d0478 --- /dev/null +++ b/cases/api_admin_users_id_put_owasp_api7_injection_sqli_c653b26d.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] PUT /api/admin/users/{id} — injection (sqli) ── +# case_id=TC-c653b26d +# case_name=[OWASP-API7] PUT /api/admin/users/{id} — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/users/%27%20OR%201=1-- +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_users_id_put_owasp_api7_injection_xss_51b9a625.hurl b/cases/api_admin_users_id_put_owasp_api7_injection_xss_51b9a625.hurl new file mode 100644 index 0000000..16facc6 --- /dev/null +++ b/cases/api_admin_users_id_put_owasp_api7_injection_xss_51b9a625.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] PUT /api/admin/users/{id} — injection (xss) ── +# case_id=TC-51b9a625 +# case_name=[OWASP-API7] PUT /api/admin/users/{id} — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PUT {{base_url}}/api/admin/users/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_users_id_put_role_guest_d671319d.hurl b/cases/api_admin_users_id_put_role_guest_d671319d.hurl new file mode 100644 index 0000000..c83ecdb --- /dev/null +++ b/cases/api_admin_users_id_put_role_guest_d671319d.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/users/{id} - role = guest ── +# case_id=TC-d671319d +# case_name=PUT /api/admin/users/{id} - role = guest +# step_id=step-main +# step_type=test +# technique=decision_table +# priority=P1 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": false, + "role": "guest" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_users_id_put_role_super_admin_72c28c85.hurl b/cases/api_admin_users_id_put_role_super_admin_72c28c85.hurl new file mode 100644 index 0000000..5d7daf3 --- /dev/null +++ b/cases/api_admin_users_id_put_role_super_admin_72c28c85.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/users/{id} - role = super_admin ── +# case_id=TC-72c28c85 +# case_name=PUT /api/admin/users/{id} - role = super_admin +# step_id=step-main +# step_type=test +# technique=decision_table +# priority=P1 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": false, + "role": "super_admin" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_users_id_put_role_team_member_c19312b9.hurl b/cases/api_admin_users_id_put_role_team_member_c19312b9.hurl new file mode 100644 index 0000000..ff75088 --- /dev/null +++ b/cases/api_admin_users_id_put_role_team_member_c19312b9.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/users/{id} - role = team_member ── +# case_id=TC-c19312b9 +# case_name=PUT /api/admin/users/{id} - role = team_member +# step_id=step-main +# step_type=test +# technique=decision_table +# priority=P1 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": false, + "role": "team_member" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_users_id_put_role_team_owner_c8807eae.hurl b/cases/api_admin_users_id_put_role_team_owner_c8807eae.hurl new file mode 100644 index 0000000..160e0e0 --- /dev/null +++ b/cases/api_admin_users_id_put_role_team_owner_c8807eae.hurl @@ -0,0 +1,22 @@ +# ── PUT /api/admin/users/{id} - role = team_owner ── +# case_id=TC-c8807eae +# case_name=PUT /api/admin/users/{id} - role = team_owner +# step_id=step-main +# step_type=test +# technique=decision_table +# priority=P1 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": true, + "role": "team_owner" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_users_id_put_schema_violation_isactive_wrong_type_891572b6.hurl b/cases/api_admin_users_id_put_schema_violation_isactive_wrong_type_891572b6.hurl new file mode 100644 index 0000000..60c0056 --- /dev/null +++ b/cases/api_admin_users_id_put_schema_violation_isactive_wrong_type_891572b6.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/users/{id} - [schema_violation] isActive_wrong_type ── +# case_id=TC-891572b6 +# case_name=PUT /api/admin/users/{id} - [schema_violation] isActive_wrong_type +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": "not_a_boolean", + "role": "team_owner" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_users_id_put_schema_violation_role_invalid_enum_3765a2be.hurl b/cases/api_admin_users_id_put_schema_violation_role_invalid_enum_3765a2be.hurl new file mode 100644 index 0000000..d78e2f6 --- /dev/null +++ b/cases/api_admin_users_id_put_schema_violation_role_invalid_enum_3765a2be.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/users/{id} - [schema_violation] role_invalid_enum ── +# case_id=TC-3765a2be +# case_name=PUT /api/admin/users/{id} - [schema_violation] role_invalid_enum +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": true, + "role": "__invalid__" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_users_id_put_type_coercion_isactive_wrong_type_integer_308337db.hurl b/cases/api_admin_users_id_put_type_coercion_isactive_wrong_type_integer_308337db.hurl new file mode 100644 index 0000000..20e0298 --- /dev/null +++ b/cases/api_admin_users_id_put_type_coercion_isactive_wrong_type_integer_308337db.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/users/{id} - [type_coercion] isActive wrong_type_integer ── +# case_id=TC-308337db +# case_name=PUT /api/admin/users/{id} - [type_coercion] isActive wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": 1, + "role": "super_admin" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_users_id_put_type_coercion_isactive_wrong_type_string_4a329fab.hurl b/cases/api_admin_users_id_put_type_coercion_isactive_wrong_type_string_4a329fab.hurl new file mode 100644 index 0000000..aa1d226 --- /dev/null +++ b/cases/api_admin_users_id_put_type_coercion_isactive_wrong_type_string_4a329fab.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/users/{id} - [type_coercion] isActive wrong_type_string ── +# case_id=TC-4a329fab +# case_name=PUT /api/admin/users/{id} - [type_coercion] isActive wrong_type_string +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": "not_a_boolean", + "role": "super_admin" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_users_id_put_type_coercion_role_wrong_type_boolean_c4d77768.hurl b/cases/api_admin_users_id_put_type_coercion_role_wrong_type_boolean_c4d77768.hurl new file mode 100644 index 0000000..5aca29f --- /dev/null +++ b/cases/api_admin_users_id_put_type_coercion_role_wrong_type_boolean_c4d77768.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/users/{id} - [type_coercion] role wrong_type_boolean ── +# case_id=TC-c4d77768 +# case_name=PUT /api/admin/users/{id} - [type_coercion] role wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": false, + "role": true +} +``` + +HTTP 422 + diff --git a/cases/api_admin_users_id_put_type_coercion_role_wrong_type_integer_60c61680.hurl b/cases/api_admin_users_id_put_type_coercion_role_wrong_type_integer_60c61680.hurl new file mode 100644 index 0000000..b2ac718 --- /dev/null +++ b/cases/api_admin_users_id_put_type_coercion_role_wrong_type_integer_60c61680.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/users/{id} - [type_coercion] role wrong_type_integer ── +# case_id=TC-60c61680 +# case_name=PUT /api/admin/users/{id} - [type_coercion] role wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": false, + "role": 123 +} +``` + +HTTP 422 + diff --git a/cases/api_admin_users_id_put_unicode_fuzzing_role_bidi_override_a2217373.hurl b/cases/api_admin_users_id_put_unicode_fuzzing_role_bidi_override_a2217373.hurl new file mode 100644 index 0000000..a132704 --- /dev/null +++ b/cases/api_admin_users_id_put_unicode_fuzzing_role_bidi_override_a2217373.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/users/{id} - [unicode_fuzzing] role bidi_override ── +# case_id=TC-a2217373 +# case_name=PUT /api/admin/users/{id} - [unicode_fuzzing] role bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": false, + "role": "‮hello" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_users_id_put_unicode_fuzzing_role_control_char_be44c91e.hurl b/cases/api_admin_users_id_put_unicode_fuzzing_role_control_char_be44c91e.hurl new file mode 100644 index 0000000..ee4cafd --- /dev/null +++ b/cases/api_admin_users_id_put_unicode_fuzzing_role_control_char_be44c91e.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/users/{id} - [unicode_fuzzing] role control_char ── +# case_id=TC-be44c91e +# case_name=PUT /api/admin/users/{id} - [unicode_fuzzing] role control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": false, + "role": "hello\u0000world" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_users_id_put_unicode_fuzzing_role_overlong_4c95b987.hurl b/cases/api_admin_users_id_put_unicode_fuzzing_role_overlong_4c95b987.hurl new file mode 100644 index 0000000..53df495 --- /dev/null +++ b/cases/api_admin_users_id_put_unicode_fuzzing_role_overlong_4c95b987.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/users/{id} - [unicode_fuzzing] role overlong ── +# case_id=TC-4c95b987 +# case_name=PUT /api/admin/users/{id} - [unicode_fuzzing] role overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": false, + "role": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_users_id_put_unicode_fuzzing_role_zalgo_d015a170.hurl b/cases/api_admin_users_id_put_unicode_fuzzing_role_zalgo_d015a170.hurl new file mode 100644 index 0000000..e797bc5 --- /dev/null +++ b/cases/api_admin_users_id_put_unicode_fuzzing_role_zalgo_d015a170.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/users/{id} - [unicode_fuzzing] role zalgo ── +# case_id=TC-d015a170 +# case_name=PUT /api/admin/users/{id} - [unicode_fuzzing] role zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": false, + "role": "z̀́̂̃̄̅̆̇a" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_users_id_put_unicode_fuzzing_role_zero_width_b1e60615.hurl b/cases/api_admin_users_id_put_unicode_fuzzing_role_zero_width_b1e60615.hurl new file mode 100644 index 0000000..15006e4 --- /dev/null +++ b/cases/api_admin_users_id_put_unicode_fuzzing_role_zero_width_b1e60615.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/users/{id} - [unicode_fuzzing] role zero_width ── +# case_id=TC-b1e60615 +# case_name=PUT /api/admin/users/{id} - [unicode_fuzzing] role zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": false, + "role": "​hello" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_users_id_put_valid_request_with_all_required_fields_d7979f2a.hurl b/cases/api_admin_users_id_put_valid_request_with_all_required_fields_d7979f2a.hurl new file mode 100644 index 0000000..def37f1 --- /dev/null +++ b/cases/api_admin_users_id_put_valid_request_with_all_required_fields_d7979f2a.hurl @@ -0,0 +1,23 @@ +# ── PUT /api/admin/users/{id} - valid request with all required fields ── +# case_id=TC-d7979f2a +# case_name=PUT /api/admin/users/{id} - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: application/json +```json +{ + "isActive": true, + "role": "team_owner" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.ok" exists + diff --git a/cases/api_admin_users_id_put_wrong_content_type_text_plain_69ba511c.hurl b/cases/api_admin_users_id_put_wrong_content_type_text_plain_69ba511c.hurl new file mode 100644 index 0000000..cdc2a43 --- /dev/null +++ b/cases/api_admin_users_id_put_wrong_content_type_text_plain_69ba511c.hurl @@ -0,0 +1,19 @@ +# ── PUT /api/admin/users/{id} - wrong content-type (text/plain) ── +# case_id=TC-69ba511c +# case_name=PUT /api/admin/users/{id} - wrong content-type (text/plain) +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +PUT {{base_url}}/api/admin/users/{id} +Content-Type: text/plain +```json +{ + "isActive": false, + "role": "super_admin" +} +``` + +HTTP 415 + diff --git a/cases/api_admin_users_options_owasp_api8_cors_security_configuration_d0d06277.hurl b/cases/api_admin_users_options_owasp_api8_cors_security_configuration_d0d06277.hurl new file mode 100644 index 0000000..20ad14c --- /dev/null +++ b/cases/api_admin_users_options_owasp_api8_cors_security_configuration_d0d06277.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/admin/users — CORS security configuration ── +# case_id=TC-d0d06277 +# case_name=[OWASP-API8] OPTIONS /api/admin/users — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/admin/users +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_admin_webhooks_get_auth_chain_c741d9e1.hurl b/cases/api_admin_webhooks_get_auth_chain_c741d9e1.hurl new file mode 100644 index 0000000..70a5099 --- /dev/null +++ b/cases/api_admin_webhooks_get_auth_chain_c741d9e1.hurl @@ -0,0 +1,44 @@ +# ══════════════════════════════════════════════════ +# auth chain: GET /api/admin/webhooks +# case_id=TC-c741d9e1 +# case_name=auth chain: GET /api/admin/webhooks +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── authenticate via POST /api/tokens [setup] ── +# step_id=step-auth +# step_type=setup +# title=authenticate via POST /api/tokens + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Jakob Jensen", + "scope": "write" +} +``` + +HTTP * + +[Captures] +authToken: jsonpath "$.token" + +[Asserts] +status < 300 + +# ── GET /api/admin/webhooks with auth token [test] ── +# step_id=step-test +# step_type=test +# title=GET /api/admin/webhooks with auth token +# depends_on=step-auth + +GET {{base_url}}/api/admin/webhooks +Authorization: Bearer {{authToken}} + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_webhooks_get_owasp_api2_broken_authentication_ec46e5a8.hurl b/cases/api_admin_webhooks_get_owasp_api2_broken_authentication_ec46e5a8.hurl new file mode 100644 index 0000000..0b9eb95 --- /dev/null +++ b/cases/api_admin_webhooks_get_owasp_api2_broken_authentication_ec46e5a8.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] GET /api/admin/webhooks — broken authentication ── +# case_id=TC-ec46e5a8 +# case_name=[OWASP-API2] GET /api/admin/webhooks — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/admin/webhooks + +HTTP 401 + diff --git a/cases/api_admin_webhooks_get_owasp_api5_function_level_authorization_missing_a2ef426c.hurl b/cases/api_admin_webhooks_get_owasp_api5_function_level_authorization_missing_a2ef426c.hurl new file mode 100644 index 0000000..7f42fcc --- /dev/null +++ b/cases/api_admin_webhooks_get_owasp_api5_function_level_authorization_missing_a2ef426c.hurl @@ -0,0 +1,13 @@ +# ── [OWASP-API5] GET /api/admin/webhooks — function-level authorization missing ── +# case_id=TC-a2ef426c +# case_name=[OWASP-API5] GET /api/admin/webhooks — function-level authorization missing +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +GET {{base_url}}/api/admin/webhooks +Authorization: Bearer {{user_token}} + +HTTP 403 + diff --git a/cases/api_admin_webhooks_get_valid_request_with_all_required_fields_c3e5fa48.hurl b/cases/api_admin_webhooks_get_valid_request_with_all_required_fields_c3e5fa48.hurl new file mode 100644 index 0000000..a223002 --- /dev/null +++ b/cases/api_admin_webhooks_get_valid_request_with_all_required_fields_c3e5fa48.hurl @@ -0,0 +1,16 @@ +# ── GET /api/admin/webhooks - valid request with all required fields ── +# case_id=TC-c3e5fa48 +# case_name=GET /api/admin/webhooks - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +GET {{base_url}}/api/admin/webhooks + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.webhooks" exists + diff --git a/cases/api_admin_webhooks_id_delete_idempotent_second_call_must_be_safe_854a404a.hurl b/cases/api_admin_webhooks_id_delete_idempotent_second_call_must_be_safe_854a404a.hurl new file mode 100644 index 0000000..fab2ffe --- /dev/null +++ b/cases/api_admin_webhooks_id_delete_idempotent_second_call_must_be_safe_854a404a.hurl @@ -0,0 +1,33 @@ +# ══════════════════════════════════════════════════ +# DELETE /api/admin/webhooks/:id - idempotent: second call must be safe +# case_id=TC-854a404a +# case_name=DELETE /api/admin/webhooks/:id - idempotent: second call must be safe +# case_kind=chain +# priority=P2 +# ══════════════════════════════════════════════════ + +# ── DELETE /api/admin/webhooks/:id — first call [setup] ── +# step_id=step-setup +# step_type=setup +# title=DELETE /api/admin/webhooks/:id — first call + +DELETE {{base_url}}/api/admin/webhooks/:id + +HTTP 204 + +[Asserts] +duration < 2000 + +# ── DELETE /api/admin/webhooks/:id — identical second call must be safe [test] ── +# step_id=step-test +# step_type=test +# title=DELETE /api/admin/webhooks/:id — identical second call must be safe +# depends_on=step-setup + +DELETE {{base_url}}/api/admin/webhooks/:id + +HTTP 204 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_webhooks_id_delete_idor_id_00000000_0000_0000_0000_000000000000_nil_uu_2c9e3616.hurl b/cases/api_admin_webhooks_id_delete_idor_id_00000000_0000_0000_0000_000000000000_nil_uu_2c9e3616.hurl new file mode 100644 index 0000000..27ef2a4 --- /dev/null +++ b/cases/api_admin_webhooks_id_delete_idor_id_00000000_0000_0000_0000_000000000000_nil_uu_2c9e3616.hurl @@ -0,0 +1,16 @@ +# ── DELETE /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid) ── +# case_id=TC-2c9e3616 +# case_name=DELETE /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +DELETE {{base_url}}/api/admin/webhooks/:id + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_id_delete_idor_id_00000000_0000_0000_0000_000000000001_alt_uu_101b67d9.hurl b/cases/api_admin_webhooks_id_delete_idor_id_00000000_0000_0000_0000_000000000001_alt_uu_101b67d9.hurl new file mode 100644 index 0000000..f477c57 --- /dev/null +++ b/cases/api_admin_webhooks_id_delete_idor_id_00000000_0000_0000_0000_000000000001_alt_uu_101b67d9.hurl @@ -0,0 +1,16 @@ +# ── DELETE /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid) ── +# case_id=TC-101b67d9 +# case_name=DELETE /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +DELETE {{base_url}}/api/admin/webhooks/:id + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_id_delete_missing_required_param_id_25ba00ae.hurl b/cases/api_admin_webhooks_id_delete_missing_required_param_id_25ba00ae.hurl new file mode 100644 index 0000000..c7ea259 --- /dev/null +++ b/cases/api_admin_webhooks_id_delete_missing_required_param_id_25ba00ae.hurl @@ -0,0 +1,12 @@ +# ── DELETE /api/admin/webhooks/:id - missing required param "id" ── +# case_id=TC-25ba00ae +# case_name=DELETE /api/admin/webhooks/:id - missing required param "id" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +DELETE {{base_url}}/api/admin/webhooks/:id + +HTTP 422 + diff --git a/cases/api_admin_webhooks_id_delete_owasp_api2_broken_authentication_23cf0c86.hurl b/cases/api_admin_webhooks_id_delete_owasp_api2_broken_authentication_23cf0c86.hurl new file mode 100644 index 0000000..d8bd1cb --- /dev/null +++ b/cases/api_admin_webhooks_id_delete_owasp_api2_broken_authentication_23cf0c86.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] DELETE /api/admin/webhooks/:id — broken authentication ── +# case_id=TC-23cf0c86 +# case_name=[OWASP-API2] DELETE /api/admin/webhooks/:id — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/webhooks/:id + +HTTP 401 + diff --git a/cases/api_admin_webhooks_id_delete_owasp_api5_function_level_authorization_missing_01a13cd8.hurl b/cases/api_admin_webhooks_id_delete_owasp_api5_function_level_authorization_missing_01a13cd8.hurl new file mode 100644 index 0000000..b906b97 --- /dev/null +++ b/cases/api_admin_webhooks_id_delete_owasp_api5_function_level_authorization_missing_01a13cd8.hurl @@ -0,0 +1,13 @@ +# ── [OWASP-API5] DELETE /api/admin/webhooks/:id — function-level authorization missing ── +# case_id=TC-01a13cd8 +# case_name=[OWASP-API5] DELETE /api/admin/webhooks/:id — function-level authorization missing +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +DELETE {{base_url}}/api/admin/webhooks/:id +Authorization: Bearer {{user_token}} + +HTTP 403 + diff --git a/cases/api_admin_webhooks_id_delete_owasp_api7_injection_path_traversal_bdc77229.hurl b/cases/api_admin_webhooks_id_delete_owasp_api7_injection_path_traversal_bdc77229.hurl new file mode 100644 index 0000000..f5fc775 --- /dev/null +++ b/cases/api_admin_webhooks_id_delete_owasp_api7_injection_path_traversal_bdc77229.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] DELETE /api/admin/webhooks/:id — injection (path-traversal) ── +# case_id=TC-bdc77229 +# case_name=[OWASP-API7] DELETE /api/admin/webhooks/:id — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/webhooks/:id +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_delete_owasp_api7_injection_sqli_7e499729.hurl b/cases/api_admin_webhooks_id_delete_owasp_api7_injection_sqli_7e499729.hurl new file mode 100644 index 0000000..565b522 --- /dev/null +++ b/cases/api_admin_webhooks_id_delete_owasp_api7_injection_sqli_7e499729.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] DELETE /api/admin/webhooks/:id — injection (sqli) ── +# case_id=TC-7e499729 +# case_name=[OWASP-API7] DELETE /api/admin/webhooks/:id — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/webhooks/:id +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_delete_owasp_api7_injection_xss_06da467b.hurl b/cases/api_admin_webhooks_id_delete_owasp_api7_injection_xss_06da467b.hurl new file mode 100644 index 0000000..6e0c7cc --- /dev/null +++ b/cases/api_admin_webhooks_id_delete_owasp_api7_injection_xss_06da467b.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] DELETE /api/admin/webhooks/:id — injection (xss) ── +# case_id=TC-06da467b +# case_name=[OWASP-API7] DELETE /api/admin/webhooks/:id — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/admin/webhooks/:id +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_delete_valid_request_with_all_required_fields_f50edea5.hurl b/cases/api_admin_webhooks_id_delete_valid_request_with_all_required_fields_f50edea5.hurl new file mode 100644 index 0000000..4f62245 --- /dev/null +++ b/cases/api_admin_webhooks_id_delete_valid_request_with_all_required_fields_f50edea5.hurl @@ -0,0 +1,15 @@ +# ── DELETE /api/admin/webhooks/:id - valid request with all required fields ── +# case_id=TC-f50edea5 +# case_name=DELETE /api/admin/webhooks/:id - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +DELETE {{base_url}}/api/admin/webhooks/:id + +HTTP 204 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_webhooks_id_options_owasp_api8_cors_security_configuration_c34b22b5.hurl b/cases/api_admin_webhooks_id_options_owasp_api8_cors_security_configuration_c34b22b5.hurl new file mode 100644 index 0000000..ddb2a0f --- /dev/null +++ b/cases/api_admin_webhooks_id_options_owasp_api8_cors_security_configuration_c34b22b5.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/admin/webhooks/:id — CORS security configuration ── +# case_id=TC-c34b22b5 +# case_name=[OWASP-API8] OPTIONS /api/admin/webhooks/:id — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/admin/webhooks/:id +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_admin_webhooks_id_patch_idor_id_00000000_0000_0000_0000_000000000000_nil_uui_93edf6a3.hurl b/cases/api_admin_webhooks_id_patch_idor_id_00000000_0000_0000_0000_000000000000_nil_uui_93edf6a3.hurl new file mode 100644 index 0000000..cebad17 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_idor_id_00000000_0000_0000_0000_000000000000_nil_uui_93edf6a3.hurl @@ -0,0 +1,16 @@ +# ── PATCH /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid) ── +# case_id=TC-93edf6a3 +# case_name=PATCH /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +PATCH {{base_url}}/api/admin/webhooks/:id + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_id_patch_idor_id_00000000_0000_0000_0000_000000000001_alt_uui_e5555fc8.hurl b/cases/api_admin_webhooks_id_patch_idor_id_00000000_0000_0000_0000_000000000001_alt_uui_e5555fc8.hurl new file mode 100644 index 0000000..c8c616a --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_idor_id_00000000_0000_0000_0000_000000000001_alt_uui_e5555fc8.hurl @@ -0,0 +1,16 @@ +# ── PATCH /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid) ── +# case_id=TC-e5555fc8 +# case_name=PATCH /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +PATCH {{base_url}}/api/admin/webhooks/:id + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_id_patch_invalid_isactive_wrong_type_string_for_boolean_fbeea8b1.hurl b/cases/api_admin_webhooks_id_patch_invalid_isactive_wrong_type_string_for_boolean_fbeea8b1.hurl new file mode 100644 index 0000000..284bd69 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_invalid_isactive_wrong_type_string_for_boolean_fbeea8b1.hurl @@ -0,0 +1,23 @@ +# ── PATCH /api/admin/webhooks/:id - invalid isActive: wrong type (string for boolean) ── +# case_id=TC-fbeea8b1 +# case_name=PATCH /api/admin/webhooks/:id - invalid isActive: wrong type (string for boolean) +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "regularly" + ], + "isActive": "not_a_boolean", + "name": "Halle Lewis", + "url": "http://www.technicalschemas.com/web-enabled" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_id_patch_mass_assignment_financial_probe_ed85e04f.hurl b/cases/api_admin_webhooks_id_patch_mass_assignment_financial_probe_ed85e04f.hurl new file mode 100644 index 0000000..48943f9 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_mass_assignment_financial_probe_ed85e04f.hurl @@ -0,0 +1,27 @@ +# ── PATCH /api/admin/webhooks/:id - [mass_assignment] financial probe ── +# case_id=TC-ed85e04f +# case_name=PATCH /api/admin/webhooks/:id - [mass_assignment] financial probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "balance": 1, + "credits": 1, + "discount": 0, + "events": [ + "of" + ], + "isActive": false, + "name": "Nathaniel Yang", + "price": 1, + "url": "https://www.forwardinteractive.com/architect/reintermediate/user-centric" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_patch_mass_assignment_identity_probe_1274d148.hurl b/cases/api_admin_webhooks_id_patch_mass_assignment_identity_probe_1274d148.hurl new file mode 100644 index 0000000..4a9fe7c --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_mass_assignment_identity_probe_1274d148.hurl @@ -0,0 +1,27 @@ +# ── PATCH /api/admin/webhooks/:id - [mass_assignment] identity probe ── +# case_id=TC-1274d148 +# case_name=PATCH /api/admin/webhooks/:id - [mass_assignment] identity probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "createdBy": "__probe__", + "events": [ + "of" + ], + "isActive": false, + "name": "Nathaniel Yang", + "ownerId": "__probe__", + "url": "https://www.forwardinteractive.com/architect/reintermediate/user-centric", + "userId": "__probe__", + "user_id": "__probe__" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_patch_mass_assignment_privilege_probe_d0ddffec.hurl b/cases/api_admin_webhooks_id_patch_mass_assignment_privilege_probe_d0ddffec.hurl new file mode 100644 index 0000000..d3110e7 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_mass_assignment_privilege_probe_d0ddffec.hurl @@ -0,0 +1,27 @@ +# ── PATCH /api/admin/webhooks/:id - [mass_assignment] privilege probe ── +# case_id=TC-d0ddffec +# case_name=PATCH /api/admin/webhooks/:id - [mass_assignment] privilege probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "admin": true, + "events": [ + "of" + ], + "isActive": false, + "isAdmin": true, + "is_admin": true, + "name": "Nathaniel Yang", + "role": "__probe__", + "url": "https://www.forwardinteractive.com/architect/reintermediate/user-centric" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_patch_mass_assignment_status_probe_16deab72.hurl b/cases/api_admin_webhooks_id_patch_mass_assignment_status_probe_16deab72.hurl new file mode 100644 index 0000000..e13972b --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_mass_assignment_status_probe_16deab72.hurl @@ -0,0 +1,27 @@ +# ── PATCH /api/admin/webhooks/:id - [mass_assignment] status probe ── +# case_id=TC-16deab72 +# case_name=PATCH /api/admin/webhooks/:id - [mass_assignment] status probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "approved": true, + "banned": false, + "disabled": false, + "events": [ + "of" + ], + "isActive": false, + "name": "Nathaniel Yang", + "url": "https://www.forwardinteractive.com/architect/reintermediate/user-centric", + "verified": true +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_patch_missing_required_param_id_8a80112e.hurl b/cases/api_admin_webhooks_id_patch_missing_required_param_id_8a80112e.hurl new file mode 100644 index 0000000..0904de5 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_missing_required_param_id_8a80112e.hurl @@ -0,0 +1,12 @@ +# ── PATCH /api/admin/webhooks/:id - missing required param "id" ── +# case_id=TC-8a80112e +# case_name=PATCH /api/admin/webhooks/:id - missing required param "id" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +PATCH {{base_url}}/api/admin/webhooks/:id + +HTTP 422 + diff --git a/cases/api_admin_webhooks_id_patch_mutation_events_null_value_2d09c873.hurl b/cases/api_admin_webhooks_id_patch_mutation_events_null_value_2d09c873.hurl new file mode 100644 index 0000000..848971b --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_mutation_events_null_value_2d09c873.hurl @@ -0,0 +1,25 @@ +# ── PATCH /api/admin/webhooks/:id - mutation: events null value ── +# case_id=TC-2d09c873 +# case_name=PATCH /api/admin/webhooks/:id - mutation: events null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": null, + "isActive": false, + "name": "Kristin Burton", + "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_id_patch_mutation_events_object_instead_of_array_309789e7.hurl b/cases/api_admin_webhooks_id_patch_mutation_events_object_instead_of_array_309789e7.hurl new file mode 100644 index 0000000..be11eb7 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_mutation_events_object_instead_of_array_309789e7.hurl @@ -0,0 +1,25 @@ +# ── PATCH /api/admin/webhooks/:id - mutation: events object instead of array ── +# case_id=TC-309789e7 +# case_name=PATCH /api/admin/webhooks/:id - mutation: events object instead of array +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": {}, + "isActive": false, + "name": "Kristin Burton", + "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_id_patch_mutation_events_string_instead_of_array_9439ce9e.hurl b/cases/api_admin_webhooks_id_patch_mutation_events_string_instead_of_array_9439ce9e.hurl new file mode 100644 index 0000000..43b63b7 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_mutation_events_string_instead_of_array_9439ce9e.hurl @@ -0,0 +1,25 @@ +# ── PATCH /api/admin/webhooks/:id - mutation: events string instead of array ── +# case_id=TC-9439ce9e +# case_name=PATCH /api/admin/webhooks/:id - mutation: events string instead of array +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": "not-an-array", + "isActive": false, + "name": "Kristin Burton", + "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_id_patch_mutation_isactive_integer_instead_of_boolean_161755de.hurl b/cases/api_admin_webhooks_id_patch_mutation_isactive_integer_instead_of_boolean_161755de.hurl new file mode 100644 index 0000000..8579ab9 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_mutation_isactive_integer_instead_of_boolean_161755de.hurl @@ -0,0 +1,27 @@ +# ── PATCH /api/admin/webhooks/:id - mutation: isActive integer instead of boolean ── +# case_id=TC-161755de +# case_name=PATCH /api/admin/webhooks/:id - mutation: isActive integer instead of boolean +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "might" + ], + "isActive": 1, + "name": "Kristin Burton", + "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_id_patch_mutation_isactive_null_value_c42eb537.hurl b/cases/api_admin_webhooks_id_patch_mutation_isactive_null_value_c42eb537.hurl new file mode 100644 index 0000000..0cab3c4 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_mutation_isactive_null_value_c42eb537.hurl @@ -0,0 +1,27 @@ +# ── PATCH /api/admin/webhooks/:id - mutation: isActive null value ── +# case_id=TC-c42eb537 +# case_name=PATCH /api/admin/webhooks/:id - mutation: isActive null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "might" + ], + "isActive": null, + "name": "Kristin Burton", + "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_id_patch_mutation_isactive_string_instead_of_boolean_be6cb74f.hurl b/cases/api_admin_webhooks_id_patch_mutation_isactive_string_instead_of_boolean_be6cb74f.hurl new file mode 100644 index 0000000..f89160d --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_mutation_isactive_string_instead_of_boolean_be6cb74f.hurl @@ -0,0 +1,27 @@ +# ── PATCH /api/admin/webhooks/:id - mutation: isActive string instead of boolean ── +# case_id=TC-be6cb74f +# case_name=PATCH /api/admin/webhooks/:id - mutation: isActive string instead of boolean +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "might" + ], + "isActive": "yes", + "name": "Kristin Burton", + "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_id_patch_mutation_name_empty_string_48b3b8ee.hurl b/cases/api_admin_webhooks_id_patch_mutation_name_empty_string_48b3b8ee.hurl new file mode 100644 index 0000000..d83f415 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_mutation_name_empty_string_48b3b8ee.hurl @@ -0,0 +1,27 @@ +# ── PATCH /api/admin/webhooks/:id - mutation: name empty string ── +# case_id=TC-48b3b8ee +# case_name=PATCH /api/admin/webhooks/:id - mutation: name empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "might" + ], + "isActive": false, + "name": "", + "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_id_patch_mutation_name_integer_instead_of_string_ec8ffbaa.hurl b/cases/api_admin_webhooks_id_patch_mutation_name_integer_instead_of_string_ec8ffbaa.hurl new file mode 100644 index 0000000..a302fbf --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_mutation_name_integer_instead_of_string_ec8ffbaa.hurl @@ -0,0 +1,27 @@ +# ── PATCH /api/admin/webhooks/:id - mutation: name integer instead of string ── +# case_id=TC-ec8ffbaa +# case_name=PATCH /api/admin/webhooks/:id - mutation: name integer instead of string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "might" + ], + "isActive": false, + "name": 12345, + "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_id_patch_mutation_name_null_value_07005fc1.hurl b/cases/api_admin_webhooks_id_patch_mutation_name_null_value_07005fc1.hurl new file mode 100644 index 0000000..fdc38bf --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_mutation_name_null_value_07005fc1.hurl @@ -0,0 +1,27 @@ +# ── PATCH /api/admin/webhooks/:id - mutation: name null value ── +# case_id=TC-07005fc1 +# case_name=PATCH /api/admin/webhooks/:id - mutation: name null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "might" + ], + "isActive": false, + "name": null, + "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_id_patch_mutation_name_oversized_string_300_chars_bc9e284b.hurl b/cases/api_admin_webhooks_id_patch_mutation_name_oversized_string_300_chars_bc9e284b.hurl new file mode 100644 index 0000000..e502af0 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_mutation_name_oversized_string_300_chars_bc9e284b.hurl @@ -0,0 +1,27 @@ +# ── PATCH /api/admin/webhooks/:id - mutation: name oversized string (300 chars) ── +# case_id=TC-bc9e284b +# case_name=PATCH /api/admin/webhooks/:id - mutation: name oversized string (300 chars) +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "might" + ], + "isActive": false, + "name": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_id_patch_null_injection_events_e5f0413f.hurl b/cases/api_admin_webhooks_id_patch_null_injection_events_e5f0413f.hurl new file mode 100644 index 0000000..5a689f0 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_null_injection_events_e5f0413f.hurl @@ -0,0 +1,21 @@ +# ── PATCH /api/admin/webhooks/:id - null injection: events ── +# case_id=TC-e5f0413f +# case_name=PATCH /api/admin/webhooks/:id - null injection: events +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": null, + "isActive": true, + "name": "Opal Deckow", + "url": "http://www.dynamicmarkets.net/vertical" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_id_patch_null_injection_isactive_f681cd0b.hurl b/cases/api_admin_webhooks_id_patch_null_injection_isactive_f681cd0b.hurl new file mode 100644 index 0000000..1752d62 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_null_injection_isactive_f681cd0b.hurl @@ -0,0 +1,23 @@ +# ── PATCH /api/admin/webhooks/:id - null injection: isActive ── +# case_id=TC-f681cd0b +# case_name=PATCH /api/admin/webhooks/:id - null injection: isActive +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "aloof" + ], + "isActive": null, + "name": "Opal Deckow", + "url": "http://www.dynamicmarkets.net/vertical" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_id_patch_null_injection_name_abff0001.hurl b/cases/api_admin_webhooks_id_patch_null_injection_name_abff0001.hurl new file mode 100644 index 0000000..a0f9736 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_null_injection_name_abff0001.hurl @@ -0,0 +1,23 @@ +# ── PATCH /api/admin/webhooks/:id - null injection: name ── +# case_id=TC-abff0001 +# case_name=PATCH /api/admin/webhooks/:id - null injection: name +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "aloof" + ], + "isActive": true, + "name": null, + "url": "http://www.dynamicmarkets.net/vertical" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_id_patch_null_injection_url_6597f138.hurl b/cases/api_admin_webhooks_id_patch_null_injection_url_6597f138.hurl new file mode 100644 index 0000000..c8f9a60 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_null_injection_url_6597f138.hurl @@ -0,0 +1,23 @@ +# ── PATCH /api/admin/webhooks/:id - null injection: url ── +# case_id=TC-6597f138 +# case_name=PATCH /api/admin/webhooks/:id - null injection: url +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "aloof" + ], + "isActive": true, + "name": "Opal Deckow", + "url": null +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_id_patch_owasp_api10_ssrf_432c0bdd.hurl b/cases/api_admin_webhooks_id_patch_owasp_api10_ssrf_432c0bdd.hurl new file mode 100644 index 0000000..85f1258 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_owasp_api10_ssrf_432c0bdd.hurl @@ -0,0 +1,18 @@ +# ── [OWASP-API10] PATCH /api/admin/webhooks/:id — SSRF ── +# case_id=TC-432c0bdd +# case_name=[OWASP-API10] PATCH /api/admin/webhooks/:id — SSRF +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "url": "http://127.0.0.1" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_patch_owasp_api2_broken_authentication_3a1afdb6.hurl b/cases/api_admin_webhooks_id_patch_owasp_api2_broken_authentication_3a1afdb6.hurl new file mode 100644 index 0000000..2219e15 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_owasp_api2_broken_authentication_3a1afdb6.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] PATCH /api/admin/webhooks/:id — broken authentication ── +# case_id=TC-3a1afdb6 +# case_name=[OWASP-API2] PATCH /api/admin/webhooks/:id — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PATCH {{base_url}}/api/admin/webhooks/:id + +HTTP 401 + diff --git a/cases/api_admin_webhooks_id_patch_owasp_api3_bopla_property_level_access_d7a97bb7.hurl b/cases/api_admin_webhooks_id_patch_owasp_api3_bopla_property_level_access_d7a97bb7.hurl new file mode 100644 index 0000000..8bd066d --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_owasp_api3_bopla_property_level_access_d7a97bb7.hurl @@ -0,0 +1,29 @@ +# ── [OWASP-API3] PATCH /api/admin/webhooks/:id — BOPLA property-level access ── +# case_id=TC-d7a97bb7 +# case_name=[OWASP-API3] PATCH /api/admin/webhooks/:id — BOPLA property-level access +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "leap" + ], + "isActive": true, + "is_admin": true, + "name": "Lacy Mccarthy", + "role": "admin", + "url": "http://www.mainrobust.net/user-centric/empower" +} +``` + +HTTP 200 + +[Asserts] +jsonpath "$.is_admin" != true +jsonpath "$.role" != "admin" + diff --git a/cases/api_admin_webhooks_id_patch_owasp_api5_function_level_authorization_missing_6c16dac4.hurl b/cases/api_admin_webhooks_id_patch_owasp_api5_function_level_authorization_missing_6c16dac4.hurl new file mode 100644 index 0000000..957b192 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_owasp_api5_function_level_authorization_missing_6c16dac4.hurl @@ -0,0 +1,13 @@ +# ── [OWASP-API5] PATCH /api/admin/webhooks/:id — function-level authorization missing ── +# case_id=TC-6c16dac4 +# case_name=[OWASP-API5] PATCH /api/admin/webhooks/:id — function-level authorization missing +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +PATCH {{base_url}}/api/admin/webhooks/:id +Authorization: Bearer {{user_token}} + +HTTP 403 + diff --git a/cases/api_admin_webhooks_id_patch_owasp_api7_injection_path_traversal_b84f711a.hurl b/cases/api_admin_webhooks_id_patch_owasp_api7_injection_path_traversal_b84f711a.hurl new file mode 100644 index 0000000..196973f --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_owasp_api7_injection_path_traversal_b84f711a.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] PATCH /api/admin/webhooks/:id — injection (path-traversal) ── +# case_id=TC-b84f711a +# case_name=[OWASP-API7] PATCH /api/admin/webhooks/:id — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PATCH {{base_url}}/api/admin/webhooks/:id +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_patch_owasp_api7_injection_sqli_e249a62c.hurl b/cases/api_admin_webhooks_id_patch_owasp_api7_injection_sqli_e249a62c.hurl new file mode 100644 index 0000000..e03ca55 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_owasp_api7_injection_sqli_e249a62c.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] PATCH /api/admin/webhooks/:id — injection (sqli) ── +# case_id=TC-e249a62c +# case_name=[OWASP-API7] PATCH /api/admin/webhooks/:id — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PATCH {{base_url}}/api/admin/webhooks/:id +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_patch_owasp_api7_injection_xss_e86a894c.hurl b/cases/api_admin_webhooks_id_patch_owasp_api7_injection_xss_e86a894c.hurl new file mode 100644 index 0000000..c2302a3 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_owasp_api7_injection_xss_e86a894c.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] PATCH /api/admin/webhooks/:id — injection (xss) ── +# case_id=TC-e86a894c +# case_name=[OWASP-API7] PATCH /api/admin/webhooks/:id — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +PATCH {{base_url}}/api/admin/webhooks/:id +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_patch_schema_violation_isactive_wrong_type_a0047765.hurl b/cases/api_admin_webhooks_id_patch_schema_violation_isactive_wrong_type_a0047765.hurl new file mode 100644 index 0000000..4e2604a --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_schema_violation_isactive_wrong_type_a0047765.hurl @@ -0,0 +1,23 @@ +# ── PATCH /api/admin/webhooks/:id - [schema_violation] isActive_wrong_type ── +# case_id=TC-a0047765 +# case_name=PATCH /api/admin/webhooks/:id - [schema_violation] isActive_wrong_type +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "whatever" + ], + "isActive": "not_a_boolean", + "name": "Alexander Gordon", + "url": "https://www.grouptechnologies.net/deliverables/web-enabled/generate/e-enable" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_id_patch_type_coercion_events_wrong_type_string_ce35cd41.hurl b/cases/api_admin_webhooks_id_patch_type_coercion_events_wrong_type_string_ce35cd41.hurl new file mode 100644 index 0000000..10f2a28 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_type_coercion_events_wrong_type_string_ce35cd41.hurl @@ -0,0 +1,21 @@ +# ── PATCH /api/admin/webhooks/:id - [type_coercion] events wrong_type_string ── +# case_id=TC-ce35cd41 +# case_name=PATCH /api/admin/webhooks/:id - [type_coercion] events wrong_type_string +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": "not_an_array", + "isActive": false, + "name": "Emile Jones", + "url": "https://www.financeoptimize.com/transform/cross-media/technologies" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_id_patch_type_coercion_isactive_wrong_type_integer_4c590e85.hurl b/cases/api_admin_webhooks_id_patch_type_coercion_isactive_wrong_type_integer_4c590e85.hurl new file mode 100644 index 0000000..c07191b --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_type_coercion_isactive_wrong_type_integer_4c590e85.hurl @@ -0,0 +1,23 @@ +# ── PATCH /api/admin/webhooks/:id - [type_coercion] isActive wrong_type_integer ── +# case_id=TC-4c590e85 +# case_name=PATCH /api/admin/webhooks/:id - [type_coercion] isActive wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "some" + ], + "isActive": 1, + "name": "Emile Jones", + "url": "https://www.financeoptimize.com/transform/cross-media/technologies" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_id_patch_type_coercion_isactive_wrong_type_string_db8dd398.hurl b/cases/api_admin_webhooks_id_patch_type_coercion_isactive_wrong_type_string_db8dd398.hurl new file mode 100644 index 0000000..b5e5caf --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_type_coercion_isactive_wrong_type_string_db8dd398.hurl @@ -0,0 +1,23 @@ +# ── PATCH /api/admin/webhooks/:id - [type_coercion] isActive wrong_type_string ── +# case_id=TC-db8dd398 +# case_name=PATCH /api/admin/webhooks/:id - [type_coercion] isActive wrong_type_string +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "some" + ], + "isActive": "not_a_boolean", + "name": "Emile Jones", + "url": "https://www.financeoptimize.com/transform/cross-media/technologies" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_id_patch_type_coercion_name_wrong_type_boolean_e2d843b1.hurl b/cases/api_admin_webhooks_id_patch_type_coercion_name_wrong_type_boolean_e2d843b1.hurl new file mode 100644 index 0000000..3a8524a --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_type_coercion_name_wrong_type_boolean_e2d843b1.hurl @@ -0,0 +1,23 @@ +# ── PATCH /api/admin/webhooks/:id - [type_coercion] name wrong_type_boolean ── +# case_id=TC-e2d843b1 +# case_name=PATCH /api/admin/webhooks/:id - [type_coercion] name wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "some" + ], + "isActive": false, + "name": true, + "url": "https://www.financeoptimize.com/transform/cross-media/technologies" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_id_patch_type_coercion_name_wrong_type_integer_849247d2.hurl b/cases/api_admin_webhooks_id_patch_type_coercion_name_wrong_type_integer_849247d2.hurl new file mode 100644 index 0000000..857c1f1 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_type_coercion_name_wrong_type_integer_849247d2.hurl @@ -0,0 +1,23 @@ +# ── PATCH /api/admin/webhooks/:id - [type_coercion] name wrong_type_integer ── +# case_id=TC-849247d2 +# case_name=PATCH /api/admin/webhooks/:id - [type_coercion] name wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "some" + ], + "isActive": false, + "name": 123, + "url": "https://www.financeoptimize.com/transform/cross-media/technologies" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_id_patch_type_coercion_url_wrong_type_boolean_d9bfd2d8.hurl b/cases/api_admin_webhooks_id_patch_type_coercion_url_wrong_type_boolean_d9bfd2d8.hurl new file mode 100644 index 0000000..639ab48 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_type_coercion_url_wrong_type_boolean_d9bfd2d8.hurl @@ -0,0 +1,23 @@ +# ── PATCH /api/admin/webhooks/:id - [type_coercion] url wrong_type_boolean ── +# case_id=TC-d9bfd2d8 +# case_name=PATCH /api/admin/webhooks/:id - [type_coercion] url wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "some" + ], + "isActive": false, + "name": "Emile Jones", + "url": true +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_id_patch_type_coercion_url_wrong_type_integer_5b388493.hurl b/cases/api_admin_webhooks_id_patch_type_coercion_url_wrong_type_integer_5b388493.hurl new file mode 100644 index 0000000..f3ac357 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_type_coercion_url_wrong_type_integer_5b388493.hurl @@ -0,0 +1,23 @@ +# ── PATCH /api/admin/webhooks/:id - [type_coercion] url wrong_type_integer ── +# case_id=TC-5b388493 +# case_name=PATCH /api/admin/webhooks/:id - [type_coercion] url wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "some" + ], + "isActive": false, + "name": "Emile Jones", + "url": 123 +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_bidi_override_61073126.hurl b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_bidi_override_61073126.hurl new file mode 100644 index 0000000..45a3f88 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_bidi_override_61073126.hurl @@ -0,0 +1,23 @@ +# ── PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name bidi_override ── +# case_id=TC-61073126 +# case_name=PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "that" + ], + "isActive": true, + "name": "‮hello", + "url": "https://www.productdrive.io/grow/world-class" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_control_char_9fed73af.hurl b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_control_char_9fed73af.hurl new file mode 100644 index 0000000..ee02296 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_control_char_9fed73af.hurl @@ -0,0 +1,23 @@ +# ── PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name control_char ── +# case_id=TC-9fed73af +# case_name=PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "that" + ], + "isActive": true, + "name": "hello\u0000world", + "url": "https://www.productdrive.io/grow/world-class" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_overlong_ff322daa.hurl b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_overlong_ff322daa.hurl new file mode 100644 index 0000000..be51679 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_overlong_ff322daa.hurl @@ -0,0 +1,23 @@ +# ── PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name overlong ── +# case_id=TC-ff322daa +# case_name=PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "that" + ], + "isActive": true, + "name": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "url": "https://www.productdrive.io/grow/world-class" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_zalgo_a31d1299.hurl b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_zalgo_a31d1299.hurl new file mode 100644 index 0000000..fdf15dc --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_zalgo_a31d1299.hurl @@ -0,0 +1,23 @@ +# ── PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name zalgo ── +# case_id=TC-a31d1299 +# case_name=PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "that" + ], + "isActive": true, + "name": "z̀́̂̃̄̅̆̇a", + "url": "https://www.productdrive.io/grow/world-class" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_zero_width_6bdb26ba.hurl b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_zero_width_6bdb26ba.hurl new file mode 100644 index 0000000..e32ea16 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_zero_width_6bdb26ba.hurl @@ -0,0 +1,23 @@ +# ── PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name zero_width ── +# case_id=TC-6bdb26ba +# case_name=PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "that" + ], + "isActive": true, + "name": "​hello", + "url": "https://www.productdrive.io/grow/world-class" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_bidi_override_36430217.hurl b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_bidi_override_36430217.hurl new file mode 100644 index 0000000..e47d28c --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_bidi_override_36430217.hurl @@ -0,0 +1,23 @@ +# ── PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url bidi_override ── +# case_id=TC-36430217 +# case_name=PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "that" + ], + "isActive": true, + "name": "Nicole Heller", + "url": "‮hello" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_control_char_ed68863e.hurl b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_control_char_ed68863e.hurl new file mode 100644 index 0000000..6aaf1c0 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_control_char_ed68863e.hurl @@ -0,0 +1,23 @@ +# ── PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url control_char ── +# case_id=TC-ed68863e +# case_name=PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "that" + ], + "isActive": true, + "name": "Nicole Heller", + "url": "hello\u0000world" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_overlong_d7318097.hurl b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_overlong_d7318097.hurl new file mode 100644 index 0000000..467799c --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_overlong_d7318097.hurl @@ -0,0 +1,23 @@ +# ── PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url overlong ── +# case_id=TC-d7318097 +# case_name=PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "that" + ], + "isActive": true, + "name": "Nicole Heller", + "url": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_zalgo_0a72a45e.hurl b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_zalgo_0a72a45e.hurl new file mode 100644 index 0000000..f1364b4 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_zalgo_0a72a45e.hurl @@ -0,0 +1,23 @@ +# ── PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url zalgo ── +# case_id=TC-0a72a45e +# case_name=PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "that" + ], + "isActive": true, + "name": "Nicole Heller", + "url": "z̀́̂̃̄̅̆̇a" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_zero_width_61e8a563.hurl b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_zero_width_61e8a563.hurl new file mode 100644 index 0000000..edbbaf9 --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_zero_width_61e8a563.hurl @@ -0,0 +1,23 @@ +# ── PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url zero_width ── +# case_id=TC-61e8a563 +# case_name=PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "that" + ], + "isActive": true, + "name": "Nicole Heller", + "url": "​hello" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_patch_valid_request_with_all_required_fields_415f32a9.hurl b/cases/api_admin_webhooks_id_patch_valid_request_with_all_required_fields_415f32a9.hurl new file mode 100644 index 0000000..50d996c --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_valid_request_with_all_required_fields_415f32a9.hurl @@ -0,0 +1,35 @@ +# ── PATCH /api/admin/webhooks/:id - valid request with all required fields ── +# case_id=TC-415f32a9 +# case_name=PATCH /api/admin/webhooks/:id - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: application/json +```json +{ + "events": [ + "none" + ], + "isActive": true, + "name": "Dolly Richards", + "url": "http://www.futuredeliver.org/dynamic" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.createdAt" exists +jsonpath "$.providerType" exists +jsonpath "$.createdBy" exists +jsonpath "$.url" exists +jsonpath "$.name" exists +jsonpath "$.teamId" exists +jsonpath "$.id" exists +jsonpath "$.events" exists +jsonpath "$.isActive" exists + diff --git a/cases/api_admin_webhooks_id_patch_wrong_content_type_text_plain_94225ad6.hurl b/cases/api_admin_webhooks_id_patch_wrong_content_type_text_plain_94225ad6.hurl new file mode 100644 index 0000000..7ef42bf --- /dev/null +++ b/cases/api_admin_webhooks_id_patch_wrong_content_type_text_plain_94225ad6.hurl @@ -0,0 +1,23 @@ +# ── PATCH /api/admin/webhooks/:id - wrong content-type (text/plain) ── +# case_id=TC-94225ad6 +# case_name=PATCH /api/admin/webhooks/:id - wrong content-type (text/plain) +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +PATCH {{base_url}}/api/admin/webhooks/:id +Content-Type: text/plain +```json +{ + "events": [ + "aloof" + ], + "isActive": true, + "name": "Opal Deckow", + "url": "http://www.dynamicmarkets.net/vertical" +} +``` + +HTTP 415 + diff --git a/cases/api_admin_webhooks_id_test_options_owasp_api8_cors_security_configuration_19ddcfe4.hurl b/cases/api_admin_webhooks_id_test_options_owasp_api8_cors_security_configuration_19ddcfe4.hurl new file mode 100644 index 0000000..98adc6a --- /dev/null +++ b/cases/api_admin_webhooks_id_test_options_owasp_api8_cors_security_configuration_19ddcfe4.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/admin/webhooks/:id/test — CORS security configuration ── +# case_id=TC-19ddcfe4 +# case_name=[OWASP-API8] OPTIONS /api/admin/webhooks/:id/test — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/admin/webhooks/:id/test +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_admin_webhooks_id_test_post_idempotent_second_call_must_be_safe_ff996bd3.hurl b/cases/api_admin_webhooks_id_test_post_idempotent_second_call_must_be_safe_ff996bd3.hurl new file mode 100644 index 0000000..6e23ecf --- /dev/null +++ b/cases/api_admin_webhooks_id_test_post_idempotent_second_call_must_be_safe_ff996bd3.hurl @@ -0,0 +1,33 @@ +# ══════════════════════════════════════════════════ +# POST /api/admin/webhooks/:id/test - idempotent: second call must be safe +# case_id=TC-ff996bd3 +# case_name=POST /api/admin/webhooks/:id/test - idempotent: second call must be safe +# case_kind=chain +# priority=P2 +# ══════════════════════════════════════════════════ + +# ── POST /api/admin/webhooks/:id/test — first call [setup] ── +# step_id=step-setup +# step_type=setup +# title=POST /api/admin/webhooks/:id/test — first call + +POST {{base_url}}/api/admin/webhooks/:id/test + +HTTP 200 + +[Asserts] +duration < 2000 + +# ── POST /api/admin/webhooks/:id/test — identical second call must be safe [test] ── +# step_id=step-test +# step_type=test +# title=POST /api/admin/webhooks/:id/test — identical second call must be safe +# depends_on=step-setup + +POST {{base_url}}/api/admin/webhooks/:id/test + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_webhooks_id_test_post_idor_id_00000000_0000_0000_0000_000000000000_nil_33f46434.hurl b/cases/api_admin_webhooks_id_test_post_idor_id_00000000_0000_0000_0000_000000000000_nil_33f46434.hurl new file mode 100644 index 0000000..17ae493 --- /dev/null +++ b/cases/api_admin_webhooks_id_test_post_idor_id_00000000_0000_0000_0000_000000000000_nil_33f46434.hurl @@ -0,0 +1,16 @@ +# ── POST /api/admin/webhooks/:id/test - IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid) ── +# case_id=TC-33f46434 +# case_name=POST /api/admin/webhooks/:id/test - IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +POST {{base_url}}/api/admin/webhooks/:id/test + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_id_test_post_idor_id_00000000_0000_0000_0000_000000000001_alt_eb0b8c82.hurl b/cases/api_admin_webhooks_id_test_post_idor_id_00000000_0000_0000_0000_000000000001_alt_eb0b8c82.hurl new file mode 100644 index 0000000..1a58e9b --- /dev/null +++ b/cases/api_admin_webhooks_id_test_post_idor_id_00000000_0000_0000_0000_000000000001_alt_eb0b8c82.hurl @@ -0,0 +1,16 @@ +# ── POST /api/admin/webhooks/:id/test - IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid) ── +# case_id=TC-eb0b8c82 +# case_name=POST /api/admin/webhooks/:id/test - IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +POST {{base_url}}/api/admin/webhooks/:id/test + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_id_test_post_missing_required_param_id_8f3b353e.hurl b/cases/api_admin_webhooks_id_test_post_missing_required_param_id_8f3b353e.hurl new file mode 100644 index 0000000..52688ab --- /dev/null +++ b/cases/api_admin_webhooks_id_test_post_missing_required_param_id_8f3b353e.hurl @@ -0,0 +1,12 @@ +# ── POST /api/admin/webhooks/:id/test - missing required param "id" ── +# case_id=TC-8f3b353e +# case_name=POST /api/admin/webhooks/:id/test - missing required param "id" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +POST {{base_url}}/api/admin/webhooks/:id/test + +HTTP 422 + diff --git a/cases/api_admin_webhooks_id_test_post_owasp_api2_broken_authentication_7054030e.hurl b/cases/api_admin_webhooks_id_test_post_owasp_api2_broken_authentication_7054030e.hurl new file mode 100644 index 0000000..a526fa5 --- /dev/null +++ b/cases/api_admin_webhooks_id_test_post_owasp_api2_broken_authentication_7054030e.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] POST /api/admin/webhooks/:id/test — broken authentication ── +# case_id=TC-7054030e +# case_name=[OWASP-API2] POST /api/admin/webhooks/:id/test — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/webhooks/:id/test + +HTTP 401 + diff --git a/cases/api_admin_webhooks_id_test_post_owasp_api5_function_level_authorization_missing_908d0d93.hurl b/cases/api_admin_webhooks_id_test_post_owasp_api5_function_level_authorization_missing_908d0d93.hurl new file mode 100644 index 0000000..830a618 --- /dev/null +++ b/cases/api_admin_webhooks_id_test_post_owasp_api5_function_level_authorization_missing_908d0d93.hurl @@ -0,0 +1,13 @@ +# ── [OWASP-API5] POST /api/admin/webhooks/:id/test — function-level authorization missing ── +# case_id=TC-908d0d93 +# case_name=[OWASP-API5] POST /api/admin/webhooks/:id/test — function-level authorization missing +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +POST {{base_url}}/api/admin/webhooks/:id/test +Authorization: Bearer {{user_token}} + +HTTP 403 + diff --git a/cases/api_admin_webhooks_id_test_post_owasp_api7_injection_path_traversal_6c16c87b.hurl b/cases/api_admin_webhooks_id_test_post_owasp_api7_injection_path_traversal_6c16c87b.hurl new file mode 100644 index 0000000..17fdc64 --- /dev/null +++ b/cases/api_admin_webhooks_id_test_post_owasp_api7_injection_path_traversal_6c16c87b.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] POST /api/admin/webhooks/:id/test — injection (path-traversal) ── +# case_id=TC-6c16c87b +# case_name=[OWASP-API7] POST /api/admin/webhooks/:id/test — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/webhooks/:id/test +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_test_post_owasp_api7_injection_sqli_7a0227b0.hurl b/cases/api_admin_webhooks_id_test_post_owasp_api7_injection_sqli_7a0227b0.hurl new file mode 100644 index 0000000..53d5be0 --- /dev/null +++ b/cases/api_admin_webhooks_id_test_post_owasp_api7_injection_sqli_7a0227b0.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] POST /api/admin/webhooks/:id/test — injection (sqli) ── +# case_id=TC-7a0227b0 +# case_name=[OWASP-API7] POST /api/admin/webhooks/:id/test — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/webhooks/:id/test +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_test_post_owasp_api7_injection_xss_e8743ba7.hurl b/cases/api_admin_webhooks_id_test_post_owasp_api7_injection_xss_e8743ba7.hurl new file mode 100644 index 0000000..51a95ab --- /dev/null +++ b/cases/api_admin_webhooks_id_test_post_owasp_api7_injection_xss_e8743ba7.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] POST /api/admin/webhooks/:id/test — injection (xss) ── +# case_id=TC-e8743ba7 +# case_name=[OWASP-API7] POST /api/admin/webhooks/:id/test — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/webhooks/:id/test +```json +null +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_id_test_post_valid_request_with_all_required_fields_ae0a2dc3.hurl b/cases/api_admin_webhooks_id_test_post_valid_request_with_all_required_fields_ae0a2dc3.hurl new file mode 100644 index 0000000..da05ee3 --- /dev/null +++ b/cases/api_admin_webhooks_id_test_post_valid_request_with_all_required_fields_ae0a2dc3.hurl @@ -0,0 +1,16 @@ +# ── POST /api/admin/webhooks/:id/test - valid request with all required fields ── +# case_id=TC-ae0a2dc3 +# case_name=POST /api/admin/webhooks/:id/test - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +POST {{base_url}}/api/admin/webhooks/:id/test + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.ok" exists + diff --git a/cases/api_admin_webhooks_options_owasp_api8_cors_security_configuration_3f16f7ab.hurl b/cases/api_admin_webhooks_options_owasp_api8_cors_security_configuration_3f16f7ab.hurl new file mode 100644 index 0000000..82a359b --- /dev/null +++ b/cases/api_admin_webhooks_options_owasp_api8_cors_security_configuration_3f16f7ab.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/admin/webhooks — CORS security configuration ── +# case_id=TC-3f16f7ab +# case_name=[OWASP-API8] OPTIONS /api/admin/webhooks — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/admin/webhooks +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_admin_webhooks_post_auth_chain_f4c0b7fc.hurl b/cases/api_admin_webhooks_post_auth_chain_f4c0b7fc.hurl new file mode 100644 index 0000000..67c8c34 --- /dev/null +++ b/cases/api_admin_webhooks_post_auth_chain_f4c0b7fc.hurl @@ -0,0 +1,56 @@ +# ══════════════════════════════════════════════════ +# auth chain: POST /api/admin/webhooks +# case_id=TC-f4c0b7fc +# case_name=auth chain: POST /api/admin/webhooks +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── authenticate via POST /api/tokens [setup] ── +# step_id=step-auth +# step_type=setup +# title=authenticate via POST /api/tokens + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Jakob Jensen", + "scope": "write" +} +``` + +HTTP * + +[Captures] +authToken: jsonpath "$.token" + +[Asserts] +status < 300 + +# ── POST /api/admin/webhooks with auth token [test] ── +# step_id=step-test +# step_type=test +# title=POST /api/admin/webhooks with auth token +# depends_on=step-auth + +POST {{base_url}}/api/admin/webhooks +Authorization: Bearer {{authToken}} +Content-Type: application/json +```json +{ + "events": [ + "where" + ], + "name": "Lilla Henderson", + "providerType": "shirt", + "teamId": "1e74395d-96d5-4632-bff5-1db94dfc9c0c", + "url": "http://www.brandengage.info/out-of-the-box/end-to-end/engineer/visualize" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_webhooks_post_field_boundary_name_invalid_below_min_7b9e5b4d.hurl b/cases/api_admin_webhooks_post_field_boundary_name_invalid_below_min_7b9e5b4d.hurl new file mode 100644 index 0000000..6b0f892 --- /dev/null +++ b/cases/api_admin_webhooks_post_field_boundary_name_invalid_below_min_7b9e5b4d.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/webhooks - [field_boundary] name invalid_below_min ── +# case_id=TC-7b9e5b4d +# case_name=POST /api/admin/webhooks - [field_boundary] name invalid_below_min +# step_id=step-main +# step_type=test +# technique=field_boundary +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "regularly" + ], + "name": "", + "providerType": "pen", + "teamId": "8e786d80-b9b5-471b-8643-4dea8db9db45", + "url": "http://www.seniorb2b.io/webservices/repurpose/mindshare" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_post_field_boundary_name_valid_min_85b28596.hurl b/cases/api_admin_webhooks_post_field_boundary_name_valid_min_85b28596.hurl new file mode 100644 index 0000000..4d5c4b5 --- /dev/null +++ b/cases/api_admin_webhooks_post_field_boundary_name_valid_min_85b28596.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/webhooks - [field_boundary] name valid_min ── +# case_id=TC-85b28596 +# case_name=POST /api/admin/webhooks - [field_boundary] name valid_min +# step_id=step-main +# step_type=test +# technique=field_boundary +# priority=P1 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "that" + ], + "name": "a", + "providerType": "year", + "teamId": "2078e75e-ac88-4a37-93b9-0aad2a57623c", + "url": "http://www.principalinteractive.net/turn-key/redefine" +} +``` + +HTTP * + +[Asserts] +status >= 200 +status < 300 + diff --git a/cases/api_admin_webhooks_post_idempotent_second_call_must_be_safe_06e188f6.hurl b/cases/api_admin_webhooks_post_idempotent_second_call_must_be_safe_06e188f6.hurl new file mode 100644 index 0000000..747b854 --- /dev/null +++ b/cases/api_admin_webhooks_post_idempotent_second_call_must_be_safe_06e188f6.hurl @@ -0,0 +1,57 @@ +# ══════════════════════════════════════════════════ +# POST /api/admin/webhooks - idempotent: second call must be safe +# case_id=TC-06e188f6 +# case_name=POST /api/admin/webhooks - idempotent: second call must be safe +# case_kind=chain +# priority=P2 +# ══════════════════════════════════════════════════ + +# ── POST /api/admin/webhooks — first call [setup] ── +# step_id=step-setup +# step_type=setup +# title=POST /api/admin/webhooks — first call + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "now" + ], + "name": "Anya Wright", + "providerType": "yesterday", + "teamId": "cd7a7947-5e97-4e0c-bd41-40373e8f332b", + "url": "http://www.primaryaction-items.org/enhance/deploy/interfaces" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + +# ── POST /api/admin/webhooks — identical second call must be safe [test] ── +# step_id=step-test +# step_type=test +# title=POST /api/admin/webhooks — identical second call must be safe +# depends_on=step-setup + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "now" + ], + "name": "Anya Wright", + "providerType": "yesterday", + "teamId": "cd7a7947-5e97-4e0c-bd41-40373e8f332b", + "url": "http://www.primaryaction-items.org/enhance/deploy/interfaces" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_webhooks_post_invalid_events_empty_array_violates_minitems_1_41ef09da.hurl b/cases/api_admin_webhooks_post_invalid_events_empty_array_violates_minitems_1_41ef09da.hurl new file mode 100644 index 0000000..1f4eaa0 --- /dev/null +++ b/cases/api_admin_webhooks_post_invalid_events_empty_array_violates_minitems_1_41ef09da.hurl @@ -0,0 +1,22 @@ +# ── POST /api/admin/webhooks - invalid events: empty array violates minItems 1 ── +# case_id=TC-41ef09da +# case_name=POST /api/admin/webhooks - invalid events: empty array violates minItems 1 +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [], + "name": "Beulah Douglas", + "providerType": "his", + "teamId": "4c031d9f-941f-4af7-bf94-9bb5b7ae85a3", + "url": "https://www.investormethodologies.net/maximize" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_invalid_name_empty_string_violates_minlength_1_86292ddb.hurl b/cases/api_admin_webhooks_post_invalid_name_empty_string_violates_minlength_1_86292ddb.hurl new file mode 100644 index 0000000..c6397ec --- /dev/null +++ b/cases/api_admin_webhooks_post_invalid_name_empty_string_violates_minlength_1_86292ddb.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - invalid name: empty string violates minLength 1 ── +# case_id=TC-86292ddb +# case_name=POST /api/admin/webhooks - invalid name: empty string violates minLength 1 +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "as" + ], + "name": "", + "providerType": "his", + "teamId": "4c031d9f-941f-4af7-bf94-9bb5b7ae85a3", + "url": "https://www.investormethodologies.net/maximize" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_mass_assignment_financial_probe_241955ee.hurl b/cases/api_admin_webhooks_post_mass_assignment_financial_probe_241955ee.hurl new file mode 100644 index 0000000..7e83e2f --- /dev/null +++ b/cases/api_admin_webhooks_post_mass_assignment_financial_probe_241955ee.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/webhooks - [mass_assignment] financial probe ── +# case_id=TC-241955ee +# case_name=POST /api/admin/webhooks - [mass_assignment] financial probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "balance": 1, + "credits": 1, + "discount": 0, + "events": [ + "actor" + ], + "name": "Agustina McKenzie", + "price": 1, + "providerType": "eye", + "teamId": "304932c0-8102-4bb0-bd20-eb20fbf9ab2f", + "url": "http://www.vicemethodologies.com/virtual/metrics" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_mass_assignment_identity_probe_30b18c5f.hurl b/cases/api_admin_webhooks_post_mass_assignment_identity_probe_30b18c5f.hurl new file mode 100644 index 0000000..354f8fb --- /dev/null +++ b/cases/api_admin_webhooks_post_mass_assignment_identity_probe_30b18c5f.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/webhooks - [mass_assignment] identity probe ── +# case_id=TC-30b18c5f +# case_name=POST /api/admin/webhooks - [mass_assignment] identity probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "createdBy": "__probe__", + "events": [ + "actor" + ], + "name": "Agustina McKenzie", + "ownerId": "__probe__", + "providerType": "eye", + "teamId": "304932c0-8102-4bb0-bd20-eb20fbf9ab2f", + "url": "http://www.vicemethodologies.com/virtual/metrics", + "userId": "__probe__", + "user_id": "__probe__" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_mass_assignment_privilege_probe_f5c743f7.hurl b/cases/api_admin_webhooks_post_mass_assignment_privilege_probe_f5c743f7.hurl new file mode 100644 index 0000000..5dbd057 --- /dev/null +++ b/cases/api_admin_webhooks_post_mass_assignment_privilege_probe_f5c743f7.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/webhooks - [mass_assignment] privilege probe ── +# case_id=TC-f5c743f7 +# case_name=POST /api/admin/webhooks - [mass_assignment] privilege probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "admin": true, + "events": [ + "actor" + ], + "isAdmin": true, + "is_admin": true, + "name": "Agustina McKenzie", + "providerType": "eye", + "role": "__probe__", + "teamId": "304932c0-8102-4bb0-bd20-eb20fbf9ab2f", + "url": "http://www.vicemethodologies.com/virtual/metrics" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_mass_assignment_status_probe_33b56375.hurl b/cases/api_admin_webhooks_post_mass_assignment_status_probe_33b56375.hurl new file mode 100644 index 0000000..bccec2b --- /dev/null +++ b/cases/api_admin_webhooks_post_mass_assignment_status_probe_33b56375.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/webhooks - [mass_assignment] status probe ── +# case_id=TC-33b56375 +# case_name=POST /api/admin/webhooks - [mass_assignment] status probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "approved": true, + "banned": false, + "disabled": false, + "events": [ + "actor" + ], + "name": "Agustina McKenzie", + "providerType": "eye", + "teamId": "304932c0-8102-4bb0-bd20-eb20fbf9ab2f", + "url": "http://www.vicemethodologies.com/virtual/metrics", + "verified": true +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_missing_required_field_events_d6a5b0c7.hurl b/cases/api_admin_webhooks_post_missing_required_field_events_d6a5b0c7.hurl new file mode 100644 index 0000000..b3afd7d --- /dev/null +++ b/cases/api_admin_webhooks_post_missing_required_field_events_d6a5b0c7.hurl @@ -0,0 +1,21 @@ +# ── POST /api/admin/webhooks - missing required field "events" ── +# case_id=TC-d6a5b0c7 +# case_name=POST /api/admin/webhooks - missing required field "events" +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P1 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "name": "Rebecca Mann", + "providerType": "painter", + "teamId": "1485872f-38ec-4ac0-88b9-3d10f551b3a4", + "url": "https://www.chiefsyndicate.biz/utilize/deliverables/innovate/transition" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_missing_required_field_events_dfcc1c56.hurl b/cases/api_admin_webhooks_post_missing_required_field_events_dfcc1c56.hurl new file mode 100644 index 0000000..9cefb59 --- /dev/null +++ b/cases/api_admin_webhooks_post_missing_required_field_events_dfcc1c56.hurl @@ -0,0 +1,21 @@ +# ── POST /api/admin/webhooks - missing required field "events" ── +# case_id=TC-dfcc1c56 +# case_name=POST /api/admin/webhooks - missing required field "events" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "name": "Beulah Douglas", + "providerType": "his", + "teamId": "4c031d9f-941f-4af7-bf94-9bb5b7ae85a3", + "url": "https://www.investormethodologies.net/maximize" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_missing_required_field_name_45423b82.hurl b/cases/api_admin_webhooks_post_missing_required_field_name_45423b82.hurl new file mode 100644 index 0000000..fd89229 --- /dev/null +++ b/cases/api_admin_webhooks_post_missing_required_field_name_45423b82.hurl @@ -0,0 +1,23 @@ +# ── POST /api/admin/webhooks - missing required field "name" ── +# case_id=TC-45423b82 +# case_name=POST /api/admin/webhooks - missing required field "name" +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P1 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "Plutonian" + ], + "providerType": "choir", + "teamId": "5289bf89-a443-44f7-a319-2a66891988ac", + "url": "https://www.humandeploy.io/magnetic/roi/maximize/embrace" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_missing_required_field_name_6c83435b.hurl b/cases/api_admin_webhooks_post_missing_required_field_name_6c83435b.hurl new file mode 100644 index 0000000..35236ec --- /dev/null +++ b/cases/api_admin_webhooks_post_missing_required_field_name_6c83435b.hurl @@ -0,0 +1,23 @@ +# ── POST /api/admin/webhooks - missing required field "name" ── +# case_id=TC-6c83435b +# case_name=POST /api/admin/webhooks - missing required field "name" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "as" + ], + "providerType": "his", + "teamId": "4c031d9f-941f-4af7-bf94-9bb5b7ae85a3", + "url": "https://www.investormethodologies.net/maximize" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_missing_required_field_url_6ed0d9f4.hurl b/cases/api_admin_webhooks_post_missing_required_field_url_6ed0d9f4.hurl new file mode 100644 index 0000000..ae0d31d --- /dev/null +++ b/cases/api_admin_webhooks_post_missing_required_field_url_6ed0d9f4.hurl @@ -0,0 +1,23 @@ +# ── POST /api/admin/webhooks - missing required field "url" ── +# case_id=TC-6ed0d9f4 +# case_name=POST /api/admin/webhooks - missing required field "url" +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P1 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "the" + ], + "name": "Carey Jimenez", + "providerType": "hourly", + "teamId": "68326c3d-2def-4030-9c4f-dfcb153eda58" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_missing_required_field_url_f322285b.hurl b/cases/api_admin_webhooks_post_missing_required_field_url_f322285b.hurl new file mode 100644 index 0000000..9f0f435 --- /dev/null +++ b/cases/api_admin_webhooks_post_missing_required_field_url_f322285b.hurl @@ -0,0 +1,23 @@ +# ── POST /api/admin/webhooks - missing required field "url" ── +# case_id=TC-f322285b +# case_name=POST /api/admin/webhooks - missing required field "url" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "as" + ], + "name": "Beulah Douglas", + "providerType": "his", + "teamId": "4c031d9f-941f-4af7-bf94-9bb5b7ae85a3" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_mutation_events_null_value_2c34fbf1.hurl b/cases/api_admin_webhooks_post_mutation_events_null_value_2c34fbf1.hurl new file mode 100644 index 0000000..4ea416a --- /dev/null +++ b/cases/api_admin_webhooks_post_mutation_events_null_value_2c34fbf1.hurl @@ -0,0 +1,26 @@ +# ── POST /api/admin/webhooks - mutation: events null value ── +# case_id=TC-2c34fbf1 +# case_name=POST /api/admin/webhooks - mutation: events null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": null, + "name": "Javier Bogan", + "providerType": "regiment", + "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", + "url": "http://www.groupembrace.net/engage/best-of-breed/scale" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_post_mutation_events_object_instead_of_array_4a653004.hurl b/cases/api_admin_webhooks_post_mutation_events_object_instead_of_array_4a653004.hurl new file mode 100644 index 0000000..9c9a8ed --- /dev/null +++ b/cases/api_admin_webhooks_post_mutation_events_object_instead_of_array_4a653004.hurl @@ -0,0 +1,26 @@ +# ── POST /api/admin/webhooks - mutation: events object instead of array ── +# case_id=TC-4a653004 +# case_name=POST /api/admin/webhooks - mutation: events object instead of array +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": {}, + "name": "Javier Bogan", + "providerType": "regiment", + "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", + "url": "http://www.groupembrace.net/engage/best-of-breed/scale" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_post_mutation_events_string_instead_of_array_19783d1d.hurl b/cases/api_admin_webhooks_post_mutation_events_string_instead_of_array_19783d1d.hurl new file mode 100644 index 0000000..9d4c2e9 --- /dev/null +++ b/cases/api_admin_webhooks_post_mutation_events_string_instead_of_array_19783d1d.hurl @@ -0,0 +1,26 @@ +# ── POST /api/admin/webhooks - mutation: events string instead of array ── +# case_id=TC-19783d1d +# case_name=POST /api/admin/webhooks - mutation: events string instead of array +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": "not-an-array", + "name": "Javier Bogan", + "providerType": "regiment", + "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", + "url": "http://www.groupembrace.net/engage/best-of-breed/scale" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_post_mutation_name_empty_string_f615d2a9.hurl b/cases/api_admin_webhooks_post_mutation_name_empty_string_f615d2a9.hurl new file mode 100644 index 0000000..eac93ce --- /dev/null +++ b/cases/api_admin_webhooks_post_mutation_name_empty_string_f615d2a9.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/webhooks - mutation: name empty string ── +# case_id=TC-f615d2a9 +# case_name=POST /api/admin/webhooks - mutation: name empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "this" + ], + "name": "", + "providerType": "regiment", + "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", + "url": "http://www.groupembrace.net/engage/best-of-breed/scale" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_post_mutation_name_integer_instead_of_string_cf6c122c.hurl b/cases/api_admin_webhooks_post_mutation_name_integer_instead_of_string_cf6c122c.hurl new file mode 100644 index 0000000..e9d2c6d --- /dev/null +++ b/cases/api_admin_webhooks_post_mutation_name_integer_instead_of_string_cf6c122c.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/webhooks - mutation: name integer instead of string ── +# case_id=TC-cf6c122c +# case_name=POST /api/admin/webhooks - mutation: name integer instead of string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "this" + ], + "name": 12345, + "providerType": "regiment", + "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", + "url": "http://www.groupembrace.net/engage/best-of-breed/scale" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_post_mutation_name_null_value_b75000cd.hurl b/cases/api_admin_webhooks_post_mutation_name_null_value_b75000cd.hurl new file mode 100644 index 0000000..2a0b0c1 --- /dev/null +++ b/cases/api_admin_webhooks_post_mutation_name_null_value_b75000cd.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/webhooks - mutation: name null value ── +# case_id=TC-b75000cd +# case_name=POST /api/admin/webhooks - mutation: name null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "this" + ], + "name": null, + "providerType": "regiment", + "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", + "url": "http://www.groupembrace.net/engage/best-of-breed/scale" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_post_mutation_name_oversized_string_300_chars_5be879ce.hurl b/cases/api_admin_webhooks_post_mutation_name_oversized_string_300_chars_5be879ce.hurl new file mode 100644 index 0000000..d6f62c0 --- /dev/null +++ b/cases/api_admin_webhooks_post_mutation_name_oversized_string_300_chars_5be879ce.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/webhooks - mutation: name oversized string (300 chars) ── +# case_id=TC-5be879ce +# case_name=POST /api/admin/webhooks - mutation: name oversized string (300 chars) +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "this" + ], + "name": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "providerType": "regiment", + "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", + "url": "http://www.groupembrace.net/engage/best-of-breed/scale" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_post_mutation_providertype_empty_string_9b991c26.hurl b/cases/api_admin_webhooks_post_mutation_providertype_empty_string_9b991c26.hurl new file mode 100644 index 0000000..dfab187 --- /dev/null +++ b/cases/api_admin_webhooks_post_mutation_providertype_empty_string_9b991c26.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/webhooks - mutation: providerType empty string ── +# case_id=TC-9b991c26 +# case_name=POST /api/admin/webhooks - mutation: providerType empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "this" + ], + "name": "Javier Bogan", + "providerType": "", + "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", + "url": "http://www.groupembrace.net/engage/best-of-breed/scale" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_post_mutation_providertype_integer_instead_of_string_83e13d1b.hurl b/cases/api_admin_webhooks_post_mutation_providertype_integer_instead_of_string_83e13d1b.hurl new file mode 100644 index 0000000..b98f14c --- /dev/null +++ b/cases/api_admin_webhooks_post_mutation_providertype_integer_instead_of_string_83e13d1b.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/webhooks - mutation: providerType integer instead of string ── +# case_id=TC-83e13d1b +# case_name=POST /api/admin/webhooks - mutation: providerType integer instead of string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "this" + ], + "name": "Javier Bogan", + "providerType": 12345, + "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", + "url": "http://www.groupembrace.net/engage/best-of-breed/scale" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_post_mutation_providertype_null_value_595d67fc.hurl b/cases/api_admin_webhooks_post_mutation_providertype_null_value_595d67fc.hurl new file mode 100644 index 0000000..dd078c8 --- /dev/null +++ b/cases/api_admin_webhooks_post_mutation_providertype_null_value_595d67fc.hurl @@ -0,0 +1,28 @@ +# ── POST /api/admin/webhooks - mutation: providerType null value ── +# case_id=TC-595d67fc +# case_name=POST /api/admin/webhooks - mutation: providerType null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "this" + ], + "name": "Javier Bogan", + "providerType": null, + "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", + "url": "http://www.groupembrace.net/engage/best-of-breed/scale" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_post_name_at_max_plus_one_invalid_boundary_94214268.hurl b/cases/api_admin_webhooks_post_name_at_max_plus_one_invalid_boundary_94214268.hurl new file mode 100644 index 0000000..23ead34 --- /dev/null +++ b/cases/api_admin_webhooks_post_name_at_max_plus_one_invalid_boundary_94214268.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - name at max_plus_one_invalid boundary ── +# case_id=TC-94214268 +# case_name=POST /api/admin/webhooks - name at max_plus_one_invalid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "these" + ], + "name": "IOYvYIBkAQYqFIqDJMZycrqRFIVCjZIMbSjDHSMaqySSJJGZbEevnwNUYIPXWkWwHWoWMoAdnxnBkAPWCFrpnBgxDdlsucOVjhDdRObECkUodPRyLJNwwstZUaRwXafrnWjLfrJjRGEeTNKnkRrBzcspeyWjjpHjsLvGfcgxXrgoqgfZptELkyLFdklDpBUEtlqfaHPyFoMWMGjhbPWSrFIuUhQHvQOZmItpXjLrWGQNFNXHxaZDTmDNLFhUJSOO", + "providerType": "infrequently", + "teamId": "4a6f39f6-5059-431c-b5eb-9711769c6023", + "url": "http://www.juniorexpedite.com/partnerships" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_name_at_max_valid_boundary_d8fb6781.hurl b/cases/api_admin_webhooks_post_name_at_max_valid_boundary_d8fb6781.hurl new file mode 100644 index 0000000..79eac96 --- /dev/null +++ b/cases/api_admin_webhooks_post_name_at_max_valid_boundary_d8fb6781.hurl @@ -0,0 +1,27 @@ +# ── POST /api/admin/webhooks - name at max_valid boundary ── +# case_id=TC-d8fb6781 +# case_name=POST /api/admin/webhooks - name at max_valid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P1 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "these" + ], + "name": "SncWFCUvZpQFNFdrRgNJvYbFANxRmLnQRwBDZqHrTHNxToOSzvIyMmzYXYNlTmqxqecveYPPJkHsbPGoaolHtERzLSSWSCxHgCRyXtiMrbXGLHWZPsGbytTNsOuzeJeHwrLudLzbVBdbBDdVDJAEXLewLKAlJsnbYaiuzbPulctRaehbdWqhpaxcUFmpSCgDEsQEUPqkVaYFLwaCaeKPlKLmHypHEUNlnmuYwzseXfFSYIVfMKOFtwTgnGGRbhK", + "providerType": "infrequently", + "teamId": "4a6f39f6-5059-431c-b5eb-9711769c6023", + "url": "http://www.juniorexpedite.com/partnerships" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_webhooks_post_name_at_min_minus_one_invalid_boundary_5b4327aa.hurl b/cases/api_admin_webhooks_post_name_at_min_minus_one_invalid_boundary_5b4327aa.hurl new file mode 100644 index 0000000..ea39ab4 --- /dev/null +++ b/cases/api_admin_webhooks_post_name_at_min_minus_one_invalid_boundary_5b4327aa.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - name at min_minus_one_invalid boundary ── +# case_id=TC-5b4327aa +# case_name=POST /api/admin/webhooks - name at min_minus_one_invalid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "these" + ], + "name": "b", + "providerType": "infrequently", + "teamId": "4a6f39f6-5059-431c-b5eb-9711769c6023", + "url": "http://www.juniorexpedite.com/partnerships" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_name_at_min_valid_boundary_72f21135.hurl b/cases/api_admin_webhooks_post_name_at_min_valid_boundary_72f21135.hurl new file mode 100644 index 0000000..7236816 --- /dev/null +++ b/cases/api_admin_webhooks_post_name_at_min_valid_boundary_72f21135.hurl @@ -0,0 +1,27 @@ +# ── POST /api/admin/webhooks - name at min_valid boundary ── +# case_id=TC-72f21135 +# case_name=POST /api/admin/webhooks - name at min_valid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P1 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "these" + ], + "name": "u", + "providerType": "infrequently", + "teamId": "4a6f39f6-5059-431c-b5eb-9711769c6023", + "url": "http://www.juniorexpedite.com/partnerships" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_admin_webhooks_post_null_injection_events_35254559.hurl b/cases/api_admin_webhooks_post_null_injection_events_35254559.hurl new file mode 100644 index 0000000..46a80b8 --- /dev/null +++ b/cases/api_admin_webhooks_post_null_injection_events_35254559.hurl @@ -0,0 +1,22 @@ +# ── POST /api/admin/webhooks - null injection: events ── +# case_id=TC-35254559 +# case_name=POST /api/admin/webhooks - null injection: events +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": null, + "name": "Tanner Gardner", + "providerType": "patiently", + "teamId": "19ccbd87-5161-4a81-beda-3e6a1d5aa25e", + "url": "https://www.seniorsynergies.info/one-to-one" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_null_injection_name_169dbf8c.hurl b/cases/api_admin_webhooks_post_null_injection_name_169dbf8c.hurl new file mode 100644 index 0000000..c04cfdf --- /dev/null +++ b/cases/api_admin_webhooks_post_null_injection_name_169dbf8c.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - null injection: name ── +# case_id=TC-169dbf8c +# case_name=POST /api/admin/webhooks - null injection: name +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "from" + ], + "name": null, + "providerType": "patiently", + "teamId": "19ccbd87-5161-4a81-beda-3e6a1d5aa25e", + "url": "https://www.seniorsynergies.info/one-to-one" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_null_injection_providertype_d40094c4.hurl b/cases/api_admin_webhooks_post_null_injection_providertype_d40094c4.hurl new file mode 100644 index 0000000..0cac38e --- /dev/null +++ b/cases/api_admin_webhooks_post_null_injection_providertype_d40094c4.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - null injection: providerType ── +# case_id=TC-d40094c4 +# case_name=POST /api/admin/webhooks - null injection: providerType +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "from" + ], + "name": "Tanner Gardner", + "providerType": null, + "teamId": "19ccbd87-5161-4a81-beda-3e6a1d5aa25e", + "url": "https://www.seniorsynergies.info/one-to-one" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_null_injection_teamid_4f42ea82.hurl b/cases/api_admin_webhooks_post_null_injection_teamid_4f42ea82.hurl new file mode 100644 index 0000000..aa8ce76 --- /dev/null +++ b/cases/api_admin_webhooks_post_null_injection_teamid_4f42ea82.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - null injection: teamId ── +# case_id=TC-4f42ea82 +# case_name=POST /api/admin/webhooks - null injection: teamId +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "from" + ], + "name": "Tanner Gardner", + "providerType": "patiently", + "teamId": null, + "url": "https://www.seniorsynergies.info/one-to-one" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_null_injection_url_52359f32.hurl b/cases/api_admin_webhooks_post_null_injection_url_52359f32.hurl new file mode 100644 index 0000000..89eda70 --- /dev/null +++ b/cases/api_admin_webhooks_post_null_injection_url_52359f32.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - null injection: url ── +# case_id=TC-52359f32 +# case_name=POST /api/admin/webhooks - null injection: url +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "from" + ], + "name": "Tanner Gardner", + "providerType": "patiently", + "teamId": "19ccbd87-5161-4a81-beda-3e6a1d5aa25e", + "url": null +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_owasp_api10_ssrf_fa3b21f3.hurl b/cases/api_admin_webhooks_post_owasp_api10_ssrf_fa3b21f3.hurl new file mode 100644 index 0000000..bf4ab94 --- /dev/null +++ b/cases/api_admin_webhooks_post_owasp_api10_ssrf_fa3b21f3.hurl @@ -0,0 +1,18 @@ +# ── [OWASP-API10] POST /api/admin/webhooks — SSRF ── +# case_id=TC-fa3b21f3 +# case_name=[OWASP-API10] POST /api/admin/webhooks — SSRF +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "url": "http://127.0.0.1" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_owasp_api2_broken_authentication_f690ca7e.hurl b/cases/api_admin_webhooks_post_owasp_api2_broken_authentication_f690ca7e.hurl new file mode 100644 index 0000000..0cbff48 --- /dev/null +++ b/cases/api_admin_webhooks_post_owasp_api2_broken_authentication_f690ca7e.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] POST /api/admin/webhooks — broken authentication ── +# case_id=TC-f690ca7e +# case_name=[OWASP-API2] POST /api/admin/webhooks — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/webhooks + +HTTP 401 + diff --git a/cases/api_admin_webhooks_post_owasp_api5_function_level_authorization_missing_d8d5bdac.hurl b/cases/api_admin_webhooks_post_owasp_api5_function_level_authorization_missing_d8d5bdac.hurl new file mode 100644 index 0000000..e3c1838 --- /dev/null +++ b/cases/api_admin_webhooks_post_owasp_api5_function_level_authorization_missing_d8d5bdac.hurl @@ -0,0 +1,13 @@ +# ── [OWASP-API5] POST /api/admin/webhooks — function-level authorization missing ── +# case_id=TC-d8d5bdac +# case_name=[OWASP-API5] POST /api/admin/webhooks — function-level authorization missing +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +POST {{base_url}}/api/admin/webhooks +Authorization: Bearer {{user_token}} + +HTTP 403 + diff --git a/cases/api_admin_webhooks_post_owasp_api6_mass_assignment_1b59ba48.hurl b/cases/api_admin_webhooks_post_owasp_api6_mass_assignment_1b59ba48.hurl new file mode 100644 index 0000000..aab94d6 --- /dev/null +++ b/cases/api_admin_webhooks_post_owasp_api6_mass_assignment_1b59ba48.hurl @@ -0,0 +1,32 @@ +# ── [OWASP-API6] POST /api/admin/webhooks — mass assignment ── +# case_id=TC-1b59ba48 +# case_name=[OWASP-API6] POST /api/admin/webhooks — mass assignment +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "createdAt": "2000-01-01T00:00:00Z", + "events": [ + "Lebanese" + ], + "id": 99999, + "name": "Rowan Bartell", + "providerType": "Polish", + "teamId": "5bfa6b50-a743-4866-b2b2-f649decc8c37", + "updatedAt": "2000-01-01T00:00:00Z", + "url": "https://www.regionalfacilitate.com/users/intuitive" +} +``` + +HTTP 201 + +[Asserts] +jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" +jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" +jsonpath "$.id" != 99999 + diff --git a/cases/api_admin_webhooks_post_owasp_api7_injection_path_traversal_a39cab42.hurl b/cases/api_admin_webhooks_post_owasp_api7_injection_path_traversal_a39cab42.hurl new file mode 100644 index 0000000..97640f0 --- /dev/null +++ b/cases/api_admin_webhooks_post_owasp_api7_injection_path_traversal_a39cab42.hurl @@ -0,0 +1,18 @@ +# ── [OWASP-API7] POST /api/admin/webhooks — injection (path-traversal) ── +# case_id=TC-a39cab42 +# case_name=[OWASP-API7] POST /api/admin/webhooks — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "providerType": "../../../etc/passwd" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_owasp_api7_injection_sqli_03accab7.hurl b/cases/api_admin_webhooks_post_owasp_api7_injection_sqli_03accab7.hurl new file mode 100644 index 0000000..5708b9a --- /dev/null +++ b/cases/api_admin_webhooks_post_owasp_api7_injection_sqli_03accab7.hurl @@ -0,0 +1,18 @@ +# ── [OWASP-API7] POST /api/admin/webhooks — injection (sqli) ── +# case_id=TC-03accab7 +# case_name=[OWASP-API7] POST /api/admin/webhooks — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "providerType": "' OR 1=1--" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_owasp_api7_injection_xss_a1a1e257.hurl b/cases/api_admin_webhooks_post_owasp_api7_injection_xss_a1a1e257.hurl new file mode 100644 index 0000000..c2337d8 --- /dev/null +++ b/cases/api_admin_webhooks_post_owasp_api7_injection_xss_a1a1e257.hurl @@ -0,0 +1,18 @@ +# ── [OWASP-API7] POST /api/admin/webhooks — injection (xss) ── +# case_id=TC-a1a1e257 +# case_name=[OWASP-API7] POST /api/admin/webhooks — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "providerType": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_required_omission_events_absent_09946d4c.hurl b/cases/api_admin_webhooks_post_required_omission_events_absent_09946d4c.hurl new file mode 100644 index 0000000..a3fd8f9 --- /dev/null +++ b/cases/api_admin_webhooks_post_required_omission_events_absent_09946d4c.hurl @@ -0,0 +1,25 @@ +# ── POST /api/admin/webhooks - [required_omission] events absent ── +# case_id=TC-09946d4c +# case_name=POST /api/admin/webhooks - [required_omission] events absent +# step_id=step-main +# step_type=test +# technique=required_omission +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "name": "Molly Hudson", + "providerType": "next", + "teamId": "6c927896-300a-4cc9-a530-93b2a15d5633", + "url": "http://www.humanusers.name/engage" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_post_required_omission_name_absent_d0373487.hurl b/cases/api_admin_webhooks_post_required_omission_name_absent_d0373487.hurl new file mode 100644 index 0000000..b8ae1db --- /dev/null +++ b/cases/api_admin_webhooks_post_required_omission_name_absent_d0373487.hurl @@ -0,0 +1,27 @@ +# ── POST /api/admin/webhooks - [required_omission] name absent ── +# case_id=TC-d0373487 +# case_name=POST /api/admin/webhooks - [required_omission] name absent +# step_id=step-main +# step_type=test +# technique=required_omission +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "it" + ], + "providerType": "few", + "teamId": "949cf797-62f1-45ef-9b37-71379d7223ec", + "url": "http://www.regionalproactive.io/scalable" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_post_required_omission_url_absent_6d3bc221.hurl b/cases/api_admin_webhooks_post_required_omission_url_absent_6d3bc221.hurl new file mode 100644 index 0000000..3caf7a0 --- /dev/null +++ b/cases/api_admin_webhooks_post_required_omission_url_absent_6d3bc221.hurl @@ -0,0 +1,27 @@ +# ── POST /api/admin/webhooks - [required_omission] url absent ── +# case_id=TC-6d3bc221 +# case_name=POST /api/admin/webhooks - [required_omission] url absent +# step_id=step-main +# step_type=test +# technique=required_omission +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "last" + ], + "name": "Alvina Powell", + "providerType": "itself", + "teamId": "3652daaf-fcaf-461d-97f6-ccc7da39f569" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_admin_webhooks_post_schema_violation_events_missing_required_e4df148d.hurl b/cases/api_admin_webhooks_post_schema_violation_events_missing_required_e4df148d.hurl new file mode 100644 index 0000000..607ad59 --- /dev/null +++ b/cases/api_admin_webhooks_post_schema_violation_events_missing_required_e4df148d.hurl @@ -0,0 +1,21 @@ +# ── POST /api/admin/webhooks - [schema_violation] events_missing_required ── +# case_id=TC-e4df148d +# case_name=POST /api/admin/webhooks - [schema_violation] events_missing_required +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "name": "Raphael Davies", + "providerType": "me", + "teamId": "8afc12a7-a242-4e1f-b05b-4ade3fb01c0f", + "url": "https://www.legacyincubate.io/seize" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_schema_violation_events_too_few_items_a0bdf58b.hurl b/cases/api_admin_webhooks_post_schema_violation_events_too_few_items_a0bdf58b.hurl new file mode 100644 index 0000000..7821270 --- /dev/null +++ b/cases/api_admin_webhooks_post_schema_violation_events_too_few_items_a0bdf58b.hurl @@ -0,0 +1,22 @@ +# ── POST /api/admin/webhooks - [schema_violation] events_too_few_items ── +# case_id=TC-a0bdf58b +# case_name=POST /api/admin/webhooks - [schema_violation] events_too_few_items +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [], + "name": "Raphael Davies", + "providerType": "me", + "teamId": "8afc12a7-a242-4e1f-b05b-4ade3fb01c0f", + "url": "https://www.legacyincubate.io/seize" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_schema_violation_name_missing_required_7b8cab12.hurl b/cases/api_admin_webhooks_post_schema_violation_name_missing_required_7b8cab12.hurl new file mode 100644 index 0000000..cc5dcb0 --- /dev/null +++ b/cases/api_admin_webhooks_post_schema_violation_name_missing_required_7b8cab12.hurl @@ -0,0 +1,23 @@ +# ── POST /api/admin/webhooks - [schema_violation] name_missing_required ── +# case_id=TC-7b8cab12 +# case_name=POST /api/admin/webhooks - [schema_violation] name_missing_required +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "hundred" + ], + "providerType": "me", + "teamId": "8afc12a7-a242-4e1f-b05b-4ade3fb01c0f", + "url": "https://www.legacyincubate.io/seize" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_schema_violation_name_too_short_b49ea6fa.hurl b/cases/api_admin_webhooks_post_schema_violation_name_too_short_b49ea6fa.hurl new file mode 100644 index 0000000..4e390e5 --- /dev/null +++ b/cases/api_admin_webhooks_post_schema_violation_name_too_short_b49ea6fa.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [schema_violation] name_too_short ── +# case_id=TC-b49ea6fa +# case_name=POST /api/admin/webhooks - [schema_violation] name_too_short +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "hundred" + ], + "name": "", + "providerType": "me", + "teamId": "8afc12a7-a242-4e1f-b05b-4ade3fb01c0f", + "url": "https://www.legacyincubate.io/seize" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_schema_violation_url_missing_required_4d32f3c3.hurl b/cases/api_admin_webhooks_post_schema_violation_url_missing_required_4d32f3c3.hurl new file mode 100644 index 0000000..4d72a21 --- /dev/null +++ b/cases/api_admin_webhooks_post_schema_violation_url_missing_required_4d32f3c3.hurl @@ -0,0 +1,23 @@ +# ── POST /api/admin/webhooks - [schema_violation] url_missing_required ── +# case_id=TC-4d32f3c3 +# case_name=POST /api/admin/webhooks - [schema_violation] url_missing_required +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "hundred" + ], + "name": "Raphael Davies", + "providerType": "me", + "teamId": "8afc12a7-a242-4e1f-b05b-4ade3fb01c0f" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_type_coercion_events_wrong_type_string_07b6f191.hurl b/cases/api_admin_webhooks_post_type_coercion_events_wrong_type_string_07b6f191.hurl new file mode 100644 index 0000000..dda8c17 --- /dev/null +++ b/cases/api_admin_webhooks_post_type_coercion_events_wrong_type_string_07b6f191.hurl @@ -0,0 +1,22 @@ +# ── POST /api/admin/webhooks - [type_coercion] events wrong_type_string ── +# case_id=TC-07b6f191 +# case_name=POST /api/admin/webhooks - [type_coercion] events wrong_type_string +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": "not_an_array", + "name": "Horace Evans", + "providerType": "impress", + "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", + "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_type_coercion_name_wrong_type_boolean_49b71fc3.hurl b/cases/api_admin_webhooks_post_type_coercion_name_wrong_type_boolean_49b71fc3.hurl new file mode 100644 index 0000000..9724cfb --- /dev/null +++ b/cases/api_admin_webhooks_post_type_coercion_name_wrong_type_boolean_49b71fc3.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [type_coercion] name wrong_type_boolean ── +# case_id=TC-49b71fc3 +# case_name=POST /api/admin/webhooks - [type_coercion] name wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "improvised" + ], + "name": true, + "providerType": "impress", + "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", + "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_type_coercion_name_wrong_type_integer_39c60504.hurl b/cases/api_admin_webhooks_post_type_coercion_name_wrong_type_integer_39c60504.hurl new file mode 100644 index 0000000..44eb462 --- /dev/null +++ b/cases/api_admin_webhooks_post_type_coercion_name_wrong_type_integer_39c60504.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [type_coercion] name wrong_type_integer ── +# case_id=TC-39c60504 +# case_name=POST /api/admin/webhooks - [type_coercion] name wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "improvised" + ], + "name": 123, + "providerType": "impress", + "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", + "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_type_coercion_providertype_wrong_type_boolean_2f2c0975.hurl b/cases/api_admin_webhooks_post_type_coercion_providertype_wrong_type_boolean_2f2c0975.hurl new file mode 100644 index 0000000..af3c4a9 --- /dev/null +++ b/cases/api_admin_webhooks_post_type_coercion_providertype_wrong_type_boolean_2f2c0975.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [type_coercion] providerType wrong_type_boolean ── +# case_id=TC-2f2c0975 +# case_name=POST /api/admin/webhooks - [type_coercion] providerType wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "improvised" + ], + "name": "Horace Evans", + "providerType": true, + "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", + "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_type_coercion_providertype_wrong_type_integer_e227c019.hurl b/cases/api_admin_webhooks_post_type_coercion_providertype_wrong_type_integer_e227c019.hurl new file mode 100644 index 0000000..2aef96e --- /dev/null +++ b/cases/api_admin_webhooks_post_type_coercion_providertype_wrong_type_integer_e227c019.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [type_coercion] providerType wrong_type_integer ── +# case_id=TC-e227c019 +# case_name=POST /api/admin/webhooks - [type_coercion] providerType wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "improvised" + ], + "name": "Horace Evans", + "providerType": 123, + "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", + "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_type_coercion_teamid_wrong_type_boolean_b27447cc.hurl b/cases/api_admin_webhooks_post_type_coercion_teamid_wrong_type_boolean_b27447cc.hurl new file mode 100644 index 0000000..8aba387 --- /dev/null +++ b/cases/api_admin_webhooks_post_type_coercion_teamid_wrong_type_boolean_b27447cc.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [type_coercion] teamId wrong_type_boolean ── +# case_id=TC-b27447cc +# case_name=POST /api/admin/webhooks - [type_coercion] teamId wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "improvised" + ], + "name": "Horace Evans", + "providerType": "impress", + "teamId": true, + "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_type_coercion_teamid_wrong_type_integer_5db01d88.hurl b/cases/api_admin_webhooks_post_type_coercion_teamid_wrong_type_integer_5db01d88.hurl new file mode 100644 index 0000000..61a053c --- /dev/null +++ b/cases/api_admin_webhooks_post_type_coercion_teamid_wrong_type_integer_5db01d88.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [type_coercion] teamId wrong_type_integer ── +# case_id=TC-5db01d88 +# case_name=POST /api/admin/webhooks - [type_coercion] teamId wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "improvised" + ], + "name": "Horace Evans", + "providerType": "impress", + "teamId": 123, + "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_type_coercion_url_wrong_type_boolean_2d482d43.hurl b/cases/api_admin_webhooks_post_type_coercion_url_wrong_type_boolean_2d482d43.hurl new file mode 100644 index 0000000..60ff278 --- /dev/null +++ b/cases/api_admin_webhooks_post_type_coercion_url_wrong_type_boolean_2d482d43.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [type_coercion] url wrong_type_boolean ── +# case_id=TC-2d482d43 +# case_name=POST /api/admin/webhooks - [type_coercion] url wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "improvised" + ], + "name": "Horace Evans", + "providerType": "impress", + "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", + "url": true +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_type_coercion_url_wrong_type_integer_ea2aab8e.hurl b/cases/api_admin_webhooks_post_type_coercion_url_wrong_type_integer_ea2aab8e.hurl new file mode 100644 index 0000000..0f98ad7 --- /dev/null +++ b/cases/api_admin_webhooks_post_type_coercion_url_wrong_type_integer_ea2aab8e.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [type_coercion] url wrong_type_integer ── +# case_id=TC-ea2aab8e +# case_name=POST /api/admin/webhooks - [type_coercion] url wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "improvised" + ], + "name": "Horace Evans", + "providerType": "impress", + "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", + "url": 123 +} +``` + +HTTP 422 + diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_name_bidi_override_07e9eae2.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_name_bidi_override_07e9eae2.hurl new file mode 100644 index 0000000..6bed958 --- /dev/null +++ b/cases/api_admin_webhooks_post_unicode_fuzzing_name_bidi_override_07e9eae2.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [unicode_fuzzing] name bidi_override ── +# case_id=TC-07e9eae2 +# case_name=POST /api/admin/webhooks - [unicode_fuzzing] name bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "you" + ], + "name": "‮hello", + "providerType": "anyway", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_name_control_char_5943393b.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_name_control_char_5943393b.hurl new file mode 100644 index 0000000..d1ecd5b --- /dev/null +++ b/cases/api_admin_webhooks_post_unicode_fuzzing_name_control_char_5943393b.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [unicode_fuzzing] name control_char ── +# case_id=TC-5943393b +# case_name=POST /api/admin/webhooks - [unicode_fuzzing] name control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "you" + ], + "name": "hello\u0000world", + "providerType": "anyway", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_name_overlong_bee28f66.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_name_overlong_bee28f66.hurl new file mode 100644 index 0000000..d93f666 --- /dev/null +++ b/cases/api_admin_webhooks_post_unicode_fuzzing_name_overlong_bee28f66.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [unicode_fuzzing] name overlong ── +# case_id=TC-bee28f66 +# case_name=POST /api/admin/webhooks - [unicode_fuzzing] name overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "you" + ], + "name": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "providerType": "anyway", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_name_zalgo_a7f8f480.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_name_zalgo_a7f8f480.hurl new file mode 100644 index 0000000..5ad751d --- /dev/null +++ b/cases/api_admin_webhooks_post_unicode_fuzzing_name_zalgo_a7f8f480.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [unicode_fuzzing] name zalgo ── +# case_id=TC-a7f8f480 +# case_name=POST /api/admin/webhooks - [unicode_fuzzing] name zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "you" + ], + "name": "z̀́̂̃̄̅̆̇a", + "providerType": "anyway", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_name_zero_width_2a6bf0cb.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_name_zero_width_2a6bf0cb.hurl new file mode 100644 index 0000000..27c7d64 --- /dev/null +++ b/cases/api_admin_webhooks_post_unicode_fuzzing_name_zero_width_2a6bf0cb.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [unicode_fuzzing] name zero_width ── +# case_id=TC-2a6bf0cb +# case_name=POST /api/admin/webhooks - [unicode_fuzzing] name zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "you" + ], + "name": "​hello", + "providerType": "anyway", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_bidi_override_8724a676.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_bidi_override_8724a676.hurl new file mode 100644 index 0000000..8aa327f --- /dev/null +++ b/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_bidi_override_8724a676.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [unicode_fuzzing] providerType bidi_override ── +# case_id=TC-8724a676 +# case_name=POST /api/admin/webhooks - [unicode_fuzzing] providerType bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "‮hello", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_control_char_dc945e0e.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_control_char_dc945e0e.hurl new file mode 100644 index 0000000..bcdf3da --- /dev/null +++ b/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_control_char_dc945e0e.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [unicode_fuzzing] providerType control_char ── +# case_id=TC-dc945e0e +# case_name=POST /api/admin/webhooks - [unicode_fuzzing] providerType control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "hello\u0000world", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_overlong_2cc3a01a.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_overlong_2cc3a01a.hurl new file mode 100644 index 0000000..2ace227 --- /dev/null +++ b/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_overlong_2cc3a01a.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [unicode_fuzzing] providerType overlong ── +# case_id=TC-2cc3a01a +# case_name=POST /api/admin/webhooks - [unicode_fuzzing] providerType overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_zalgo_07152569.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_zalgo_07152569.hurl new file mode 100644 index 0000000..0cbb6e3 --- /dev/null +++ b/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_zalgo_07152569.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [unicode_fuzzing] providerType zalgo ── +# case_id=TC-07152569 +# case_name=POST /api/admin/webhooks - [unicode_fuzzing] providerType zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "z̀́̂̃̄̅̆̇a", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_zero_width_e32282d7.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_zero_width_e32282d7.hurl new file mode 100644 index 0000000..dfd6a4f --- /dev/null +++ b/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_zero_width_e32282d7.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [unicode_fuzzing] providerType zero_width ── +# case_id=TC-e32282d7 +# case_name=POST /api/admin/webhooks - [unicode_fuzzing] providerType zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "​hello", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_bidi_override_0c229c2d.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_bidi_override_0c229c2d.hurl new file mode 100644 index 0000000..66bd1a9 --- /dev/null +++ b/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_bidi_override_0c229c2d.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [unicode_fuzzing] teamId bidi_override ── +# case_id=TC-0c229c2d +# case_name=POST /api/admin/webhooks - [unicode_fuzzing] teamId bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "anyway", + "teamId": "‮hello", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_control_char_f031554f.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_control_char_f031554f.hurl new file mode 100644 index 0000000..aff01e4 --- /dev/null +++ b/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_control_char_f031554f.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [unicode_fuzzing] teamId control_char ── +# case_id=TC-f031554f +# case_name=POST /api/admin/webhooks - [unicode_fuzzing] teamId control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "anyway", + "teamId": "hello\u0000world", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_overlong_7de8af57.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_overlong_7de8af57.hurl new file mode 100644 index 0000000..517c042 --- /dev/null +++ b/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_overlong_7de8af57.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [unicode_fuzzing] teamId overlong ── +# case_id=TC-7de8af57 +# case_name=POST /api/admin/webhooks - [unicode_fuzzing] teamId overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "anyway", + "teamId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_zalgo_bba333a6.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_zalgo_bba333a6.hurl new file mode 100644 index 0000000..fd553eb --- /dev/null +++ b/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_zalgo_bba333a6.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [unicode_fuzzing] teamId zalgo ── +# case_id=TC-bba333a6 +# case_name=POST /api/admin/webhooks - [unicode_fuzzing] teamId zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "anyway", + "teamId": "z̀́̂̃̄̅̆̇a", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_zero_width_3128deb0.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_zero_width_3128deb0.hurl new file mode 100644 index 0000000..ce1ee48 --- /dev/null +++ b/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_zero_width_3128deb0.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [unicode_fuzzing] teamId zero_width ── +# case_id=TC-3128deb0 +# case_name=POST /api/admin/webhooks - [unicode_fuzzing] teamId zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "anyway", + "teamId": "​hello", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_url_bidi_override_caf839d6.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_url_bidi_override_caf839d6.hurl new file mode 100644 index 0000000..2112228 --- /dev/null +++ b/cases/api_admin_webhooks_post_unicode_fuzzing_url_bidi_override_caf839d6.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [unicode_fuzzing] url bidi_override ── +# case_id=TC-caf839d6 +# case_name=POST /api/admin/webhooks - [unicode_fuzzing] url bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "anyway", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "‮hello" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_url_control_char_c4479bd1.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_url_control_char_c4479bd1.hurl new file mode 100644 index 0000000..77c794d --- /dev/null +++ b/cases/api_admin_webhooks_post_unicode_fuzzing_url_control_char_c4479bd1.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [unicode_fuzzing] url control_char ── +# case_id=TC-c4479bd1 +# case_name=POST /api/admin/webhooks - [unicode_fuzzing] url control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "anyway", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "hello\u0000world" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_url_overlong_132333e4.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_url_overlong_132333e4.hurl new file mode 100644 index 0000000..14b68c7 --- /dev/null +++ b/cases/api_admin_webhooks_post_unicode_fuzzing_url_overlong_132333e4.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [unicode_fuzzing] url overlong ── +# case_id=TC-132333e4 +# case_name=POST /api/admin/webhooks - [unicode_fuzzing] url overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "anyway", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_url_zalgo_6343c227.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_url_zalgo_6343c227.hurl new file mode 100644 index 0000000..7274d24 --- /dev/null +++ b/cases/api_admin_webhooks_post_unicode_fuzzing_url_zalgo_6343c227.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [unicode_fuzzing] url zalgo ── +# case_id=TC-6343c227 +# case_name=POST /api/admin/webhooks - [unicode_fuzzing] url zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "anyway", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "z̀́̂̃̄̅̆̇a" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_url_zero_width_d101973c.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_url_zero_width_d101973c.hurl new file mode 100644 index 0000000..4d58a9a --- /dev/null +++ b/cases/api_admin_webhooks_post_unicode_fuzzing_url_zero_width_d101973c.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - [unicode_fuzzing] url zero_width ── +# case_id=TC-d101973c +# case_name=POST /api/admin/webhooks - [unicode_fuzzing] url zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "anyway", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "​hello" +} +``` + +HTTP 400 + diff --git a/cases/api_admin_webhooks_post_valid_request_with_all_required_fields_42a4fab4.hurl b/cases/api_admin_webhooks_post_valid_request_with_all_required_fields_42a4fab4.hurl new file mode 100644 index 0000000..386df28 --- /dev/null +++ b/cases/api_admin_webhooks_post_valid_request_with_all_required_fields_42a4fab4.hurl @@ -0,0 +1,36 @@ +# ── POST /api/admin/webhooks - valid request with all required fields ── +# case_id=TC-42a4fab4 +# case_name=POST /api/admin/webhooks - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "set" + ], + "name": "Fletcher Mendez", + "providerType": "these", + "teamId": "7b7e7d08-a4c7-4b59-a185-b2a7b8576f2e", + "url": "http://www.nationalcross-platform.org/infomediaries/killer/technologies/frictionless" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.createdBy" exists +jsonpath "$.isActive" exists +jsonpath "$.providerType" exists +jsonpath "$.teamId" exists +jsonpath "$.name" exists +jsonpath "$.url" exists +jsonpath "$.createdAt" exists +jsonpath "$.id" exists +jsonpath "$.events" exists + diff --git a/cases/api_admin_webhooks_post_wrong_content_type_text_plain_7a40055b.hurl b/cases/api_admin_webhooks_post_wrong_content_type_text_plain_7a40055b.hurl new file mode 100644 index 0000000..5c62e58 --- /dev/null +++ b/cases/api_admin_webhooks_post_wrong_content_type_text_plain_7a40055b.hurl @@ -0,0 +1,24 @@ +# ── POST /api/admin/webhooks - wrong content-type (text/plain) ── +# case_id=TC-7a40055b +# case_name=POST /api/admin/webhooks - wrong content-type (text/plain) +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/admin/webhooks +Content-Type: text/plain +```json +{ + "events": [ + "from" + ], + "name": "Tanner Gardner", + "providerType": "patiently", + "teamId": "19ccbd87-5161-4a81-beda-3e6a1d5aa25e", + "url": "https://www.seniorsynergies.info/one-to-one" +} +``` + +HTTP 415 + diff --git a/cases/api_admin_webhooks_sequence_chain_delete_api_admin_grants_id_8ef3fbbb.hurl b/cases/api_admin_webhooks_sequence_chain_delete_api_admin_grants_id_8ef3fbbb.hurl new file mode 100644 index 0000000..5e3012f --- /dev/null +++ b/cases/api_admin_webhooks_sequence_chain_delete_api_admin_grants_id_8ef3fbbb.hurl @@ -0,0 +1,48 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/webhooks → DELETE /api/admin/grants/{id} +# case_id=TC-8ef3fbbb +# case_name=sequence chain: /api/admin/webhooks → DELETE /api/admin/grants/{id} +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/webhooks [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/webhooks + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "today" + ], + "name": "Abe Collier", + "providerType": "listen", + "teamId": "7fae1382-a4cd-4c6d-9387-4f7b3c489c4e", + "url": "https://www.staffclicks-and-mortar.biz/monetize/monetize/initiatives" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via DELETE /api/admin/grants/{id} [test] ── +# step_id=step-test +# step_type=test +# title=use via DELETE /api/admin/grants/{id} +# depends_on=step-setup + +DELETE {{base_url}}/api/admin/grants/{{id}} + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_webhooks_sequence_chain_delete_api_admin_users_id_763b85b6.hurl b/cases/api_admin_webhooks_sequence_chain_delete_api_admin_users_id_763b85b6.hurl new file mode 100644 index 0000000..b5bcf8e --- /dev/null +++ b/cases/api_admin_webhooks_sequence_chain_delete_api_admin_users_id_763b85b6.hurl @@ -0,0 +1,48 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/webhooks → DELETE /api/admin/users/{id} +# case_id=TC-763b85b6 +# case_name=sequence chain: /api/admin/webhooks → DELETE /api/admin/users/{id} +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/webhooks [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/webhooks + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "other" + ], + "name": "Payton Yang", + "providerType": "anyone", + "teamId": "e7136d75-172b-46d0-8e7e-838fb2a645b4", + "url": "http://www.investorarchitectures.com/viral/real-time" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via DELETE /api/admin/users/{id} [test] ── +# step_id=step-test +# step_type=test +# title=use via DELETE /api/admin/users/{id} +# depends_on=step-setup + +DELETE {{base_url}}/api/admin/users/{{id}} + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_grants_83289d9f.hurl b/cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_grants_83289d9f.hurl new file mode 100644 index 0000000..044c166 --- /dev/null +++ b/cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_grants_83289d9f.hurl @@ -0,0 +1,48 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/webhooks → GET /api/admin/teams/{id}/grants +# case_id=TC-83289d9f +# case_name=sequence chain: /api/admin/webhooks → GET /api/admin/teams/{id}/grants +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/webhooks [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/webhooks + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "yourself" + ], + "name": "Janis Santos", + "providerType": "owing", + "teamId": "f1f952e5-15e9-4e13-9296-ebf46b9a6f04", + "url": "http://www.corporateproductize.org/vortals" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via GET /api/admin/teams/{id}/grants [test] ── +# step_id=step-test +# step_type=test +# title=use via GET /api/admin/teams/{id}/grants +# depends_on=step-setup + +GET {{base_url}}/api/admin/teams/{{id}}/grants + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_members_969a9fae.hurl b/cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_members_969a9fae.hurl new file mode 100644 index 0000000..ba9fffb --- /dev/null +++ b/cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_members_969a9fae.hurl @@ -0,0 +1,48 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/webhooks → GET /api/admin/teams/{id}/members +# case_id=TC-969a9fae +# case_name=sequence chain: /api/admin/webhooks → GET /api/admin/teams/{id}/members +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/webhooks [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/webhooks + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "another" + ], + "name": "Roxanne Barber", + "providerType": "well", + "teamId": "360fddbd-2bf8-4533-b759-353946ddb3bb", + "url": "https://www.corporateimplement.net/recontextualize/extensible/leading-edge" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via GET /api/admin/teams/{id}/members [test] ── +# step_id=step-test +# step_type=test +# title=use via GET /api/admin/teams/{id}/members +# depends_on=step-setup + +GET {{base_url}}/api/admin/teams/{{id}}/members + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_services_ce956549.hurl b/cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_services_ce956549.hurl new file mode 100644 index 0000000..cb2b4fc --- /dev/null +++ b/cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_services_ce956549.hurl @@ -0,0 +1,48 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/webhooks → GET /api/admin/teams/{id}/services +# case_id=TC-ce956549 +# case_name=sequence chain: /api/admin/webhooks → GET /api/admin/teams/{id}/services +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/webhooks [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/webhooks + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "does" + ], + "name": "Joanne Peterson", + "providerType": "extremely", + "teamId": "85472ea1-82f2-4e21-8559-2c86837acb46", + "url": "http://www.nationalroi.io/integrated/integrated/target/action-items" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via GET /api/admin/teams/{id}/services [test] ── +# step_id=step-test +# step_type=test +# title=use via GET /api/admin/teams/{id}/services +# depends_on=step-setup + +GET {{base_url}}/api/admin/teams/{{id}}/services + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_webhooks_sequence_chain_post_api_admin_teams_id_grants_02ba968a.hurl b/cases/api_admin_webhooks_sequence_chain_post_api_admin_teams_id_grants_02ba968a.hurl new file mode 100644 index 0000000..601d054 --- /dev/null +++ b/cases/api_admin_webhooks_sequence_chain_post_api_admin_teams_id_grants_02ba968a.hurl @@ -0,0 +1,60 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/webhooks → POST /api/admin/teams/{id}/grants +# case_id=TC-02ba968a +# case_name=sequence chain: /api/admin/webhooks → POST /api/admin/teams/{id}/grants +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/webhooks [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/webhooks + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "him" + ], + "name": "Cayla Rosenbaum", + "providerType": "ours", + "teamId": "ccd3929e-a106-4df3-8d31-66697e80dbe3", + "url": "https://www.seniore-enable.name/synergies/end-to-end/integrate/e-tailers" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via POST /api/admin/teams/{id}/grants [test] ── +# step_id=step-test +# step_type=test +# title=use via POST /api/admin/teams/{id}/grants +# depends_on=step-setup + +POST {{base_url}}/api/admin/teams/{{id}}/grants +Content-Type: application/json +```json +{ + "branches": [ + "i.e." + ], + "expiresAt": "2011-10-23T02:54:47Z", + "granteeTeamId": "d189b00e-5719-4cc5-b97a-a00f62029da1", + "granteeUserId": "77c00823-081e-4450-9ea4-1bd04aabfdee", + "serviceId": "433f7b49-b2b9-485d-a48e-d48715ed6be5" +} +``` + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_webhooks_sequence_chain_post_api_admin_teams_id_members_393f686a.hurl b/cases/api_admin_webhooks_sequence_chain_post_api_admin_teams_id_members_393f686a.hurl new file mode 100644 index 0000000..6893191 --- /dev/null +++ b/cases/api_admin_webhooks_sequence_chain_post_api_admin_teams_id_members_393f686a.hurl @@ -0,0 +1,55 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/webhooks → POST /api/admin/teams/{id}/members +# case_id=TC-393f686a +# case_name=sequence chain: /api/admin/webhooks → POST /api/admin/teams/{id}/members +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/webhooks [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/webhooks + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "outside" + ], + "name": "Marlene Jacobs", + "providerType": "for", + "teamId": "c8d6d6a7-3cc6-4d33-b8b1-b6c03d928bf7", + "url": "http://www.internalbrand.info/impactful/transform/web-enabled/e-commerce" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via POST /api/admin/teams/{id}/members [test] ── +# step_id=step-test +# step_type=test +# title=use via POST /api/admin/teams/{id}/members +# depends_on=step-setup + +POST {{base_url}}/api/admin/teams/{{id}}/members +Content-Type: application/json +```json +{ + "role": "member", + "userId": "6dc4ae45-29b7-456d-b346-b29b27cb5494" +} +``` + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_webhooks_sequence_chain_put_api_admin_services_serviceid_team_256209eb.hurl b/cases/api_admin_webhooks_sequence_chain_put_api_admin_services_serviceid_team_256209eb.hurl new file mode 100644 index 0000000..d46a7a6 --- /dev/null +++ b/cases/api_admin_webhooks_sequence_chain_put_api_admin_services_serviceid_team_256209eb.hurl @@ -0,0 +1,54 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/webhooks → PUT /api/admin/services/{serviceId}/team +# case_id=TC-256209eb +# case_name=sequence chain: /api/admin/webhooks → PUT /api/admin/services/{serviceId}/team +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/webhooks [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/webhooks + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "throughout" + ], + "name": "Pablo Hoffman", + "providerType": "barely", + "teamId": "cc3b8d87-6c30-464d-a451-ec70a317a56a", + "url": "http://www.futuresynergize.org/evolve" +} +``` + +HTTP * + +[Captures] +serviceId: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via PUT /api/admin/services/{serviceId}/team [test] ── +# step_id=step-test +# step_type=test +# title=use via PUT /api/admin/services/{serviceId}/team +# depends_on=step-setup + +PUT {{base_url}}/api/admin/services/{{serviceId}}/team +Content-Type: application/json +```json +{ + "teamId": "fbaecfc9-d46e-4518-8fc8-3534e881b114" +} +``` + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_admin_webhooks_sequence_chain_put_api_admin_users_id_88a6983e.hurl b/cases/api_admin_webhooks_sequence_chain_put_api_admin_users_id_88a6983e.hurl new file mode 100644 index 0000000..fc187a0 --- /dev/null +++ b/cases/api_admin_webhooks_sequence_chain_put_api_admin_users_id_88a6983e.hurl @@ -0,0 +1,55 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/admin/webhooks → PUT /api/admin/users/{id} +# case_id=TC-88a6983e +# case_name=sequence chain: /api/admin/webhooks → PUT /api/admin/users/{id} +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/admin/webhooks [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/admin/webhooks + +POST {{base_url}}/api/admin/webhooks +Content-Type: application/json +```json +{ + "events": [ + "only" + ], + "name": "Dawson Matthews", + "providerType": "that", + "teamId": "7c2b8aba-98b4-477e-b7fe-f53f6306f514", + "url": "http://www.financecultivate.com/envisioneer/enable/synergies/strategize" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via PUT /api/admin/users/{id} [test] ── +# step_id=step-test +# step_type=test +# title=use via PUT /api/admin/users/{id} +# depends_on=step-setup + +PUT {{base_url}}/api/admin/users/{{id}} +Content-Type: application/json +```json +{ + "isActive": false, + "role": "super_admin" +} +``` + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_catalog_get_auth_chain_bde6cda3.hurl b/cases/api_catalog_get_auth_chain_bde6cda3.hurl new file mode 100644 index 0000000..fe3c73d --- /dev/null +++ b/cases/api_catalog_get_auth_chain_bde6cda3.hurl @@ -0,0 +1,44 @@ +# ══════════════════════════════════════════════════ +# auth chain: GET /api/catalog +# case_id=TC-bde6cda3 +# case_name=auth chain: GET /api/catalog +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── authenticate via POST /api/tokens [setup] ── +# step_id=step-auth +# step_type=setup +# title=authenticate via POST /api/tokens + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Jakob Jensen", + "scope": "write" +} +``` + +HTTP * + +[Captures] +authToken: jsonpath "$.token" + +[Asserts] +status < 300 + +# ── GET /api/catalog with auth token [test] ── +# step_id=step-test +# step_type=test +# title=GET /api/catalog with auth token +# depends_on=step-auth + +GET {{base_url}}/api/catalog +Authorization: Bearer {{authToken}} + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_catalog_get_owasp_api2_broken_authentication_e1fa3406.hurl b/cases/api_catalog_get_owasp_api2_broken_authentication_e1fa3406.hurl new file mode 100644 index 0000000..7f98cd6 --- /dev/null +++ b/cases/api_catalog_get_owasp_api2_broken_authentication_e1fa3406.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] GET /api/catalog — broken authentication ── +# case_id=TC-e1fa3406 +# case_name=[OWASP-API2] GET /api/catalog — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/catalog + +HTTP 401 + diff --git a/cases/api_catalog_get_valid_request_with_all_required_fields_c9b53fc1.hurl b/cases/api_catalog_get_valid_request_with_all_required_fields_c9b53fc1.hurl new file mode 100644 index 0000000..2956055 --- /dev/null +++ b/cases/api_catalog_get_valid_request_with_all_required_fields_c9b53fc1.hurl @@ -0,0 +1,16 @@ +# ── GET /api/catalog - valid request with all required fields ── +# case_id=TC-c9b53fc1 +# case_name=GET /api/catalog - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +GET {{base_url}}/api/catalog + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.services" exists + diff --git a/cases/api_catalog_options_owasp_api8_cors_security_configuration_e3ff3623.hurl b/cases/api_catalog_options_owasp_api8_cors_security_configuration_e3ff3623.hurl new file mode 100644 index 0000000..d359a57 --- /dev/null +++ b/cases/api_catalog_options_owasp_api8_cors_security_configuration_e3ff3623.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/catalog — CORS security configuration ── +# case_id=TC-e3ff3623 +# case_name=[OWASP-API8] OPTIONS /api/catalog — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/catalog +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_catalog_serviceid_delete_idempotent_second_call_must_be_safe_84233d9e.hurl b/cases/api_catalog_serviceid_delete_idempotent_second_call_must_be_safe_84233d9e.hurl new file mode 100644 index 0000000..81b936c --- /dev/null +++ b/cases/api_catalog_serviceid_delete_idempotent_second_call_must_be_safe_84233d9e.hurl @@ -0,0 +1,33 @@ +# ══════════════════════════════════════════════════ +# DELETE /api/catalog/:serviceId - idempotent: second call must be safe +# case_id=TC-84233d9e +# case_name=DELETE /api/catalog/:serviceId - idempotent: second call must be safe +# case_kind=chain +# priority=P2 +# ══════════════════════════════════════════════════ + +# ── DELETE /api/catalog/:serviceId — first call [setup] ── +# step_id=step-setup +# step_type=setup +# title=DELETE /api/catalog/:serviceId — first call + +DELETE {{base_url}}/api/catalog/:serviceId + +HTTP 200 + +[Asserts] +duration < 2000 + +# ── DELETE /api/catalog/:serviceId — identical second call must be safe [test] ── +# step_id=step-test +# step_type=test +# title=DELETE /api/catalog/:serviceId — identical second call must be safe +# depends_on=step-setup + +DELETE {{base_url}}/api/catalog/:serviceId + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_catalog_serviceid_delete_idor_serviceid_00000000_0000_0000_0000_000000000000_c4621de0.hurl b/cases/api_catalog_serviceid_delete_idor_serviceid_00000000_0000_0000_0000_000000000000_c4621de0.hurl new file mode 100644 index 0000000..f75a766 --- /dev/null +++ b/cases/api_catalog_serviceid_delete_idor_serviceid_00000000_0000_0000_0000_000000000000_c4621de0.hurl @@ -0,0 +1,16 @@ +# ── DELETE /api/catalog/:serviceId - IDOR serviceId=00000000-0000-0000-0000-000000000000 (nil_uuid) ── +# case_id=TC-c4621de0 +# case_name=DELETE /api/catalog/:serviceId - IDOR serviceId=00000000-0000-0000-0000-000000000000 (nil_uuid) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +DELETE {{base_url}}/api/catalog/:serviceId + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_catalog_serviceid_delete_idor_serviceid_00000000_0000_0000_0000_000000000001_e72a9984.hurl b/cases/api_catalog_serviceid_delete_idor_serviceid_00000000_0000_0000_0000_000000000001_e72a9984.hurl new file mode 100644 index 0000000..6f652a8 --- /dev/null +++ b/cases/api_catalog_serviceid_delete_idor_serviceid_00000000_0000_0000_0000_000000000001_e72a9984.hurl @@ -0,0 +1,16 @@ +# ── DELETE /api/catalog/:serviceId - IDOR serviceId=00000000-0000-0000-0000-000000000001 (alt_uuid) ── +# case_id=TC-e72a9984 +# case_name=DELETE /api/catalog/:serviceId - IDOR serviceId=00000000-0000-0000-0000-000000000001 (alt_uuid) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +DELETE {{base_url}}/api/catalog/:serviceId + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_catalog_serviceid_delete_missing_required_param_serviceid_3209e4f6.hurl b/cases/api_catalog_serviceid_delete_missing_required_param_serviceid_3209e4f6.hurl new file mode 100644 index 0000000..e694ee2 --- /dev/null +++ b/cases/api_catalog_serviceid_delete_missing_required_param_serviceid_3209e4f6.hurl @@ -0,0 +1,12 @@ +# ── DELETE /api/catalog/:serviceId - missing required param "serviceId" ── +# case_id=TC-3209e4f6 +# case_name=DELETE /api/catalog/:serviceId - missing required param "serviceId" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +DELETE {{base_url}}/api/catalog/:serviceId + +HTTP 422 + diff --git a/cases/api_catalog_serviceid_delete_owasp_api2_broken_authentication_be467598.hurl b/cases/api_catalog_serviceid_delete_owasp_api2_broken_authentication_be467598.hurl new file mode 100644 index 0000000..14b97b0 --- /dev/null +++ b/cases/api_catalog_serviceid_delete_owasp_api2_broken_authentication_be467598.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] DELETE /api/catalog/:serviceId — broken authentication ── +# case_id=TC-be467598 +# case_name=[OWASP-API2] DELETE /api/catalog/:serviceId — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/catalog/:serviceId + +HTTP 401 + diff --git a/cases/api_catalog_serviceid_delete_owasp_api5_function_level_authorization_missing_c88f572b.hurl b/cases/api_catalog_serviceid_delete_owasp_api5_function_level_authorization_missing_c88f572b.hurl new file mode 100644 index 0000000..492d579 --- /dev/null +++ b/cases/api_catalog_serviceid_delete_owasp_api5_function_level_authorization_missing_c88f572b.hurl @@ -0,0 +1,13 @@ +# ── [OWASP-API5] DELETE /api/catalog/:serviceId — function-level authorization missing ── +# case_id=TC-c88f572b +# case_name=[OWASP-API5] DELETE /api/catalog/:serviceId — function-level authorization missing +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +DELETE {{base_url}}/api/catalog/:serviceId +Authorization: Bearer {{user_token}} + +HTTP 403 + diff --git a/cases/api_catalog_serviceid_delete_owasp_api7_injection_path_traversal_c37e4439.hurl b/cases/api_catalog_serviceid_delete_owasp_api7_injection_path_traversal_c37e4439.hurl new file mode 100644 index 0000000..607c9ae --- /dev/null +++ b/cases/api_catalog_serviceid_delete_owasp_api7_injection_path_traversal_c37e4439.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] DELETE /api/catalog/:serviceId — injection (path-traversal) ── +# case_id=TC-c37e4439 +# case_name=[OWASP-API7] DELETE /api/catalog/:serviceId — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/catalog/:serviceId +```json +null +``` + +HTTP 400 + diff --git a/cases/api_catalog_serviceid_delete_owasp_api7_injection_sqli_d27beca6.hurl b/cases/api_catalog_serviceid_delete_owasp_api7_injection_sqli_d27beca6.hurl new file mode 100644 index 0000000..f1398f3 --- /dev/null +++ b/cases/api_catalog_serviceid_delete_owasp_api7_injection_sqli_d27beca6.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] DELETE /api/catalog/:serviceId — injection (sqli) ── +# case_id=TC-d27beca6 +# case_name=[OWASP-API7] DELETE /api/catalog/:serviceId — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/catalog/:serviceId +```json +null +``` + +HTTP 400 + diff --git a/cases/api_catalog_serviceid_delete_owasp_api7_injection_xss_bfdae539.hurl b/cases/api_catalog_serviceid_delete_owasp_api7_injection_xss_bfdae539.hurl new file mode 100644 index 0000000..2478cdc --- /dev/null +++ b/cases/api_catalog_serviceid_delete_owasp_api7_injection_xss_bfdae539.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] DELETE /api/catalog/:serviceId — injection (xss) ── +# case_id=TC-bfdae539 +# case_name=[OWASP-API7] DELETE /api/catalog/:serviceId — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/catalog/:serviceId +```json +null +``` + +HTTP 400 + diff --git a/cases/api_catalog_serviceid_delete_valid_request_with_all_required_fields_b2745533.hurl b/cases/api_catalog_serviceid_delete_valid_request_with_all_required_fields_b2745533.hurl new file mode 100644 index 0000000..0cf2ea7 --- /dev/null +++ b/cases/api_catalog_serviceid_delete_valid_request_with_all_required_fields_b2745533.hurl @@ -0,0 +1,16 @@ +# ── DELETE /api/catalog/:serviceId - valid request with all required fields ── +# case_id=TC-b2745533 +# case_name=DELETE /api/catalog/:serviceId - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +DELETE {{base_url}}/api/catalog/:serviceId + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.ok" exists + diff --git a/cases/api_catalog_serviceid_options_owasp_api8_cors_security_configuration_dc211e18.hurl b/cases/api_catalog_serviceid_options_owasp_api8_cors_security_configuration_dc211e18.hurl new file mode 100644 index 0000000..26f844d --- /dev/null +++ b/cases/api_catalog_serviceid_options_owasp_api8_cors_security_configuration_dc211e18.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/catalog/:serviceId — CORS security configuration ── +# case_id=TC-dc211e18 +# case_name=[OWASP-API8] OPTIONS /api/catalog/:serviceId — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/catalog/:serviceId +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_diff_get_auth_chain_6af54553.hurl b/cases/api_diff_get_auth_chain_6af54553.hurl new file mode 100644 index 0000000..60a48b4 --- /dev/null +++ b/cases/api_diff_get_auth_chain_6af54553.hurl @@ -0,0 +1,44 @@ +# ══════════════════════════════════════════════════ +# auth chain: GET /api/diff +# case_id=TC-6af54553 +# case_name=auth chain: GET /api/diff +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── authenticate via POST /api/tokens [setup] ── +# step_id=step-auth +# step_type=setup +# title=authenticate via POST /api/tokens + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Jakob Jensen", + "scope": "write" +} +``` + +HTTP * + +[Captures] +authToken: jsonpath "$.token" + +[Asserts] +status < 300 + +# ── GET /api/diff with auth token [test] ──── +# step_id=step-test +# step_type=test +# title=GET /api/diff with auth token +# depends_on=step-auth + +GET {{base_url}}/api/diff +Authorization: Bearer {{authToken}} + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_diff_get_missing_required_param_from_436315da.hurl b/cases/api_diff_get_missing_required_param_from_436315da.hurl new file mode 100644 index 0000000..921d56e --- /dev/null +++ b/cases/api_diff_get_missing_required_param_from_436315da.hurl @@ -0,0 +1,12 @@ +# ── GET /api/diff - missing required param "from" ── +# case_id=TC-436315da +# case_name=GET /api/diff - missing required param "from" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +GET {{base_url}}/api/diff?to=valid + +HTTP 422 + diff --git a/cases/api_diff_get_missing_required_param_to_592a212d.hurl b/cases/api_diff_get_missing_required_param_to_592a212d.hurl new file mode 100644 index 0000000..7f7f1c6 --- /dev/null +++ b/cases/api_diff_get_missing_required_param_to_592a212d.hurl @@ -0,0 +1,12 @@ +# ── GET /api/diff - missing required param "to" ── +# case_id=TC-592a212d +# case_name=GET /api/diff - missing required param "to" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +GET {{base_url}}/api/diff?from=valid + +HTTP 422 + diff --git a/cases/api_diff_get_owasp_api2_broken_authentication_f6e6d81e.hurl b/cases/api_diff_get_owasp_api2_broken_authentication_f6e6d81e.hurl new file mode 100644 index 0000000..f5a8f39 --- /dev/null +++ b/cases/api_diff_get_owasp_api2_broken_authentication_f6e6d81e.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] GET /api/diff — broken authentication ── +# case_id=TC-f6e6d81e +# case_name=[OWASP-API2] GET /api/diff — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/diff + +HTTP 401 + diff --git a/cases/api_diff_get_owasp_api7_injection_path_traversal_d2e88748.hurl b/cases/api_diff_get_owasp_api7_injection_path_traversal_d2e88748.hurl new file mode 100644 index 0000000..f738676 --- /dev/null +++ b/cases/api_diff_get_owasp_api7_injection_path_traversal_d2e88748.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/diff — injection (path-traversal) ── +# case_id=TC-d2e88748 +# case_name=[OWASP-API7] GET /api/diff — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/diff?from=..%2F..%2F..%2Fetc%2Fpasswd +```json +null +``` + +HTTP 400 + diff --git a/cases/api_diff_get_owasp_api7_injection_sqli_2add12cf.hurl b/cases/api_diff_get_owasp_api7_injection_sqli_2add12cf.hurl new file mode 100644 index 0000000..0c431a9 --- /dev/null +++ b/cases/api_diff_get_owasp_api7_injection_sqli_2add12cf.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/diff — injection (sqli) ── +# case_id=TC-2add12cf +# case_name=[OWASP-API7] GET /api/diff — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/diff?from=%27+OR+1%3D1-- +```json +null +``` + +HTTP 400 + diff --git a/cases/api_diff_get_owasp_api7_injection_xss_1fb05370.hurl b/cases/api_diff_get_owasp_api7_injection_xss_1fb05370.hurl new file mode 100644 index 0000000..daf69d4 --- /dev/null +++ b/cases/api_diff_get_owasp_api7_injection_xss_1fb05370.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/diff — injection (xss) ── +# case_id=TC-1fb05370 +# case_name=[OWASP-API7] GET /api/diff — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/diff?from=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E +```json +null +``` + +HTTP 400 + diff --git a/cases/api_diff_get_valid_request_with_all_required_fields_f98b2b82.hurl b/cases/api_diff_get_valid_request_with_all_required_fields_f98b2b82.hurl new file mode 100644 index 0000000..40863bb --- /dev/null +++ b/cases/api_diff_get_valid_request_with_all_required_fields_f98b2b82.hurl @@ -0,0 +1,18 @@ +# ── GET /api/diff - valid request with all required fields ── +# case_id=TC-f98b2b82 +# case_name=GET /api/diff - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +GET {{base_url}}/api/diff + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.added" exists +jsonpath "$.modified" exists +jsonpath "$.removed" exists + diff --git a/cases/api_diff_options_owasp_api8_cors_security_configuration_95a63795.hurl b/cases/api_diff_options_owasp_api8_cors_security_configuration_95a63795.hurl new file mode 100644 index 0000000..cc65940 --- /dev/null +++ b/cases/api_diff_options_owasp_api8_cors_security_configuration_95a63795.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/diff — CORS security configuration ── +# case_id=TC-95a63795 +# case_name=[OWASP-API8] OPTIONS /api/diff — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/diff +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_me_get_auth_chain_646f48bb.hurl b/cases/api_me_get_auth_chain_646f48bb.hurl new file mode 100644 index 0000000..ba5837e --- /dev/null +++ b/cases/api_me_get_auth_chain_646f48bb.hurl @@ -0,0 +1,44 @@ +# ══════════════════════════════════════════════════ +# auth chain: GET /api/me +# case_id=TC-646f48bb +# case_name=auth chain: GET /api/me +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── authenticate via POST /api/tokens [setup] ── +# step_id=step-auth +# step_type=setup +# title=authenticate via POST /api/tokens + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Jakob Jensen", + "scope": "write" +} +``` + +HTTP * + +[Captures] +authToken: jsonpath "$.token" + +[Asserts] +status < 300 + +# ── GET /api/me with auth token [test] ────── +# step_id=step-test +# step_type=test +# title=GET /api/me with auth token +# depends_on=step-auth + +GET {{base_url}}/api/me +Authorization: Bearer {{authToken}} + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_me_get_owasp_api2_broken_authentication_16f4aef5.hurl b/cases/api_me_get_owasp_api2_broken_authentication_16f4aef5.hurl new file mode 100644 index 0000000..3174737 --- /dev/null +++ b/cases/api_me_get_owasp_api2_broken_authentication_16f4aef5.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] GET /api/me — broken authentication ── +# case_id=TC-16f4aef5 +# case_name=[OWASP-API2] GET /api/me — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/me + +HTTP 401 + diff --git a/cases/api_me_get_valid_request_with_all_required_fields_cb06322f.hurl b/cases/api_me_get_valid_request_with_all_required_fields_cb06322f.hurl new file mode 100644 index 0000000..58cfbaf --- /dev/null +++ b/cases/api_me_get_valid_request_with_all_required_fields_cb06322f.hurl @@ -0,0 +1,19 @@ +# ── GET /api/me - valid request with all required fields ── +# case_id=TC-cb06322f +# case_name=GET /api/me - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +GET {{base_url}}/api/me + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.id" exists +jsonpath "$.role" exists +jsonpath "$.teams" exists +jsonpath "$.email" exists + diff --git a/cases/api_me_options_owasp_api8_cors_security_configuration_8d947b43.hurl b/cases/api_me_options_owasp_api8_cors_security_configuration_8d947b43.hurl new file mode 100644 index 0000000..0f81b51 --- /dev/null +++ b/cases/api_me_options_owasp_api8_cors_security_configuration_8d947b43.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/me — CORS security configuration ── +# case_id=TC-8d947b43 +# case_name=[OWASP-API8] OPTIONS /api/me — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/me +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_search_get_auth_chain_e66b7d53.hurl b/cases/api_search_get_auth_chain_e66b7d53.hurl new file mode 100644 index 0000000..27b9a72 --- /dev/null +++ b/cases/api_search_get_auth_chain_e66b7d53.hurl @@ -0,0 +1,44 @@ +# ══════════════════════════════════════════════════ +# auth chain: GET /api/search +# case_id=TC-e66b7d53 +# case_name=auth chain: GET /api/search +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── authenticate via POST /api/tokens [setup] ── +# step_id=step-auth +# step_type=setup +# title=authenticate via POST /api/tokens + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Jakob Jensen", + "scope": "write" +} +``` + +HTTP * + +[Captures] +authToken: jsonpath "$.token" + +[Asserts] +status < 300 + +# ── GET /api/search with auth token [test] ── +# step_id=step-test +# step_type=test +# title=GET /api/search with auth token +# depends_on=step-auth + +GET {{base_url}}/api/search +Authorization: Bearer {{authToken}} + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_search_get_missing_required_param_q_128363b8.hurl b/cases/api_search_get_missing_required_param_q_128363b8.hurl new file mode 100644 index 0000000..98e9d39 --- /dev/null +++ b/cases/api_search_get_missing_required_param_q_128363b8.hurl @@ -0,0 +1,12 @@ +# ── GET /api/search - missing required param "q" ── +# case_id=TC-128363b8 +# case_name=GET /api/search - missing required param "q" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +GET {{base_url}}/api/search?branch=valid&service=valid + +HTTP 422 + diff --git a/cases/api_search_get_owasp_api2_broken_authentication_6e192176.hurl b/cases/api_search_get_owasp_api2_broken_authentication_6e192176.hurl new file mode 100644 index 0000000..1dac706 --- /dev/null +++ b/cases/api_search_get_owasp_api2_broken_authentication_6e192176.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] GET /api/search — broken authentication ── +# case_id=TC-6e192176 +# case_name=[OWASP-API2] GET /api/search — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/search + +HTTP 401 + diff --git a/cases/api_search_get_owasp_api7_injection_path_traversal_30f18b95.hurl b/cases/api_search_get_owasp_api7_injection_path_traversal_30f18b95.hurl new file mode 100644 index 0000000..f3ea9c4 --- /dev/null +++ b/cases/api_search_get_owasp_api7_injection_path_traversal_30f18b95.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/search — injection (path-traversal) ── +# case_id=TC-30f18b95 +# case_name=[OWASP-API7] GET /api/search — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/search?q=..%2F..%2F..%2Fetc%2Fpasswd +```json +null +``` + +HTTP 400 + diff --git a/cases/api_search_get_owasp_api7_injection_sqli_b0d05c32.hurl b/cases/api_search_get_owasp_api7_injection_sqli_b0d05c32.hurl new file mode 100644 index 0000000..7c43088 --- /dev/null +++ b/cases/api_search_get_owasp_api7_injection_sqli_b0d05c32.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/search — injection (sqli) ── +# case_id=TC-b0d05c32 +# case_name=[OWASP-API7] GET /api/search — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/search?q=%27+OR+1%3D1-- +```json +null +``` + +HTTP 400 + diff --git a/cases/api_search_get_owasp_api7_injection_xss_b1a5ce9b.hurl b/cases/api_search_get_owasp_api7_injection_xss_b1a5ce9b.hurl new file mode 100644 index 0000000..72e0fc6 --- /dev/null +++ b/cases/api_search_get_owasp_api7_injection_xss_b1a5ce9b.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/search — injection (xss) ── +# case_id=TC-b1a5ce9b +# case_name=[OWASP-API7] GET /api/search — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/search?q=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E +```json +null +``` + +HTTP 400 + diff --git a/cases/api_search_get_valid_request_with_all_required_fields_65fdbcb4.hurl b/cases/api_search_get_valid_request_with_all_required_fields_65fdbcb4.hurl new file mode 100644 index 0000000..7c57ec2 --- /dev/null +++ b/cases/api_search_get_valid_request_with_all_required_fields_65fdbcb4.hurl @@ -0,0 +1,16 @@ +# ── GET /api/search - valid request with all required fields ── +# case_id=TC-65fdbcb4 +# case_name=GET /api/search - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +GET {{base_url}}/api/search + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.results" exists + diff --git a/cases/api_search_options_owasp_api8_cors_security_configuration_e799f553.hurl b/cases/api_search_options_owasp_api8_cors_security_configuration_e799f553.hurl new file mode 100644 index 0000000..6ed996c --- /dev/null +++ b/cases/api_search_options_owasp_api8_cors_security_configuration_e799f553.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/search — CORS security configuration ── +# case_id=TC-e799f553 +# case_name=[OWASP-API8] OPTIONS /api/search — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/search +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_specs_service_branch_openapi_json_get_missing_required_param_branch_dd4faa6a.hurl b/cases/api_specs_service_branch_openapi_json_get_missing_required_param_branch_dd4faa6a.hurl new file mode 100644 index 0000000..dee7235 --- /dev/null +++ b/cases/api_specs_service_branch_openapi_json_get_missing_required_param_branch_dd4faa6a.hurl @@ -0,0 +1,12 @@ +# ── GET /api/specs/{service}/{branch}/openapi.json - missing required param "branch" ── +# case_id=TC-dd4faa6a +# case_name=GET /api/specs/{service}/{branch}/openapi.json - missing required param "branch" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +GET {{base_url}}/api/specs/1/1/openapi.json + +HTTP 422 + diff --git a/cases/api_specs_service_branch_openapi_json_get_missing_required_param_service_14b52fbb.hurl b/cases/api_specs_service_branch_openapi_json_get_missing_required_param_service_14b52fbb.hurl new file mode 100644 index 0000000..f3f6cfb --- /dev/null +++ b/cases/api_specs_service_branch_openapi_json_get_missing_required_param_service_14b52fbb.hurl @@ -0,0 +1,12 @@ +# ── GET /api/specs/{service}/{branch}/openapi.json - missing required param "service" ── +# case_id=TC-14b52fbb +# case_name=GET /api/specs/{service}/{branch}/openapi.json - missing required param "service" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +GET {{base_url}}/api/specs/1/1/openapi.json + +HTTP 422 + diff --git a/cases/api_specs_service_branch_openapi_json_get_owasp_api2_broken_authentication_5b840153.hurl b/cases/api_specs_service_branch_openapi_json_get_owasp_api2_broken_authentication_5b840153.hurl new file mode 100644 index 0000000..ceb8c5f --- /dev/null +++ b/cases/api_specs_service_branch_openapi_json_get_owasp_api2_broken_authentication_5b840153.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] GET /api/specs/{service}/{branch}/openapi.json — broken authentication ── +# case_id=TC-5b840153 +# case_name=[OWASP-API2] GET /api/specs/{service}/{branch}/openapi.json — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/specs/{service}/{branch}/openapi.json + +HTTP 401 + diff --git a/cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_path_traversal_217a31ae.hurl b/cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_path_traversal_217a31ae.hurl new file mode 100644 index 0000000..5a31a15 --- /dev/null +++ b/cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_path_traversal_217a31ae.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/specs/{service}/{branch}/openapi.json — injection (path-traversal) ── +# case_id=TC-217a31ae +# case_name=[OWASP-API7] GET /api/specs/{service}/{branch}/openapi.json — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/specs/..%2F..%2F..%2Fetc%2Fpasswd/{branch}/openapi.json +```json +null +``` + +HTTP 400 + diff --git a/cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_sqli_3e62652b.hurl b/cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_sqli_3e62652b.hurl new file mode 100644 index 0000000..4d86ac2 --- /dev/null +++ b/cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_sqli_3e62652b.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/specs/{service}/{branch}/openapi.json — injection (sqli) ── +# case_id=TC-3e62652b +# case_name=[OWASP-API7] GET /api/specs/{service}/{branch}/openapi.json — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/specs/%27%20OR%201=1--/{branch}/openapi.json +```json +null +``` + +HTTP 400 + diff --git a/cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_xss_69cf35a6.hurl b/cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_xss_69cf35a6.hurl new file mode 100644 index 0000000..8e8f208 --- /dev/null +++ b/cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_xss_69cf35a6.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/specs/{service}/{branch}/openapi.json — injection (xss) ── +# case_id=TC-69cf35a6 +# case_name=[OWASP-API7] GET /api/specs/{service}/{branch}/openapi.json — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/specs/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/{branch}/openapi.json +```json +null +``` + +HTTP 400 + diff --git a/cases/api_specs_service_branch_openapi_json_get_valid_request_with_all_required_fields_e159fefe.hurl b/cases/api_specs_service_branch_openapi_json_get_valid_request_with_all_required_fields_e159fefe.hurl new file mode 100644 index 0000000..a2d194b --- /dev/null +++ b/cases/api_specs_service_branch_openapi_json_get_valid_request_with_all_required_fields_e159fefe.hurl @@ -0,0 +1,15 @@ +# ── GET /api/specs/{service}/{branch}/openapi.json - valid request with all required fields ── +# case_id=TC-e159fefe +# case_name=GET /api/specs/{service}/{branch}/openapi.json - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +GET {{base_url}}/api/specs/{service}/{branch}/openapi.json + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_specs_service_branch_openapi_json_options_owasp_api8_cors_security_configura_ecd6daec.hurl b/cases/api_specs_service_branch_openapi_json_options_owasp_api8_cors_security_configura_ecd6daec.hurl new file mode 100644 index 0000000..fd54aed --- /dev/null +++ b/cases/api_specs_service_branch_openapi_json_options_owasp_api8_cors_security_configura_ecd6daec.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/specs/{service}/{branch}/openapi.json — CORS security configuration ── +# case_id=TC-ecd6daec +# case_name=[OWASP-API8] OPTIONS /api/specs/{service}/{branch}/openapi.json — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/specs/{service}/{branch}/openapi.json +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_specs_service_versions_get_missing_required_param_branch_e71dd727.hurl b/cases/api_specs_service_versions_get_missing_required_param_branch_e71dd727.hurl new file mode 100644 index 0000000..3b04163 --- /dev/null +++ b/cases/api_specs_service_versions_get_missing_required_param_branch_e71dd727.hurl @@ -0,0 +1,12 @@ +# ── GET /api/specs/:service/versions - missing required param "branch" ── +# case_id=TC-e71dd727 +# case_name=GET /api/specs/:service/versions - missing required param "branch" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +GET {{base_url}}/api/specs/:service/versions + +HTTP 422 + diff --git a/cases/api_specs_service_versions_get_missing_required_param_service_95c1cee7.hurl b/cases/api_specs_service_versions_get_missing_required_param_service_95c1cee7.hurl new file mode 100644 index 0000000..31c1dc2 --- /dev/null +++ b/cases/api_specs_service_versions_get_missing_required_param_service_95c1cee7.hurl @@ -0,0 +1,12 @@ +# ── GET /api/specs/:service/versions - missing required param "service" ── +# case_id=TC-95c1cee7 +# case_name=GET /api/specs/:service/versions - missing required param "service" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +GET {{base_url}}/api/specs/:service/versions?branch=valid + +HTTP 422 + diff --git a/cases/api_specs_service_versions_get_owasp_api2_broken_authentication_9b5eb037.hurl b/cases/api_specs_service_versions_get_owasp_api2_broken_authentication_9b5eb037.hurl new file mode 100644 index 0000000..90ae3c5 --- /dev/null +++ b/cases/api_specs_service_versions_get_owasp_api2_broken_authentication_9b5eb037.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] GET /api/specs/:service/versions — broken authentication ── +# case_id=TC-9b5eb037 +# case_name=[OWASP-API2] GET /api/specs/:service/versions — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/specs/:service/versions + +HTTP 401 + diff --git a/cases/api_specs_service_versions_get_owasp_api7_injection_path_traversal_106c80c0.hurl b/cases/api_specs_service_versions_get_owasp_api7_injection_path_traversal_106c80c0.hurl new file mode 100644 index 0000000..b58757b --- /dev/null +++ b/cases/api_specs_service_versions_get_owasp_api7_injection_path_traversal_106c80c0.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/specs/:service/versions — injection (path-traversal) ── +# case_id=TC-106c80c0 +# case_name=[OWASP-API7] GET /api/specs/:service/versions — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/specs/:service/versions +```json +null +``` + +HTTP 400 + diff --git a/cases/api_specs_service_versions_get_owasp_api7_injection_sqli_ffc707f5.hurl b/cases/api_specs_service_versions_get_owasp_api7_injection_sqli_ffc707f5.hurl new file mode 100644 index 0000000..dd4c0e6 --- /dev/null +++ b/cases/api_specs_service_versions_get_owasp_api7_injection_sqli_ffc707f5.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/specs/:service/versions — injection (sqli) ── +# case_id=TC-ffc707f5 +# case_name=[OWASP-API7] GET /api/specs/:service/versions — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/specs/:service/versions +```json +null +``` + +HTTP 400 + diff --git a/cases/api_specs_service_versions_get_owasp_api7_injection_xss_cf42e9f4.hurl b/cases/api_specs_service_versions_get_owasp_api7_injection_xss_cf42e9f4.hurl new file mode 100644 index 0000000..a2c685d --- /dev/null +++ b/cases/api_specs_service_versions_get_owasp_api7_injection_xss_cf42e9f4.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] GET /api/specs/:service/versions — injection (xss) ── +# case_id=TC-cf42e9f4 +# case_name=[OWASP-API7] GET /api/specs/:service/versions — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/specs/:service/versions +```json +null +``` + +HTTP 400 + diff --git a/cases/api_specs_service_versions_get_valid_request_with_all_required_fields_f8bdece6.hurl b/cases/api_specs_service_versions_get_valid_request_with_all_required_fields_f8bdece6.hurl new file mode 100644 index 0000000..e11de6c --- /dev/null +++ b/cases/api_specs_service_versions_get_valid_request_with_all_required_fields_f8bdece6.hurl @@ -0,0 +1,16 @@ +# ── GET /api/specs/:service/versions - valid request with all required fields ── +# case_id=TC-f8bdece6 +# case_name=GET /api/specs/:service/versions - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +GET {{base_url}}/api/specs/:service/versions + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.versions" exists + diff --git a/cases/api_specs_service_versions_options_owasp_api8_cors_security_configuration_d622eda3.hurl b/cases/api_specs_service_versions_options_owasp_api8_cors_security_configuration_d622eda3.hurl new file mode 100644 index 0000000..8c16444 --- /dev/null +++ b/cases/api_specs_service_versions_options_owasp_api8_cors_security_configuration_d622eda3.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/specs/:service/versions — CORS security configuration ── +# case_id=TC-d622eda3 +# case_name=[OWASP-API8] OPTIONS /api/specs/:service/versions — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/specs/:service/versions +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_tokens_get_auth_chain_9d529cfb.hurl b/cases/api_tokens_get_auth_chain_9d529cfb.hurl new file mode 100644 index 0000000..e460156 --- /dev/null +++ b/cases/api_tokens_get_auth_chain_9d529cfb.hurl @@ -0,0 +1,44 @@ +# ══════════════════════════════════════════════════ +# auth chain: GET /api/tokens +# case_id=TC-9d529cfb +# case_name=auth chain: GET /api/tokens +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── authenticate via POST /api/tokens [setup] ── +# step_id=step-auth +# step_type=setup +# title=authenticate via POST /api/tokens + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Jakob Jensen", + "scope": "write" +} +``` + +HTTP * + +[Captures] +authToken: jsonpath "$.token" + +[Asserts] +status < 300 + +# ── GET /api/tokens with auth token [test] ── +# step_id=step-test +# step_type=test +# title=GET /api/tokens with auth token +# depends_on=step-auth + +GET {{base_url}}/api/tokens +Authorization: Bearer {{authToken}} + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_tokens_get_owasp_api2_broken_authentication_dcecca87.hurl b/cases/api_tokens_get_owasp_api2_broken_authentication_dcecca87.hurl new file mode 100644 index 0000000..f56feab --- /dev/null +++ b/cases/api_tokens_get_owasp_api2_broken_authentication_dcecca87.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] GET /api/tokens — broken authentication ── +# case_id=TC-dcecca87 +# case_name=[OWASP-API2] GET /api/tokens — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +GET {{base_url}}/api/tokens + +HTTP 401 + diff --git a/cases/api_tokens_get_valid_request_with_all_required_fields_abcd14ab.hurl b/cases/api_tokens_get_valid_request_with_all_required_fields_abcd14ab.hurl new file mode 100644 index 0000000..972521c --- /dev/null +++ b/cases/api_tokens_get_valid_request_with_all_required_fields_abcd14ab.hurl @@ -0,0 +1,16 @@ +# ── GET /api/tokens - valid request with all required fields ── +# case_id=TC-abcd14ab +# case_name=GET /api/tokens - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +GET {{base_url}}/api/tokens + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.tokens" exists + diff --git a/cases/api_tokens_id_delete_idempotent_second_call_must_be_safe_ea338ec1.hurl b/cases/api_tokens_id_delete_idempotent_second_call_must_be_safe_ea338ec1.hurl new file mode 100644 index 0000000..bf3a498 --- /dev/null +++ b/cases/api_tokens_id_delete_idempotent_second_call_must_be_safe_ea338ec1.hurl @@ -0,0 +1,33 @@ +# ══════════════════════════════════════════════════ +# DELETE /api/tokens/{id} - idempotent: second call must be safe +# case_id=TC-ea338ec1 +# case_name=DELETE /api/tokens/{id} - idempotent: second call must be safe +# case_kind=chain +# priority=P2 +# ══════════════════════════════════════════════════ + +# ── DELETE /api/tokens/{id} — first call [setup] ── +# step_id=step-setup +# step_type=setup +# title=DELETE /api/tokens/{id} — first call + +DELETE {{base_url}}/api/tokens/{id} + +HTTP 200 + +[Asserts] +duration < 2000 + +# ── DELETE /api/tokens/{id} — identical second call must be safe [test] ── +# step_id=step-test +# step_type=test +# title=DELETE /api/tokens/{id} — identical second call must be safe +# depends_on=step-setup + +DELETE {{base_url}}/api/tokens/{id} + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_tokens_id_delete_idor_id_0_zero_id_d0e0481e.hurl b/cases/api_tokens_id_delete_idor_id_0_zero_id_d0e0481e.hurl new file mode 100644 index 0000000..41bde10 --- /dev/null +++ b/cases/api_tokens_id_delete_idor_id_0_zero_id_d0e0481e.hurl @@ -0,0 +1,16 @@ +# ── DELETE /api/tokens/{id} - IDOR id=0 (zero_id) ── +# case_id=TC-d0e0481e +# case_name=DELETE /api/tokens/{id} - IDOR id=0 (zero_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +DELETE {{base_url}}/api/tokens/0 + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_tokens_id_delete_idor_id_99999_alt_id_502920f7.hurl b/cases/api_tokens_id_delete_idor_id_99999_alt_id_502920f7.hurl new file mode 100644 index 0000000..854fd91 --- /dev/null +++ b/cases/api_tokens_id_delete_idor_id_99999_alt_id_502920f7.hurl @@ -0,0 +1,16 @@ +# ── DELETE /api/tokens/{id} - IDOR id=99999 (alt_id) ── +# case_id=TC-502920f7 +# case_name=DELETE /api/tokens/{id} - IDOR id=99999 (alt_id) +# step_id=step-main +# step_type=test +# technique=idor +# priority=P1 + +DELETE {{base_url}}/api/tokens/99999 + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_tokens_id_delete_missing_required_param_id_c2abfd5e.hurl b/cases/api_tokens_id_delete_missing_required_param_id_c2abfd5e.hurl new file mode 100644 index 0000000..a67d890 --- /dev/null +++ b/cases/api_tokens_id_delete_missing_required_param_id_c2abfd5e.hurl @@ -0,0 +1,12 @@ +# ── DELETE /api/tokens/{id} - missing required param "id" ── +# case_id=TC-c2abfd5e +# case_name=DELETE /api/tokens/{id} - missing required param "id" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +DELETE {{base_url}}/api/tokens/1 + +HTTP 422 + diff --git a/cases/api_tokens_id_delete_owasp_api1_bola_unauthorized_access_2d207a0d.hurl b/cases/api_tokens_id_delete_owasp_api1_bola_unauthorized_access_2d207a0d.hurl new file mode 100644 index 0000000..876724c --- /dev/null +++ b/cases/api_tokens_id_delete_owasp_api1_bola_unauthorized_access_2d207a0d.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API1] DELETE /api/tokens/{id} — BOLA unauthorized access ── +# case_id=TC-2d207a0d +# case_name=[OWASP-API1] DELETE /api/tokens/{id} — BOLA unauthorized access +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/tokens/{{other_resource_id}} + +HTTP 403 + diff --git a/cases/api_tokens_id_delete_owasp_api2_broken_authentication_599ddef6.hurl b/cases/api_tokens_id_delete_owasp_api2_broken_authentication_599ddef6.hurl new file mode 100644 index 0000000..3c01e08 --- /dev/null +++ b/cases/api_tokens_id_delete_owasp_api2_broken_authentication_599ddef6.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] DELETE /api/tokens/{id} — broken authentication ── +# case_id=TC-599ddef6 +# case_name=[OWASP-API2] DELETE /api/tokens/{id} — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/tokens/{id} + +HTTP 401 + diff --git a/cases/api_tokens_id_delete_owasp_api5_function_level_authorization_missing_fbedb9f1.hurl b/cases/api_tokens_id_delete_owasp_api5_function_level_authorization_missing_fbedb9f1.hurl new file mode 100644 index 0000000..54968fa --- /dev/null +++ b/cases/api_tokens_id_delete_owasp_api5_function_level_authorization_missing_fbedb9f1.hurl @@ -0,0 +1,13 @@ +# ── [OWASP-API5] DELETE /api/tokens/{id} — function-level authorization missing ── +# case_id=TC-fbedb9f1 +# case_name=[OWASP-API5] DELETE /api/tokens/{id} — function-level authorization missing +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +DELETE {{base_url}}/api/tokens/{id} +Authorization: Bearer {{user_token}} + +HTTP 403 + diff --git a/cases/api_tokens_id_delete_owasp_api7_injection_path_traversal_85b86fe3.hurl b/cases/api_tokens_id_delete_owasp_api7_injection_path_traversal_85b86fe3.hurl new file mode 100644 index 0000000..cdfba2f --- /dev/null +++ b/cases/api_tokens_id_delete_owasp_api7_injection_path_traversal_85b86fe3.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] DELETE /api/tokens/{id} — injection (path-traversal) ── +# case_id=TC-85b86fe3 +# case_name=[OWASP-API7] DELETE /api/tokens/{id} — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/tokens/..%2F..%2F..%2Fetc%2Fpasswd +```json +null +``` + +HTTP 400 + diff --git a/cases/api_tokens_id_delete_owasp_api7_injection_sqli_e54ea4ce.hurl b/cases/api_tokens_id_delete_owasp_api7_injection_sqli_e54ea4ce.hurl new file mode 100644 index 0000000..a75060d --- /dev/null +++ b/cases/api_tokens_id_delete_owasp_api7_injection_sqli_e54ea4ce.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] DELETE /api/tokens/{id} — injection (sqli) ── +# case_id=TC-e54ea4ce +# case_name=[OWASP-API7] DELETE /api/tokens/{id} — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/tokens/%27%20OR%201=1-- +```json +null +``` + +HTTP 400 + diff --git a/cases/api_tokens_id_delete_owasp_api7_injection_xss_ebab5e69.hurl b/cases/api_tokens_id_delete_owasp_api7_injection_xss_ebab5e69.hurl new file mode 100644 index 0000000..1c7061d --- /dev/null +++ b/cases/api_tokens_id_delete_owasp_api7_injection_xss_ebab5e69.hurl @@ -0,0 +1,15 @@ +# ── [OWASP-API7] DELETE /api/tokens/{id} — injection (xss) ── +# case_id=TC-ebab5e69 +# case_name=[OWASP-API7] DELETE /api/tokens/{id} — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +DELETE {{base_url}}/api/tokens/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E +```json +null +``` + +HTTP 400 + diff --git a/cases/api_tokens_id_delete_valid_request_with_all_required_fields_138640de.hurl b/cases/api_tokens_id_delete_valid_request_with_all_required_fields_138640de.hurl new file mode 100644 index 0000000..8374972 --- /dev/null +++ b/cases/api_tokens_id_delete_valid_request_with_all_required_fields_138640de.hurl @@ -0,0 +1,16 @@ +# ── DELETE /api/tokens/{id} - valid request with all required fields ── +# case_id=TC-138640de +# case_name=DELETE /api/tokens/{id} - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +DELETE {{base_url}}/api/tokens/{id} + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.ok" exists + diff --git a/cases/api_tokens_id_options_owasp_api8_cors_security_configuration_ba604e45.hurl b/cases/api_tokens_id_options_owasp_api8_cors_security_configuration_ba604e45.hurl new file mode 100644 index 0000000..b9702cb --- /dev/null +++ b/cases/api_tokens_id_options_owasp_api8_cors_security_configuration_ba604e45.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/tokens/{id} — CORS security configuration ── +# case_id=TC-ba604e45 +# case_name=[OWASP-API8] OPTIONS /api/tokens/{id} — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/tokens/{id} +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_tokens_options_owasp_api8_cors_security_configuration_b009aaa0.hurl b/cases/api_tokens_options_owasp_api8_cors_security_configuration_b009aaa0.hurl new file mode 100644 index 0000000..0862b3b --- /dev/null +++ b/cases/api_tokens_options_owasp_api8_cors_security_configuration_b009aaa0.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/tokens — CORS security configuration ── +# case_id=TC-b009aaa0 +# case_name=[OWASP-API8] OPTIONS /api/tokens — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/tokens +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_tokens_post_field_boundary_name_invalid_below_min_107263c8.hurl b/cases/api_tokens_post_field_boundary_name_invalid_below_min_107263c8.hurl new file mode 100644 index 0000000..38b67d6 --- /dev/null +++ b/cases/api_tokens_post_field_boundary_name_invalid_below_min_107263c8.hurl @@ -0,0 +1,23 @@ +# ── POST /api/tokens - [field_boundary] name invalid_below_min ── +# case_id=TC-107263c8 +# case_name=POST /api/tokens - [field_boundary] name invalid_below_min +# step_id=step-main +# step_type=test +# technique=field_boundary +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "", + "scope": "read" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_tokens_post_field_boundary_name_valid_min_041bf0da.hurl b/cases/api_tokens_post_field_boundary_name_valid_min_041bf0da.hurl new file mode 100644 index 0000000..501a79a --- /dev/null +++ b/cases/api_tokens_post_field_boundary_name_valid_min_041bf0da.hurl @@ -0,0 +1,23 @@ +# ── POST /api/tokens - [field_boundary] name valid_min ── +# case_id=TC-041bf0da +# case_name=POST /api/tokens - [field_boundary] name valid_min +# step_id=step-main +# step_type=test +# technique=field_boundary +# priority=P1 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "a", + "scope": "read" +} +``` + +HTTP * + +[Asserts] +status >= 200 +status < 300 + diff --git a/cases/api_tokens_post_idempotent_second_call_must_be_safe_85621889.hurl b/cases/api_tokens_post_idempotent_second_call_must_be_safe_85621889.hurl new file mode 100644 index 0000000..342a55b --- /dev/null +++ b/cases/api_tokens_post_idempotent_second_call_must_be_safe_85621889.hurl @@ -0,0 +1,47 @@ +# ══════════════════════════════════════════════════ +# POST /api/tokens - idempotent: second call must be safe +# case_id=TC-85621889 +# case_name=POST /api/tokens - idempotent: second call must be safe +# case_kind=chain +# priority=P2 +# ══════════════════════════════════════════════════ + +# ── POST /api/tokens — first call [setup] ── +# step_id=step-setup +# step_type=setup +# title=POST /api/tokens — first call + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Kaya Saunders", + "scope": "read" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + +# ── POST /api/tokens — identical second call must be safe [test] ── +# step_id=step-test +# step_type=test +# title=POST /api/tokens — identical second call must be safe +# depends_on=step-setup + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Kaya Saunders", + "scope": "read" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_tokens_post_invalid_name_empty_string_violates_minlength_1_b579ade9.hurl b/cases/api_tokens_post_invalid_name_empty_string_violates_minlength_1_b579ade9.hurl new file mode 100644 index 0000000..28cde18 --- /dev/null +++ b/cases/api_tokens_post_invalid_name_empty_string_violates_minlength_1_b579ade9.hurl @@ -0,0 +1,19 @@ +# ── POST /api/tokens - invalid name: empty string violates minLength 1 ── +# case_id=TC-b579ade9 +# case_name=POST /api/tokens - invalid name: empty string violates minLength 1 +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "", + "scope": "read" +} +``` + +HTTP 422 + diff --git a/cases/api_tokens_post_invalid_scope_value_not_in_enum_a9cdb025.hurl b/cases/api_tokens_post_invalid_scope_value_not_in_enum_a9cdb025.hurl new file mode 100644 index 0000000..109f024 --- /dev/null +++ b/cases/api_tokens_post_invalid_scope_value_not_in_enum_a9cdb025.hurl @@ -0,0 +1,19 @@ +# ── POST /api/tokens - invalid scope: value not in enum ── +# case_id=TC-a9cdb025 +# case_name=POST /api/tokens - invalid scope: value not in enum +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Damion Rivera", + "scope": "__invalid_enum__" +} +``` + +HTTP 422 + diff --git a/cases/api_tokens_post_mass_assignment_financial_probe_b896a4fe.hurl b/cases/api_tokens_post_mass_assignment_financial_probe_b896a4fe.hurl new file mode 100644 index 0000000..f79c42b --- /dev/null +++ b/cases/api_tokens_post_mass_assignment_financial_probe_b896a4fe.hurl @@ -0,0 +1,23 @@ +# ── POST /api/tokens - [mass_assignment] financial probe ── +# case_id=TC-b896a4fe +# case_name=POST /api/tokens - [mass_assignment] financial probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "balance": 1, + "credits": 1, + "discount": 0, + "name": "Jalen Phillips", + "price": 1, + "scope": "write" +} +``` + +HTTP 400 + diff --git a/cases/api_tokens_post_mass_assignment_identity_probe_b46880dc.hurl b/cases/api_tokens_post_mass_assignment_identity_probe_b46880dc.hurl new file mode 100644 index 0000000..994b07a --- /dev/null +++ b/cases/api_tokens_post_mass_assignment_identity_probe_b46880dc.hurl @@ -0,0 +1,23 @@ +# ── POST /api/tokens - [mass_assignment] identity probe ── +# case_id=TC-b46880dc +# case_name=POST /api/tokens - [mass_assignment] identity probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "createdBy": "__probe__", + "name": "Jalen Phillips", + "ownerId": "__probe__", + "scope": "write", + "userId": "__probe__", + "user_id": "__probe__" +} +``` + +HTTP 400 + diff --git a/cases/api_tokens_post_mass_assignment_privilege_probe_2411ba2b.hurl b/cases/api_tokens_post_mass_assignment_privilege_probe_2411ba2b.hurl new file mode 100644 index 0000000..dfa27a8 --- /dev/null +++ b/cases/api_tokens_post_mass_assignment_privilege_probe_2411ba2b.hurl @@ -0,0 +1,23 @@ +# ── POST /api/tokens - [mass_assignment] privilege probe ── +# case_id=TC-2411ba2b +# case_name=POST /api/tokens - [mass_assignment] privilege probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "admin": true, + "isAdmin": true, + "is_admin": true, + "name": "Jalen Phillips", + "role": "__probe__", + "scope": "write" +} +``` + +HTTP 400 + diff --git a/cases/api_tokens_post_mass_assignment_status_probe_248852e9.hurl b/cases/api_tokens_post_mass_assignment_status_probe_248852e9.hurl new file mode 100644 index 0000000..f466743 --- /dev/null +++ b/cases/api_tokens_post_mass_assignment_status_probe_248852e9.hurl @@ -0,0 +1,23 @@ +# ── POST /api/tokens - [mass_assignment] status probe ── +# case_id=TC-248852e9 +# case_name=POST /api/tokens - [mass_assignment] status probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "approved": true, + "banned": false, + "disabled": false, + "name": "Jalen Phillips", + "scope": "write", + "verified": true +} +``` + +HTTP 400 + diff --git a/cases/api_tokens_post_missing_required_field_name_5566a91f.hurl b/cases/api_tokens_post_missing_required_field_name_5566a91f.hurl new file mode 100644 index 0000000..128df88 --- /dev/null +++ b/cases/api_tokens_post_missing_required_field_name_5566a91f.hurl @@ -0,0 +1,18 @@ +# ── POST /api/tokens - missing required field "name" ── +# case_id=TC-5566a91f +# case_name=POST /api/tokens - missing required field "name" +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P1 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "scope": "read" +} +``` + +HTTP 422 + diff --git a/cases/api_tokens_post_missing_required_field_name_75703d6a.hurl b/cases/api_tokens_post_missing_required_field_name_75703d6a.hurl new file mode 100644 index 0000000..afb934f --- /dev/null +++ b/cases/api_tokens_post_missing_required_field_name_75703d6a.hurl @@ -0,0 +1,18 @@ +# ── POST /api/tokens - missing required field "name" ── +# case_id=TC-75703d6a +# case_name=POST /api/tokens - missing required field "name" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "scope": "read" +} +``` + +HTTP 422 + diff --git a/cases/api_tokens_post_missing_required_field_scope_6284c90d.hurl b/cases/api_tokens_post_missing_required_field_scope_6284c90d.hurl new file mode 100644 index 0000000..097eb64 --- /dev/null +++ b/cases/api_tokens_post_missing_required_field_scope_6284c90d.hurl @@ -0,0 +1,18 @@ +# ── POST /api/tokens - missing required field "scope" ── +# case_id=TC-6284c90d +# case_name=POST /api/tokens - missing required field "scope" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Damion Rivera" +} +``` + +HTTP 422 + diff --git a/cases/api_tokens_post_missing_required_field_scope_aa18d499.hurl b/cases/api_tokens_post_missing_required_field_scope_aa18d499.hurl new file mode 100644 index 0000000..f0170de --- /dev/null +++ b/cases/api_tokens_post_missing_required_field_scope_aa18d499.hurl @@ -0,0 +1,18 @@ +# ── POST /api/tokens - missing required field "scope" ── +# case_id=TC-aa18d499 +# case_name=POST /api/tokens - missing required field "scope" +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P1 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Lawrence Braun" +} +``` + +HTTP 422 + diff --git a/cases/api_tokens_post_mutation_name_empty_string_188465c8.hurl b/cases/api_tokens_post_mutation_name_empty_string_188465c8.hurl new file mode 100644 index 0000000..8c0ec52 --- /dev/null +++ b/cases/api_tokens_post_mutation_name_empty_string_188465c8.hurl @@ -0,0 +1,23 @@ +# ── POST /api/tokens - mutation: name empty string ── +# case_id=TC-188465c8 +# case_name=POST /api/tokens - mutation: name empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "", + "scope": "write" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_tokens_post_mutation_name_integer_instead_of_string_30aabbdc.hurl b/cases/api_tokens_post_mutation_name_integer_instead_of_string_30aabbdc.hurl new file mode 100644 index 0000000..307c42f --- /dev/null +++ b/cases/api_tokens_post_mutation_name_integer_instead_of_string_30aabbdc.hurl @@ -0,0 +1,23 @@ +# ── POST /api/tokens - mutation: name integer instead of string ── +# case_id=TC-30aabbdc +# case_name=POST /api/tokens - mutation: name integer instead of string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": 12345, + "scope": "write" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_tokens_post_mutation_name_null_value_816809db.hurl b/cases/api_tokens_post_mutation_name_null_value_816809db.hurl new file mode 100644 index 0000000..416f168 --- /dev/null +++ b/cases/api_tokens_post_mutation_name_null_value_816809db.hurl @@ -0,0 +1,23 @@ +# ── POST /api/tokens - mutation: name null value ── +# case_id=TC-816809db +# case_name=POST /api/tokens - mutation: name null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": null, + "scope": "write" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_tokens_post_mutation_name_oversized_string_300_chars_8c9976d8.hurl b/cases/api_tokens_post_mutation_name_oversized_string_300_chars_8c9976d8.hurl new file mode 100644 index 0000000..9f7c53a --- /dev/null +++ b/cases/api_tokens_post_mutation_name_oversized_string_300_chars_8c9976d8.hurl @@ -0,0 +1,23 @@ +# ── POST /api/tokens - mutation: name oversized string (300 chars) ── +# case_id=TC-8c9976d8 +# case_name=POST /api/tokens - mutation: name oversized string (300 chars) +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "scope": "write" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_tokens_post_mutation_scope_empty_string_c8cd2aed.hurl b/cases/api_tokens_post_mutation_scope_empty_string_c8cd2aed.hurl new file mode 100644 index 0000000..b672fae --- /dev/null +++ b/cases/api_tokens_post_mutation_scope_empty_string_c8cd2aed.hurl @@ -0,0 +1,23 @@ +# ── POST /api/tokens - mutation: scope empty string ── +# case_id=TC-c8cd2aed +# case_name=POST /api/tokens - mutation: scope empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Clifford Ruiz", + "scope": "" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_tokens_post_mutation_scope_integer_instead_of_string_745ea604.hurl b/cases/api_tokens_post_mutation_scope_integer_instead_of_string_745ea604.hurl new file mode 100644 index 0000000..32a79aa --- /dev/null +++ b/cases/api_tokens_post_mutation_scope_integer_instead_of_string_745ea604.hurl @@ -0,0 +1,23 @@ +# ── POST /api/tokens - mutation: scope integer instead of string ── +# case_id=TC-745ea604 +# case_name=POST /api/tokens - mutation: scope integer instead of string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Clifford Ruiz", + "scope": 12345 +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_tokens_post_mutation_scope_null_value_75bc6e95.hurl b/cases/api_tokens_post_mutation_scope_null_value_75bc6e95.hurl new file mode 100644 index 0000000..fd2e067 --- /dev/null +++ b/cases/api_tokens_post_mutation_scope_null_value_75bc6e95.hurl @@ -0,0 +1,23 @@ +# ── POST /api/tokens - mutation: scope null value ── +# case_id=TC-75bc6e95 +# case_name=POST /api/tokens - mutation: scope null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Clifford Ruiz", + "scope": null +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_tokens_post_mutation_scope_oversized_string_300_chars_4d189659.hurl b/cases/api_tokens_post_mutation_scope_oversized_string_300_chars_4d189659.hurl new file mode 100644 index 0000000..f462537 --- /dev/null +++ b/cases/api_tokens_post_mutation_scope_oversized_string_300_chars_4d189659.hurl @@ -0,0 +1,23 @@ +# ── POST /api/tokens - mutation: scope oversized string (300 chars) ── +# case_id=TC-4d189659 +# case_name=POST /api/tokens - mutation: scope oversized string (300 chars) +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Clifford Ruiz", + "scope": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_tokens_post_name_at_max_plus_one_invalid_boundary_7b3217ba.hurl b/cases/api_tokens_post_name_at_max_plus_one_invalid_boundary_7b3217ba.hurl new file mode 100644 index 0000000..dea201c --- /dev/null +++ b/cases/api_tokens_post_name_at_max_plus_one_invalid_boundary_7b3217ba.hurl @@ -0,0 +1,19 @@ +# ── POST /api/tokens - name at max_plus_one_invalid boundary ── +# case_id=TC-7b3217ba +# case_name=POST /api/tokens - name at max_plus_one_invalid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "gZkkKaBcgUUrJhMvMmXsjgUJDOfrVpkfGCKVAUujjHuMbmjqYrroOdpRDCHXNKftgwkIjzdVDnyjNbwYqqZrajsqPvSTaCwhMFwMjAZyBQIjmghcfkelirBpAPxhbuYkwsodExCcRneWXSlyLvtcufLRHJWucpZNlpPiKuSLlicpZPdObnVxJdhXykuHmqCapfBevaSSFSPEtYlzUlPAVbisIBFXneKSEoFFcgPCMSeUhOCBMxaqhfiLFJvQwWsX", + "scope": "read" +} +``` + +HTTP 422 + diff --git a/cases/api_tokens_post_name_at_max_valid_boundary_a0247f03.hurl b/cases/api_tokens_post_name_at_max_valid_boundary_a0247f03.hurl new file mode 100644 index 0000000..cab2ab8 --- /dev/null +++ b/cases/api_tokens_post_name_at_max_valid_boundary_a0247f03.hurl @@ -0,0 +1,22 @@ +# ── POST /api/tokens - name at max_valid boundary ── +# case_id=TC-a0247f03 +# case_name=POST /api/tokens - name at max_valid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P1 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "dIcVzeAXIpwOMzbhuWAKvYpdHpXhDnlquznBMpHNObsplNJMCmfagUMlgmyfFcxjiOSjnDPJMExECRCIPMONUmxCjiZwOKphjBRzxRgqBHCPWiUvPVxGpuIuOwqcjGDtPEXvUFwTFgNBEKmwQejgeRCcxYCgaGRusgCHYhGuMkhuWBKpkpOWZMOWQrWAqMGwVOnWXHenTnRwxoXQNWVzoLuAeLfEUWmvtOaUOzDopkvdpjDJgEGrzToimadBCbq", + "scope": "read" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_tokens_post_name_at_min_minus_one_invalid_boundary_d08f5a90.hurl b/cases/api_tokens_post_name_at_min_minus_one_invalid_boundary_d08f5a90.hurl new file mode 100644 index 0000000..a3550d9 --- /dev/null +++ b/cases/api_tokens_post_name_at_min_minus_one_invalid_boundary_d08f5a90.hurl @@ -0,0 +1,19 @@ +# ── POST /api/tokens - name at min_minus_one_invalid boundary ── +# case_id=TC-d08f5a90 +# case_name=POST /api/tokens - name at min_minus_one_invalid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "e", + "scope": "read" +} +``` + +HTTP 422 + diff --git a/cases/api_tokens_post_name_at_min_valid_boundary_1c063dd5.hurl b/cases/api_tokens_post_name_at_min_valid_boundary_1c063dd5.hurl new file mode 100644 index 0000000..3315fd7 --- /dev/null +++ b/cases/api_tokens_post_name_at_min_valid_boundary_1c063dd5.hurl @@ -0,0 +1,22 @@ +# ── POST /api/tokens - name at min_valid boundary ── +# case_id=TC-1c063dd5 +# case_name=POST /api/tokens - name at min_valid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P1 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Y", + "scope": "read" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_tokens_post_null_injection_name_97bd0c77.hurl b/cases/api_tokens_post_null_injection_name_97bd0c77.hurl new file mode 100644 index 0000000..52f95de --- /dev/null +++ b/cases/api_tokens_post_null_injection_name_97bd0c77.hurl @@ -0,0 +1,19 @@ +# ── POST /api/tokens - null injection: name ── +# case_id=TC-97bd0c77 +# case_name=POST /api/tokens - null injection: name +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": null, + "scope": "write" +} +``` + +HTTP 422 + diff --git a/cases/api_tokens_post_null_injection_scope_0b4d216c.hurl b/cases/api_tokens_post_null_injection_scope_0b4d216c.hurl new file mode 100644 index 0000000..3986a8e --- /dev/null +++ b/cases/api_tokens_post_null_injection_scope_0b4d216c.hurl @@ -0,0 +1,19 @@ +# ── POST /api/tokens - null injection: scope ── +# case_id=TC-0b4d216c +# case_name=POST /api/tokens - null injection: scope +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Evelyn Coleman", + "scope": null +} +``` + +HTTP 422 + diff --git a/cases/api_tokens_post_owasp_api2_broken_authentication_9e6576d2.hurl b/cases/api_tokens_post_owasp_api2_broken_authentication_9e6576d2.hurl new file mode 100644 index 0000000..83e46c1 --- /dev/null +++ b/cases/api_tokens_post_owasp_api2_broken_authentication_9e6576d2.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] POST /api/tokens — broken authentication ── +# case_id=TC-9e6576d2 +# case_name=[OWASP-API2] POST /api/tokens — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/tokens + +HTTP 401 + diff --git a/cases/api_tokens_post_owasp_api6_mass_assignment_d9979992.hurl b/cases/api_tokens_post_owasp_api6_mass_assignment_d9979992.hurl new file mode 100644 index 0000000..bb7ed35 --- /dev/null +++ b/cases/api_tokens_post_owasp_api6_mass_assignment_d9979992.hurl @@ -0,0 +1,27 @@ +# ── [OWASP-API6] POST /api/tokens — mass assignment ── +# case_id=TC-d9979992 +# case_name=[OWASP-API6] POST /api/tokens — mass assignment +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "createdAt": "2000-01-01T00:00:00Z", + "id": 99999, + "name": "Marianne Nolan", + "scope": "write", + "updatedAt": "2000-01-01T00:00:00Z" +} +``` + +HTTP 201 + +[Asserts] +jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" +jsonpath "$.id" != 99999 +jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" + diff --git a/cases/api_tokens_post_owasp_api7_injection_path_traversal_26975d5c.hurl b/cases/api_tokens_post_owasp_api7_injection_path_traversal_26975d5c.hurl new file mode 100644 index 0000000..e3f5603 --- /dev/null +++ b/cases/api_tokens_post_owasp_api7_injection_path_traversal_26975d5c.hurl @@ -0,0 +1,18 @@ +# ── [OWASP-API7] POST /api/tokens — injection (path-traversal) ── +# case_id=TC-26975d5c +# case_name=[OWASP-API7] POST /api/tokens — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "scope": "../../../etc/passwd" +} +``` + +HTTP 400 + diff --git a/cases/api_tokens_post_owasp_api7_injection_sqli_1df31a27.hurl b/cases/api_tokens_post_owasp_api7_injection_sqli_1df31a27.hurl new file mode 100644 index 0000000..2da5697 --- /dev/null +++ b/cases/api_tokens_post_owasp_api7_injection_sqli_1df31a27.hurl @@ -0,0 +1,18 @@ +# ── [OWASP-API7] POST /api/tokens — injection (sqli) ── +# case_id=TC-1df31a27 +# case_name=[OWASP-API7] POST /api/tokens — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "scope": "' OR 1=1--" +} +``` + +HTTP 400 + diff --git a/cases/api_tokens_post_owasp_api7_injection_xss_8157a3a5.hurl b/cases/api_tokens_post_owasp_api7_injection_xss_8157a3a5.hurl new file mode 100644 index 0000000..fe6b263 --- /dev/null +++ b/cases/api_tokens_post_owasp_api7_injection_xss_8157a3a5.hurl @@ -0,0 +1,18 @@ +# ── [OWASP-API7] POST /api/tokens — injection (xss) ── +# case_id=TC-8157a3a5 +# case_name=[OWASP-API7] POST /api/tokens — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "scope": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" +} +``` + +HTTP 400 + diff --git a/cases/api_tokens_post_required_omission_name_absent_b998dc1a.hurl b/cases/api_tokens_post_required_omission_name_absent_b998dc1a.hurl new file mode 100644 index 0000000..a3675f2 --- /dev/null +++ b/cases/api_tokens_post_required_omission_name_absent_b998dc1a.hurl @@ -0,0 +1,22 @@ +# ── POST /api/tokens - [required_omission] name absent ── +# case_id=TC-b998dc1a +# case_name=POST /api/tokens - [required_omission] name absent +# step_id=step-main +# step_type=test +# technique=required_omission +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "scope": "write" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_tokens_post_required_omission_scope_absent_fcb3e065.hurl b/cases/api_tokens_post_required_omission_scope_absent_fcb3e065.hurl new file mode 100644 index 0000000..7692dfe --- /dev/null +++ b/cases/api_tokens_post_required_omission_scope_absent_fcb3e065.hurl @@ -0,0 +1,22 @@ +# ── POST /api/tokens - [required_omission] scope absent ── +# case_id=TC-fcb3e065 +# case_name=POST /api/tokens - [required_omission] scope absent +# step_id=step-main +# step_type=test +# technique=required_omission +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Macey Wolfe" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_tokens_post_schema_violation_name_missing_required_c2cef5a1.hurl b/cases/api_tokens_post_schema_violation_name_missing_required_c2cef5a1.hurl new file mode 100644 index 0000000..ba15972 --- /dev/null +++ b/cases/api_tokens_post_schema_violation_name_missing_required_c2cef5a1.hurl @@ -0,0 +1,18 @@ +# ── POST /api/tokens - [schema_violation] name_missing_required ── +# case_id=TC-c2cef5a1 +# case_name=POST /api/tokens - [schema_violation] name_missing_required +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "scope": "read" +} +``` + +HTTP 422 + diff --git a/cases/api_tokens_post_schema_violation_name_too_short_bf65e63e.hurl b/cases/api_tokens_post_schema_violation_name_too_short_bf65e63e.hurl new file mode 100644 index 0000000..fa31c04 --- /dev/null +++ b/cases/api_tokens_post_schema_violation_name_too_short_bf65e63e.hurl @@ -0,0 +1,19 @@ +# ── POST /api/tokens - [schema_violation] name_too_short ── +# case_id=TC-bf65e63e +# case_name=POST /api/tokens - [schema_violation] name_too_short +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "", + "scope": "read" +} +``` + +HTTP 422 + diff --git a/cases/api_tokens_post_schema_violation_scope_invalid_enum_a6a38420.hurl b/cases/api_tokens_post_schema_violation_scope_invalid_enum_a6a38420.hurl new file mode 100644 index 0000000..9ce5b09 --- /dev/null +++ b/cases/api_tokens_post_schema_violation_scope_invalid_enum_a6a38420.hurl @@ -0,0 +1,19 @@ +# ── POST /api/tokens - [schema_violation] scope_invalid_enum ── +# case_id=TC-a6a38420 +# case_name=POST /api/tokens - [schema_violation] scope_invalid_enum +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Bonita Hermann", + "scope": "__invalid__" +} +``` + +HTTP 422 + diff --git a/cases/api_tokens_post_schema_violation_scope_missing_required_ad285328.hurl b/cases/api_tokens_post_schema_violation_scope_missing_required_ad285328.hurl new file mode 100644 index 0000000..91c19e1 --- /dev/null +++ b/cases/api_tokens_post_schema_violation_scope_missing_required_ad285328.hurl @@ -0,0 +1,18 @@ +# ── POST /api/tokens - [schema_violation] scope_missing_required ── +# case_id=TC-ad285328 +# case_name=POST /api/tokens - [schema_violation] scope_missing_required +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Bonita Hermann" +} +``` + +HTTP 422 + diff --git a/cases/api_tokens_post_type_coercion_name_wrong_type_boolean_bd1e61be.hurl b/cases/api_tokens_post_type_coercion_name_wrong_type_boolean_bd1e61be.hurl new file mode 100644 index 0000000..6e694cb --- /dev/null +++ b/cases/api_tokens_post_type_coercion_name_wrong_type_boolean_bd1e61be.hurl @@ -0,0 +1,19 @@ +# ── POST /api/tokens - [type_coercion] name wrong_type_boolean ── +# case_id=TC-bd1e61be +# case_name=POST /api/tokens - [type_coercion] name wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": true, + "scope": "write" +} +``` + +HTTP 422 + diff --git a/cases/api_tokens_post_type_coercion_name_wrong_type_integer_9bc60d9a.hurl b/cases/api_tokens_post_type_coercion_name_wrong_type_integer_9bc60d9a.hurl new file mode 100644 index 0000000..4b6d800 --- /dev/null +++ b/cases/api_tokens_post_type_coercion_name_wrong_type_integer_9bc60d9a.hurl @@ -0,0 +1,19 @@ +# ── POST /api/tokens - [type_coercion] name wrong_type_integer ── +# case_id=TC-9bc60d9a +# case_name=POST /api/tokens - [type_coercion] name wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": 123, + "scope": "write" +} +``` + +HTTP 422 + diff --git a/cases/api_tokens_post_type_coercion_scope_wrong_type_boolean_28d94662.hurl b/cases/api_tokens_post_type_coercion_scope_wrong_type_boolean_28d94662.hurl new file mode 100644 index 0000000..c397aed --- /dev/null +++ b/cases/api_tokens_post_type_coercion_scope_wrong_type_boolean_28d94662.hurl @@ -0,0 +1,19 @@ +# ── POST /api/tokens - [type_coercion] scope wrong_type_boolean ── +# case_id=TC-28d94662 +# case_name=POST /api/tokens - [type_coercion] scope wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Nathanael Connelly", + "scope": true +} +``` + +HTTP 422 + diff --git a/cases/api_tokens_post_type_coercion_scope_wrong_type_integer_9bf5d669.hurl b/cases/api_tokens_post_type_coercion_scope_wrong_type_integer_9bf5d669.hurl new file mode 100644 index 0000000..1b5ce2d --- /dev/null +++ b/cases/api_tokens_post_type_coercion_scope_wrong_type_integer_9bf5d669.hurl @@ -0,0 +1,19 @@ +# ── POST /api/tokens - [type_coercion] scope wrong_type_integer ── +# case_id=TC-9bf5d669 +# case_name=POST /api/tokens - [type_coercion] scope wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Nathanael Connelly", + "scope": 123 +} +``` + +HTTP 422 + diff --git a/cases/api_tokens_post_unicode_fuzzing_name_bidi_override_33a5a9d7.hurl b/cases/api_tokens_post_unicode_fuzzing_name_bidi_override_33a5a9d7.hurl new file mode 100644 index 0000000..9ce1ca1 --- /dev/null +++ b/cases/api_tokens_post_unicode_fuzzing_name_bidi_override_33a5a9d7.hurl @@ -0,0 +1,19 @@ +# ── POST /api/tokens - [unicode_fuzzing] name bidi_override ── +# case_id=TC-33a5a9d7 +# case_name=POST /api/tokens - [unicode_fuzzing] name bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "‮hello", + "scope": "read" +} +``` + +HTTP 400 + diff --git a/cases/api_tokens_post_unicode_fuzzing_name_control_char_fc869137.hurl b/cases/api_tokens_post_unicode_fuzzing_name_control_char_fc869137.hurl new file mode 100644 index 0000000..e6ccc04 --- /dev/null +++ b/cases/api_tokens_post_unicode_fuzzing_name_control_char_fc869137.hurl @@ -0,0 +1,19 @@ +# ── POST /api/tokens - [unicode_fuzzing] name control_char ── +# case_id=TC-fc869137 +# case_name=POST /api/tokens - [unicode_fuzzing] name control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "hello\u0000world", + "scope": "read" +} +``` + +HTTP 400 + diff --git a/cases/api_tokens_post_unicode_fuzzing_name_overlong_4faf49f0.hurl b/cases/api_tokens_post_unicode_fuzzing_name_overlong_4faf49f0.hurl new file mode 100644 index 0000000..6b1eb0f --- /dev/null +++ b/cases/api_tokens_post_unicode_fuzzing_name_overlong_4faf49f0.hurl @@ -0,0 +1,19 @@ +# ── POST /api/tokens - [unicode_fuzzing] name overlong ── +# case_id=TC-4faf49f0 +# case_name=POST /api/tokens - [unicode_fuzzing] name overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "scope": "read" +} +``` + +HTTP 400 + diff --git a/cases/api_tokens_post_unicode_fuzzing_name_zalgo_431d2bbf.hurl b/cases/api_tokens_post_unicode_fuzzing_name_zalgo_431d2bbf.hurl new file mode 100644 index 0000000..1518cca --- /dev/null +++ b/cases/api_tokens_post_unicode_fuzzing_name_zalgo_431d2bbf.hurl @@ -0,0 +1,19 @@ +# ── POST /api/tokens - [unicode_fuzzing] name zalgo ── +# case_id=TC-431d2bbf +# case_name=POST /api/tokens - [unicode_fuzzing] name zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "z̀́̂̃̄̅̆̇a", + "scope": "read" +} +``` + +HTTP 400 + diff --git a/cases/api_tokens_post_unicode_fuzzing_name_zero_width_6f9f1e83.hurl b/cases/api_tokens_post_unicode_fuzzing_name_zero_width_6f9f1e83.hurl new file mode 100644 index 0000000..16d429e --- /dev/null +++ b/cases/api_tokens_post_unicode_fuzzing_name_zero_width_6f9f1e83.hurl @@ -0,0 +1,19 @@ +# ── POST /api/tokens - [unicode_fuzzing] name zero_width ── +# case_id=TC-6f9f1e83 +# case_name=POST /api/tokens - [unicode_fuzzing] name zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "​hello", + "scope": "read" +} +``` + +HTTP 400 + diff --git a/cases/api_tokens_post_unicode_fuzzing_scope_bidi_override_8643ca22.hurl b/cases/api_tokens_post_unicode_fuzzing_scope_bidi_override_8643ca22.hurl new file mode 100644 index 0000000..37e6c6c --- /dev/null +++ b/cases/api_tokens_post_unicode_fuzzing_scope_bidi_override_8643ca22.hurl @@ -0,0 +1,19 @@ +# ── POST /api/tokens - [unicode_fuzzing] scope bidi_override ── +# case_id=TC-8643ca22 +# case_name=POST /api/tokens - [unicode_fuzzing] scope bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Amelia Cummings", + "scope": "‮hello" +} +``` + +HTTP 400 + diff --git a/cases/api_tokens_post_unicode_fuzzing_scope_control_char_0d728fca.hurl b/cases/api_tokens_post_unicode_fuzzing_scope_control_char_0d728fca.hurl new file mode 100644 index 0000000..f9e2171 --- /dev/null +++ b/cases/api_tokens_post_unicode_fuzzing_scope_control_char_0d728fca.hurl @@ -0,0 +1,19 @@ +# ── POST /api/tokens - [unicode_fuzzing] scope control_char ── +# case_id=TC-0d728fca +# case_name=POST /api/tokens - [unicode_fuzzing] scope control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Amelia Cummings", + "scope": "hello\u0000world" +} +``` + +HTTP 400 + diff --git a/cases/api_tokens_post_unicode_fuzzing_scope_overlong_8adfe998.hurl b/cases/api_tokens_post_unicode_fuzzing_scope_overlong_8adfe998.hurl new file mode 100644 index 0000000..13fe392 --- /dev/null +++ b/cases/api_tokens_post_unicode_fuzzing_scope_overlong_8adfe998.hurl @@ -0,0 +1,19 @@ +# ── POST /api/tokens - [unicode_fuzzing] scope overlong ── +# case_id=TC-8adfe998 +# case_name=POST /api/tokens - [unicode_fuzzing] scope overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Amelia Cummings", + "scope": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +} +``` + +HTTP 400 + diff --git a/cases/api_tokens_post_unicode_fuzzing_scope_zalgo_734aea93.hurl b/cases/api_tokens_post_unicode_fuzzing_scope_zalgo_734aea93.hurl new file mode 100644 index 0000000..76ea01b --- /dev/null +++ b/cases/api_tokens_post_unicode_fuzzing_scope_zalgo_734aea93.hurl @@ -0,0 +1,19 @@ +# ── POST /api/tokens - [unicode_fuzzing] scope zalgo ── +# case_id=TC-734aea93 +# case_name=POST /api/tokens - [unicode_fuzzing] scope zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Amelia Cummings", + "scope": "z̀́̂̃̄̅̆̇a" +} +``` + +HTTP 400 + diff --git a/cases/api_tokens_post_unicode_fuzzing_scope_zero_width_6b8f84d1.hurl b/cases/api_tokens_post_unicode_fuzzing_scope_zero_width_6b8f84d1.hurl new file mode 100644 index 0000000..123b50e --- /dev/null +++ b/cases/api_tokens_post_unicode_fuzzing_scope_zero_width_6b8f84d1.hurl @@ -0,0 +1,19 @@ +# ── POST /api/tokens - [unicode_fuzzing] scope zero_width ── +# case_id=TC-6b8f84d1 +# case_name=POST /api/tokens - [unicode_fuzzing] scope zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Amelia Cummings", + "scope": "​hello" +} +``` + +HTTP 400 + diff --git a/cases/api_tokens_post_valid_request_with_all_required_fields_6a65bf78.hurl b/cases/api_tokens_post_valid_request_with_all_required_fields_6a65bf78.hurl new file mode 100644 index 0000000..5623b53 --- /dev/null +++ b/cases/api_tokens_post_valid_request_with_all_required_fields_6a65bf78.hurl @@ -0,0 +1,28 @@ +# ── POST /api/tokens - valid request with all required fields ── +# case_id=TC-6a65bf78 +# case_name=POST /api/tokens - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Allison Hunter", + "scope": "read" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.name" exists +jsonpath "$.prefix" exists +jsonpath "$.scope" exists +jsonpath "$.token" exists +jsonpath "$.createdAt" exists +jsonpath "$.id" exists + diff --git a/cases/api_tokens_post_wrong_content_type_text_plain_b0b71990.hurl b/cases/api_tokens_post_wrong_content_type_text_plain_b0b71990.hurl new file mode 100644 index 0000000..73a6621 --- /dev/null +++ b/cases/api_tokens_post_wrong_content_type_text_plain_b0b71990.hurl @@ -0,0 +1,19 @@ +# ── POST /api/tokens - wrong content-type (text/plain) ── +# case_id=TC-b0b71990 +# case_name=POST /api/tokens - wrong content-type (text/plain) +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/tokens +Content-Type: text/plain +```json +{ + "name": "Evelyn Coleman", + "scope": "write" +} +``` + +HTTP 415 + diff --git a/cases/api_tokens_sequence_chain_delete_api_admin_grants_id_e1324ddf.hurl b/cases/api_tokens_sequence_chain_delete_api_admin_grants_id_e1324ddf.hurl new file mode 100644 index 0000000..84f68c2 --- /dev/null +++ b/cases/api_tokens_sequence_chain_delete_api_admin_grants_id_e1324ddf.hurl @@ -0,0 +1,43 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/tokens → DELETE /api/admin/grants/{id} +# case_id=TC-e1324ddf +# case_name=sequence chain: /api/tokens → DELETE /api/admin/grants/{id} +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/tokens [setup] ───── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/tokens + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Bernardo Auer", + "scope": "write" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via DELETE /api/admin/grants/{id} [test] ── +# step_id=step-test +# step_type=test +# title=use via DELETE /api/admin/grants/{id} +# depends_on=step-setup + +DELETE {{base_url}}/api/admin/grants/{{id}} + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_tokens_sequence_chain_delete_api_admin_users_id_60268ad8.hurl b/cases/api_tokens_sequence_chain_delete_api_admin_users_id_60268ad8.hurl new file mode 100644 index 0000000..9ff06e6 --- /dev/null +++ b/cases/api_tokens_sequence_chain_delete_api_admin_users_id_60268ad8.hurl @@ -0,0 +1,43 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/tokens → DELETE /api/admin/users/{id} +# case_id=TC-60268ad8 +# case_name=sequence chain: /api/tokens → DELETE /api/admin/users/{id} +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/tokens [setup] ───── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/tokens + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Rafael Hopkins", + "scope": "write" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via DELETE /api/admin/users/{id} [test] ── +# step_id=step-test +# step_type=test +# title=use via DELETE /api/admin/users/{id} +# depends_on=step-setup + +DELETE {{base_url}}/api/admin/users/{{id}} + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_tokens_sequence_chain_get_api_admin_teams_id_grants_f107e18d.hurl b/cases/api_tokens_sequence_chain_get_api_admin_teams_id_grants_f107e18d.hurl new file mode 100644 index 0000000..16abc78 --- /dev/null +++ b/cases/api_tokens_sequence_chain_get_api_admin_teams_id_grants_f107e18d.hurl @@ -0,0 +1,43 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/tokens → GET /api/admin/teams/{id}/grants +# case_id=TC-f107e18d +# case_name=sequence chain: /api/tokens → GET /api/admin/teams/{id}/grants +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/tokens [setup] ───── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/tokens + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Janie Stone", + "scope": "write" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via GET /api/admin/teams/{id}/grants [test] ── +# step_id=step-test +# step_type=test +# title=use via GET /api/admin/teams/{id}/grants +# depends_on=step-setup + +GET {{base_url}}/api/admin/teams/{{id}}/grants + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_tokens_sequence_chain_get_api_admin_teams_id_members_90e7f90e.hurl b/cases/api_tokens_sequence_chain_get_api_admin_teams_id_members_90e7f90e.hurl new file mode 100644 index 0000000..7b8cb7c --- /dev/null +++ b/cases/api_tokens_sequence_chain_get_api_admin_teams_id_members_90e7f90e.hurl @@ -0,0 +1,43 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/tokens → GET /api/admin/teams/{id}/members +# case_id=TC-90e7f90e +# case_name=sequence chain: /api/tokens → GET /api/admin/teams/{id}/members +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/tokens [setup] ───── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/tokens + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Brett Bird", + "scope": "read" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via GET /api/admin/teams/{id}/members [test] ── +# step_id=step-test +# step_type=test +# title=use via GET /api/admin/teams/{id}/members +# depends_on=step-setup + +GET {{base_url}}/api/admin/teams/{{id}}/members + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_tokens_sequence_chain_get_api_admin_teams_id_services_bda7e5b2.hurl b/cases/api_tokens_sequence_chain_get_api_admin_teams_id_services_bda7e5b2.hurl new file mode 100644 index 0000000..20941ec --- /dev/null +++ b/cases/api_tokens_sequence_chain_get_api_admin_teams_id_services_bda7e5b2.hurl @@ -0,0 +1,43 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/tokens → GET /api/admin/teams/{id}/services +# case_id=TC-bda7e5b2 +# case_name=sequence chain: /api/tokens → GET /api/admin/teams/{id}/services +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/tokens [setup] ───── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/tokens + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Bernadine Murray", + "scope": "write" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via GET /api/admin/teams/{id}/services [test] ── +# step_id=step-test +# step_type=test +# title=use via GET /api/admin/teams/{id}/services +# depends_on=step-setup + +GET {{base_url}}/api/admin/teams/{{id}}/services + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_tokens_sequence_chain_post_api_admin_teams_id_grants_ba99a719.hurl b/cases/api_tokens_sequence_chain_post_api_admin_teams_id_grants_ba99a719.hurl new file mode 100644 index 0000000..d3d2253 --- /dev/null +++ b/cases/api_tokens_sequence_chain_post_api_admin_teams_id_grants_ba99a719.hurl @@ -0,0 +1,55 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/tokens → POST /api/admin/teams/{id}/grants +# case_id=TC-ba99a719 +# case_name=sequence chain: /api/tokens → POST /api/admin/teams/{id}/grants +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/tokens [setup] ───── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/tokens + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Aric Carpenter", + "scope": "write" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via POST /api/admin/teams/{id}/grants [test] ── +# step_id=step-test +# step_type=test +# title=use via POST /api/admin/teams/{id}/grants +# depends_on=step-setup + +POST {{base_url}}/api/admin/teams/{{id}}/grants +Content-Type: application/json +```json +{ + "branches": [ + "consequence" + ], + "expiresAt": "1923-07-31T23:48:34Z", + "granteeTeamId": "951d9915-63f4-46d3-b5d5-8b170b457b9e", + "granteeUserId": "bbc3acfe-6b9e-4c9c-bf24-b4d09f78276d", + "serviceId": "47af9d4e-ddf7-4f73-8a33-2c60da4c1f72" +} +``` + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_tokens_sequence_chain_post_api_admin_teams_id_members_714b8b84.hurl b/cases/api_tokens_sequence_chain_post_api_admin_teams_id_members_714b8b84.hurl new file mode 100644 index 0000000..e24241b --- /dev/null +++ b/cases/api_tokens_sequence_chain_post_api_admin_teams_id_members_714b8b84.hurl @@ -0,0 +1,50 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/tokens → POST /api/admin/teams/{id}/members +# case_id=TC-714b8b84 +# case_name=sequence chain: /api/tokens → POST /api/admin/teams/{id}/members +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/tokens [setup] ───── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/tokens + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Athena Fernandez", + "scope": "read" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via POST /api/admin/teams/{id}/members [test] ── +# step_id=step-test +# step_type=test +# title=use via POST /api/admin/teams/{id}/members +# depends_on=step-setup + +POST {{base_url}}/api/admin/teams/{{id}}/members +Content-Type: application/json +```json +{ + "role": "member", + "userId": "02ef8546-0050-41de-be11-ab585b23ac54" +} +``` + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_tokens_sequence_chain_put_api_admin_services_serviceid_team_110b6d72.hurl b/cases/api_tokens_sequence_chain_put_api_admin_services_serviceid_team_110b6d72.hurl new file mode 100644 index 0000000..fce1931 --- /dev/null +++ b/cases/api_tokens_sequence_chain_put_api_admin_services_serviceid_team_110b6d72.hurl @@ -0,0 +1,49 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/tokens → PUT /api/admin/services/{serviceId}/team +# case_id=TC-110b6d72 +# case_name=sequence chain: /api/tokens → PUT /api/admin/services/{serviceId}/team +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/tokens [setup] ───── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/tokens + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Diego Herman", + "scope": "read" +} +``` + +HTTP * + +[Captures] +serviceId: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via PUT /api/admin/services/{serviceId}/team [test] ── +# step_id=step-test +# step_type=test +# title=use via PUT /api/admin/services/{serviceId}/team +# depends_on=step-setup + +PUT {{base_url}}/api/admin/services/{{serviceId}}/team +Content-Type: application/json +```json +{ + "teamId": "9e4f4d0e-d5d7-447e-830c-1c638616ddbf" +} +``` + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_tokens_sequence_chain_put_api_admin_users_id_3028e37b.hurl b/cases/api_tokens_sequence_chain_put_api_admin_users_id_3028e37b.hurl new file mode 100644 index 0000000..4b843d1 --- /dev/null +++ b/cases/api_tokens_sequence_chain_put_api_admin_users_id_3028e37b.hurl @@ -0,0 +1,50 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/tokens → PUT /api/admin/users/{id} +# case_id=TC-3028e37b +# case_name=sequence chain: /api/tokens → PUT /api/admin/users/{id} +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/tokens [setup] ───── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/tokens + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Dante Kennedy", + "scope": "write" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.id" + +[Asserts] +status < 300 + +# ── use via PUT /api/admin/users/{id} [test] ── +# step_id=step-test +# step_type=test +# title=use via PUT /api/admin/users/{id} +# depends_on=step-setup + +PUT {{base_url}}/api/admin/users/{{id}} +Content-Type: application/json +```json +{ + "isActive": true, + "role": "super_admin" +} +``` + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_upload_options_owasp_api8_cors_security_configuration_65631595.hurl b/cases/api_upload_options_owasp_api8_cors_security_configuration_65631595.hurl new file mode 100644 index 0000000..09b5a07 --- /dev/null +++ b/cases/api_upload_options_owasp_api8_cors_security_configuration_65631595.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /api/upload — CORS security configuration ── +# case_id=TC-65631595 +# case_name=[OWASP-API8] OPTIONS /api/upload — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/api/upload +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/api_upload_post_auth_chain_c60cf805.hurl b/cases/api_upload_post_auth_chain_c60cf805.hurl new file mode 100644 index 0000000..819b0ef --- /dev/null +++ b/cases/api_upload_post_auth_chain_c60cf805.hurl @@ -0,0 +1,53 @@ +# ══════════════════════════════════════════════════ +# auth chain: POST /api/upload +# case_id=TC-c60cf805 +# case_name=auth chain: POST /api/upload +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── authenticate via POST /api/tokens [setup] ── +# step_id=step-auth +# step_type=setup +# title=authenticate via POST /api/tokens + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Jakob Jensen", + "scope": "write" +} +``` + +HTTP * + +[Captures] +authToken: jsonpath "$.token" + +[Asserts] +status < 300 + +# ── POST /api/upload with auth token [test] ── +# step_id=step-test +# step_type=test +# title=POST /api/upload with auth token +# depends_on=step-auth + +POST {{base_url}}/api/upload +Authorization: Bearer {{authToken}} +Content-Type: application/json +```json +{ + "branch": "they", + "commitSha": "sometimes", + "service": "Darwinian", + "specContent": "i.e." +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_upload_post_branch_at_max_plus_one_invalid_boundary_62157365.hurl b/cases/api_upload_post_branch_at_max_plus_one_invalid_boundary_62157365.hurl new file mode 100644 index 0000000..29c0fd5 --- /dev/null +++ b/cases/api_upload_post_branch_at_max_plus_one_invalid_boundary_62157365.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - branch at max_plus_one_invalid boundary ── +# case_id=TC-62157365 +# case_name=POST /api/upload - branch at max_plus_one_invalid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "ILYUfOPfVxuZMfnbVgKKBKcmaHThDumvYBgtnVGhjnPVGeBmGSnwjXFjeojgBxBSehvkPJScHCBTFcjyIabzfzFvTWtmmGsJXlmNIlpLkzqrlyuqKvGoAAOUUwFEBGeoceVrjAMgTmCbeUmYnHVgBpOXAuFUnLPQYGspPdbHIuiUDYqbBJXQtGKAcDLSaGJJLeGIsLZXfWSCbcUflmCylZeRTVGmuNyUFZmpAoeWuylCdFZLpbneeLqzpzLaIKmE", + "commitSha": "horde", + "service": "patrol", + "specContent": "early" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_branch_at_max_valid_boundary_97d88ce9.hurl b/cases/api_upload_post_branch_at_max_valid_boundary_97d88ce9.hurl new file mode 100644 index 0000000..4bc635c --- /dev/null +++ b/cases/api_upload_post_branch_at_max_valid_boundary_97d88ce9.hurl @@ -0,0 +1,24 @@ +# ── POST /api/upload - branch at max_valid boundary ── +# case_id=TC-97d88ce9 +# case_name=POST /api/upload - branch at max_valid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P1 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "shlwKqFxRFaVTdGNnBXhsNxUFKQKzOqqCpWDSXqaghfbdFJIOYfkDfFCtbwSekckstHPRyDaMVWZVWRBkbIgtUJDXhFeMmsQbiKempTLkISShAcAmWyGwOABgtbYCVEFRMDgKJWLKPmhAtLhMCfQaicCaLcxzIlibqzCyRCDxwtHNNlvPLxMHtmKcmYUtqMBHkdEiCZvhHNvCBGgJjhsNpbEGSpHxdHKXjeFulMWOPsstdqgeeJDWdLgyWSEFNF", + "commitSha": "horde", + "service": "patrol", + "specContent": "early" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_upload_post_branch_at_min_minus_one_invalid_boundary_fa914b29.hurl b/cases/api_upload_post_branch_at_min_minus_one_invalid_boundary_fa914b29.hurl new file mode 100644 index 0000000..6e337c6 --- /dev/null +++ b/cases/api_upload_post_branch_at_min_minus_one_invalid_boundary_fa914b29.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - branch at min_minus_one_invalid boundary ── +# case_id=TC-fa914b29 +# case_name=POST /api/upload - branch at min_minus_one_invalid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "x", + "commitSha": "horde", + "service": "patrol", + "specContent": "early" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_branch_at_min_valid_boundary_4ca9c46c.hurl b/cases/api_upload_post_branch_at_min_valid_boundary_4ca9c46c.hurl new file mode 100644 index 0000000..49ca751 --- /dev/null +++ b/cases/api_upload_post_branch_at_min_valid_boundary_4ca9c46c.hurl @@ -0,0 +1,24 @@ +# ── POST /api/upload - branch at min_valid boundary ── +# case_id=TC-4ca9c46c +# case_name=POST /api/upload - branch at min_valid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P1 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "b", + "commitSha": "horde", + "service": "patrol", + "specContent": "early" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_upload_post_field_boundary_branch_invalid_below_min_e5764a68.hurl b/cases/api_upload_post_field_boundary_branch_invalid_below_min_e5764a68.hurl new file mode 100644 index 0000000..a728d94 --- /dev/null +++ b/cases/api_upload_post_field_boundary_branch_invalid_below_min_e5764a68.hurl @@ -0,0 +1,25 @@ +# ── POST /api/upload - [field_boundary] branch invalid_below_min ── +# case_id=TC-e5764a68 +# case_name=POST /api/upload - [field_boundary] branch invalid_below_min +# step_id=step-main +# step_type=test +# technique=field_boundary +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "", + "commitSha": "about", + "service": "scold", + "specContent": "muster" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_upload_post_field_boundary_branch_valid_min_b8ed4386.hurl b/cases/api_upload_post_field_boundary_branch_valid_min_b8ed4386.hurl new file mode 100644 index 0000000..5bef80b --- /dev/null +++ b/cases/api_upload_post_field_boundary_branch_valid_min_b8ed4386.hurl @@ -0,0 +1,25 @@ +# ── POST /api/upload - [field_boundary] branch valid_min ── +# case_id=TC-b8ed4386 +# case_name=POST /api/upload - [field_boundary] branch valid_min +# step_id=step-main +# step_type=test +# technique=field_boundary +# priority=P1 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "a", + "commitSha": "girl", + "service": "those", + "specContent": "many" +} +``` + +HTTP * + +[Asserts] +status >= 200 +status < 300 + diff --git a/cases/api_upload_post_field_boundary_service_invalid_below_min_a957f4b8.hurl b/cases/api_upload_post_field_boundary_service_invalid_below_min_a957f4b8.hurl new file mode 100644 index 0000000..56e616b --- /dev/null +++ b/cases/api_upload_post_field_boundary_service_invalid_below_min_a957f4b8.hurl @@ -0,0 +1,25 @@ +# ── POST /api/upload - [field_boundary] service invalid_below_min ── +# case_id=TC-a957f4b8 +# case_name=POST /api/upload - [field_boundary] service invalid_below_min +# step_id=step-main +# step_type=test +# technique=field_boundary +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "next", + "commitSha": "none", + "service": "", + "specContent": "through" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_upload_post_field_boundary_service_valid_min_db5c5368.hurl b/cases/api_upload_post_field_boundary_service_valid_min_db5c5368.hurl new file mode 100644 index 0000000..43eea3d --- /dev/null +++ b/cases/api_upload_post_field_boundary_service_valid_min_db5c5368.hurl @@ -0,0 +1,25 @@ +# ── POST /api/upload - [field_boundary] service valid_min ── +# case_id=TC-db5c5368 +# case_name=POST /api/upload - [field_boundary] service valid_min +# step_id=step-main +# step_type=test +# technique=field_boundary +# priority=P1 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "it", + "commitSha": "why", + "service": "a", + "specContent": "all" +} +``` + +HTTP * + +[Asserts] +status >= 200 +status < 300 + diff --git a/cases/api_upload_post_field_boundary_speccontent_invalid_below_min_ac1b6e26.hurl b/cases/api_upload_post_field_boundary_speccontent_invalid_below_min_ac1b6e26.hurl new file mode 100644 index 0000000..02747c1 --- /dev/null +++ b/cases/api_upload_post_field_boundary_speccontent_invalid_below_min_ac1b6e26.hurl @@ -0,0 +1,25 @@ +# ── POST /api/upload - [field_boundary] specContent invalid_below_min ── +# case_id=TC-ac1b6e26 +# case_name=POST /api/upload - [field_boundary] specContent invalid_below_min +# step_id=step-main +# step_type=test +# technique=field_boundary +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "whom", + "commitSha": "to", + "service": "constantly", + "specContent": "" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_upload_post_field_boundary_speccontent_valid_min_82713518.hurl b/cases/api_upload_post_field_boundary_speccontent_valid_min_82713518.hurl new file mode 100644 index 0000000..949b7a7 --- /dev/null +++ b/cases/api_upload_post_field_boundary_speccontent_valid_min_82713518.hurl @@ -0,0 +1,25 @@ +# ── POST /api/upload - [field_boundary] specContent valid_min ── +# case_id=TC-82713518 +# case_name=POST /api/upload - [field_boundary] specContent valid_min +# step_id=step-main +# step_type=test +# technique=field_boundary +# priority=P1 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "drink", + "commitSha": "his", + "service": "few", + "specContent": "a" +} +``` + +HTTP * + +[Asserts] +status >= 200 +status < 300 + diff --git a/cases/api_upload_post_idempotent_second_call_must_be_safe_dd638159.hurl b/cases/api_upload_post_idempotent_second_call_must_be_safe_dd638159.hurl new file mode 100644 index 0000000..7a82424 --- /dev/null +++ b/cases/api_upload_post_idempotent_second_call_must_be_safe_dd638159.hurl @@ -0,0 +1,51 @@ +# ══════════════════════════════════════════════════ +# POST /api/upload - idempotent: second call must be safe +# case_id=TC-dd638159 +# case_name=POST /api/upload - idempotent: second call must be safe +# case_kind=chain +# priority=P2 +# ══════════════════════════════════════════════════ + +# ── POST /api/upload — first call [setup] ── +# step_id=step-setup +# step_type=setup +# title=POST /api/upload — first call + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "relieved", + "commitSha": "frequently", + "service": "inside", + "specContent": "east" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + +# ── POST /api/upload — identical second call must be safe [test] ── +# step_id=step-test +# step_type=test +# title=POST /api/upload — identical second call must be safe +# depends_on=step-setup + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "relieved", + "commitSha": "frequently", + "service": "inside", + "specContent": "east" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_upload_post_invalid_branch_empty_string_violates_minlength_1_5eb7446c.hurl b/cases/api_upload_post_invalid_branch_empty_string_violates_minlength_1_5eb7446c.hurl new file mode 100644 index 0000000..e57b49c --- /dev/null +++ b/cases/api_upload_post_invalid_branch_empty_string_violates_minlength_1_5eb7446c.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - invalid branch: empty string violates minLength 1 ── +# case_id=TC-5eb7446c +# case_name=POST /api/upload - invalid branch: empty string violates minLength 1 +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "", + "commitSha": "pack", + "service": "ears", + "specContent": "now" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_invalid_service_empty_string_violates_minlength_1_8389dd21.hurl b/cases/api_upload_post_invalid_service_empty_string_violates_minlength_1_8389dd21.hurl new file mode 100644 index 0000000..45edc20 --- /dev/null +++ b/cases/api_upload_post_invalid_service_empty_string_violates_minlength_1_8389dd21.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - invalid service: empty string violates minLength 1 ── +# case_id=TC-8389dd21 +# case_name=POST /api/upload - invalid service: empty string violates minLength 1 +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "recline", + "commitSha": "pack", + "service": "", + "specContent": "now" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_invalid_speccontent_empty_string_violates_minlength_1_86ff6bd8.hurl b/cases/api_upload_post_invalid_speccontent_empty_string_violates_minlength_1_86ff6bd8.hurl new file mode 100644 index 0000000..6ffa248 --- /dev/null +++ b/cases/api_upload_post_invalid_speccontent_empty_string_violates_minlength_1_86ff6bd8.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - invalid specContent: empty string violates minLength 1 ── +# case_id=TC-86ff6bd8 +# case_name=POST /api/upload - invalid specContent: empty string violates minLength 1 +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "recline", + "commitSha": "pack", + "service": "ears", + "specContent": "" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_mass_assignment_financial_probe_9794cdb0.hurl b/cases/api_upload_post_mass_assignment_financial_probe_9794cdb0.hurl new file mode 100644 index 0000000..620d1c0 --- /dev/null +++ b/cases/api_upload_post_mass_assignment_financial_probe_9794cdb0.hurl @@ -0,0 +1,25 @@ +# ── POST /api/upload - [mass_assignment] financial probe ── +# case_id=TC-9794cdb0 +# case_name=POST /api/upload - [mass_assignment] financial probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "balance": 1, + "branch": "oops", + "commitSha": "mustering", + "credits": 1, + "discount": 0, + "price": 1, + "service": "I", + "specContent": "cut" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_mass_assignment_identity_probe_398f4294.hurl b/cases/api_upload_post_mass_assignment_identity_probe_398f4294.hurl new file mode 100644 index 0000000..ad38d42 --- /dev/null +++ b/cases/api_upload_post_mass_assignment_identity_probe_398f4294.hurl @@ -0,0 +1,25 @@ +# ── POST /api/upload - [mass_assignment] identity probe ── +# case_id=TC-398f4294 +# case_name=POST /api/upload - [mass_assignment] identity probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "oops", + "commitSha": "mustering", + "createdBy": "__probe__", + "ownerId": "__probe__", + "service": "I", + "specContent": "cut", + "userId": "__probe__", + "user_id": "__probe__" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_mass_assignment_privilege_probe_eb8249c9.hurl b/cases/api_upload_post_mass_assignment_privilege_probe_eb8249c9.hurl new file mode 100644 index 0000000..c79bffa --- /dev/null +++ b/cases/api_upload_post_mass_assignment_privilege_probe_eb8249c9.hurl @@ -0,0 +1,25 @@ +# ── POST /api/upload - [mass_assignment] privilege probe ── +# case_id=TC-eb8249c9 +# case_name=POST /api/upload - [mass_assignment] privilege probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "admin": true, + "branch": "oops", + "commitSha": "mustering", + "isAdmin": true, + "is_admin": true, + "role": "__probe__", + "service": "I", + "specContent": "cut" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_mass_assignment_status_probe_0310fa1a.hurl b/cases/api_upload_post_mass_assignment_status_probe_0310fa1a.hurl new file mode 100644 index 0000000..897d196 --- /dev/null +++ b/cases/api_upload_post_mass_assignment_status_probe_0310fa1a.hurl @@ -0,0 +1,25 @@ +# ── POST /api/upload - [mass_assignment] status probe ── +# case_id=TC-0310fa1a +# case_name=POST /api/upload - [mass_assignment] status probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "approved": true, + "banned": false, + "branch": "oops", + "commitSha": "mustering", + "disabled": false, + "service": "I", + "specContent": "cut", + "verified": true +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_missing_required_field_branch_33947120.hurl b/cases/api_upload_post_missing_required_field_branch_33947120.hurl new file mode 100644 index 0000000..43a7f41 --- /dev/null +++ b/cases/api_upload_post_missing_required_field_branch_33947120.hurl @@ -0,0 +1,20 @@ +# ── POST /api/upload - missing required field "branch" ── +# case_id=TC-33947120 +# case_name=POST /api/upload - missing required field "branch" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "commitSha": "pack", + "service": "ears", + "specContent": "now" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_missing_required_field_branch_d756c10c.hurl b/cases/api_upload_post_missing_required_field_branch_d756c10c.hurl new file mode 100644 index 0000000..1b06036 --- /dev/null +++ b/cases/api_upload_post_missing_required_field_branch_d756c10c.hurl @@ -0,0 +1,20 @@ +# ── POST /api/upload - missing required field "branch" ── +# case_id=TC-d756c10c +# case_name=POST /api/upload - missing required field "branch" +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P1 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "commitSha": "news", + "service": "seldom", + "specContent": "who" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_missing_required_field_service_89850cfa.hurl b/cases/api_upload_post_missing_required_field_service_89850cfa.hurl new file mode 100644 index 0000000..0a3f77b --- /dev/null +++ b/cases/api_upload_post_missing_required_field_service_89850cfa.hurl @@ -0,0 +1,20 @@ +# ── POST /api/upload - missing required field "service" ── +# case_id=TC-89850cfa +# case_name=POST /api/upload - missing required field "service" +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P1 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "occasionally", + "commitSha": "lastly", + "specContent": "eat" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_missing_required_field_service_8f85caae.hurl b/cases/api_upload_post_missing_required_field_service_8f85caae.hurl new file mode 100644 index 0000000..97573db --- /dev/null +++ b/cases/api_upload_post_missing_required_field_service_8f85caae.hurl @@ -0,0 +1,20 @@ +# ── POST /api/upload - missing required field "service" ── +# case_id=TC-8f85caae +# case_name=POST /api/upload - missing required field "service" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "recline", + "commitSha": "pack", + "specContent": "now" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_missing_required_field_speccontent_1de0eefc.hurl b/cases/api_upload_post_missing_required_field_speccontent_1de0eefc.hurl new file mode 100644 index 0000000..5b08765 --- /dev/null +++ b/cases/api_upload_post_missing_required_field_speccontent_1de0eefc.hurl @@ -0,0 +1,20 @@ +# ── POST /api/upload - missing required field "specContent" ── +# case_id=TC-1de0eefc +# case_name=POST /api/upload - missing required field "specContent" +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P1 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "can", + "commitSha": "why", + "service": "forest" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_missing_required_field_speccontent_fccdadb2.hurl b/cases/api_upload_post_missing_required_field_speccontent_fccdadb2.hurl new file mode 100644 index 0000000..ba511f2 --- /dev/null +++ b/cases/api_upload_post_missing_required_field_speccontent_fccdadb2.hurl @@ -0,0 +1,20 @@ +# ── POST /api/upload - missing required field "specContent" ── +# case_id=TC-fccdadb2 +# case_name=POST /api/upload - missing required field "specContent" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "recline", + "commitSha": "pack", + "service": "ears" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_mutation_branch_empty_string_cac690c1.hurl b/cases/api_upload_post_mutation_branch_empty_string_cac690c1.hurl new file mode 100644 index 0000000..ff7b620 --- /dev/null +++ b/cases/api_upload_post_mutation_branch_empty_string_cac690c1.hurl @@ -0,0 +1,25 @@ +# ── POST /api/upload - mutation: branch empty string ── +# case_id=TC-cac690c1 +# case_name=POST /api/upload - mutation: branch empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "", + "commitSha": "heavily", + "service": "sufficient", + "specContent": "ours" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_upload_post_mutation_branch_integer_instead_of_string_416a96c1.hurl b/cases/api_upload_post_mutation_branch_integer_instead_of_string_416a96c1.hurl new file mode 100644 index 0000000..1e65e95 --- /dev/null +++ b/cases/api_upload_post_mutation_branch_integer_instead_of_string_416a96c1.hurl @@ -0,0 +1,25 @@ +# ── POST /api/upload - mutation: branch integer instead of string ── +# case_id=TC-416a96c1 +# case_name=POST /api/upload - mutation: branch integer instead of string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": 12345, + "commitSha": "heavily", + "service": "sufficient", + "specContent": "ours" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_upload_post_mutation_branch_null_value_9f510ed7.hurl b/cases/api_upload_post_mutation_branch_null_value_9f510ed7.hurl new file mode 100644 index 0000000..d6f91f0 --- /dev/null +++ b/cases/api_upload_post_mutation_branch_null_value_9f510ed7.hurl @@ -0,0 +1,25 @@ +# ── POST /api/upload - mutation: branch null value ── +# case_id=TC-9f510ed7 +# case_name=POST /api/upload - mutation: branch null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": null, + "commitSha": "heavily", + "service": "sufficient", + "specContent": "ours" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_upload_post_mutation_branch_oversized_string_300_chars_75d60dab.hurl b/cases/api_upload_post_mutation_branch_oversized_string_300_chars_75d60dab.hurl new file mode 100644 index 0000000..03ee5e7 --- /dev/null +++ b/cases/api_upload_post_mutation_branch_oversized_string_300_chars_75d60dab.hurl @@ -0,0 +1,25 @@ +# ── POST /api/upload - mutation: branch oversized string (300 chars) ── +# case_id=TC-75d60dab +# case_name=POST /api/upload - mutation: branch oversized string (300 chars) +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "commitSha": "heavily", + "service": "sufficient", + "specContent": "ours" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_upload_post_mutation_commitsha_empty_string_f30e852c.hurl b/cases/api_upload_post_mutation_commitsha_empty_string_f30e852c.hurl new file mode 100644 index 0000000..9899330 --- /dev/null +++ b/cases/api_upload_post_mutation_commitsha_empty_string_f30e852c.hurl @@ -0,0 +1,25 @@ +# ── POST /api/upload - mutation: commitSha empty string ── +# case_id=TC-f30e852c +# case_name=POST /api/upload - mutation: commitSha empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "instance", + "commitSha": "", + "service": "sufficient", + "specContent": "ours" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_upload_post_mutation_commitsha_integer_instead_of_string_b1212f34.hurl b/cases/api_upload_post_mutation_commitsha_integer_instead_of_string_b1212f34.hurl new file mode 100644 index 0000000..37a1400 --- /dev/null +++ b/cases/api_upload_post_mutation_commitsha_integer_instead_of_string_b1212f34.hurl @@ -0,0 +1,25 @@ +# ── POST /api/upload - mutation: commitSha integer instead of string ── +# case_id=TC-b1212f34 +# case_name=POST /api/upload - mutation: commitSha integer instead of string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "instance", + "commitSha": 12345, + "service": "sufficient", + "specContent": "ours" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_upload_post_mutation_commitsha_null_value_0c1c92bd.hurl b/cases/api_upload_post_mutation_commitsha_null_value_0c1c92bd.hurl new file mode 100644 index 0000000..7185468 --- /dev/null +++ b/cases/api_upload_post_mutation_commitsha_null_value_0c1c92bd.hurl @@ -0,0 +1,25 @@ +# ── POST /api/upload - mutation: commitSha null value ── +# case_id=TC-0c1c92bd +# case_name=POST /api/upload - mutation: commitSha null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "instance", + "commitSha": null, + "service": "sufficient", + "specContent": "ours" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_upload_post_mutation_commitsha_oversized_string_300_chars_fdaf954a.hurl b/cases/api_upload_post_mutation_commitsha_oversized_string_300_chars_fdaf954a.hurl new file mode 100644 index 0000000..fe6102e --- /dev/null +++ b/cases/api_upload_post_mutation_commitsha_oversized_string_300_chars_fdaf954a.hurl @@ -0,0 +1,25 @@ +# ── POST /api/upload - mutation: commitSha oversized string (300 chars) ── +# case_id=TC-fdaf954a +# case_name=POST /api/upload - mutation: commitSha oversized string (300 chars) +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "instance", + "commitSha": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "service": "sufficient", + "specContent": "ours" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_upload_post_mutation_service_empty_string_6f0a4261.hurl b/cases/api_upload_post_mutation_service_empty_string_6f0a4261.hurl new file mode 100644 index 0000000..fa5c6d6 --- /dev/null +++ b/cases/api_upload_post_mutation_service_empty_string_6f0a4261.hurl @@ -0,0 +1,25 @@ +# ── POST /api/upload - mutation: service empty string ── +# case_id=TC-6f0a4261 +# case_name=POST /api/upload - mutation: service empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "instance", + "commitSha": "heavily", + "service": "", + "specContent": "ours" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_upload_post_mutation_service_null_value_7805eead.hurl b/cases/api_upload_post_mutation_service_null_value_7805eead.hurl new file mode 100644 index 0000000..5aaa91e --- /dev/null +++ b/cases/api_upload_post_mutation_service_null_value_7805eead.hurl @@ -0,0 +1,25 @@ +# ── POST /api/upload - mutation: service null value ── +# case_id=TC-7805eead +# case_name=POST /api/upload - mutation: service null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "instance", + "commitSha": "heavily", + "service": null, + "specContent": "ours" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_upload_post_null_injection_branch_5151a7d3.hurl b/cases/api_upload_post_null_injection_branch_5151a7d3.hurl new file mode 100644 index 0000000..05d498b --- /dev/null +++ b/cases/api_upload_post_null_injection_branch_5151a7d3.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - null injection: branch ── +# case_id=TC-5151a7d3 +# case_name=POST /api/upload - null injection: branch +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": null, + "commitSha": "troop", + "service": "we", + "specContent": "usually" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_null_injection_commitsha_e9eaa8fd.hurl b/cases/api_upload_post_null_injection_commitsha_e9eaa8fd.hurl new file mode 100644 index 0000000..2655f59 --- /dev/null +++ b/cases/api_upload_post_null_injection_commitsha_e9eaa8fd.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - null injection: commitSha ── +# case_id=TC-e9eaa8fd +# case_name=POST /api/upload - null injection: commitSha +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "rather", + "commitSha": null, + "service": "we", + "specContent": "usually" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_null_injection_service_b8cf0920.hurl b/cases/api_upload_post_null_injection_service_b8cf0920.hurl new file mode 100644 index 0000000..c224d48 --- /dev/null +++ b/cases/api_upload_post_null_injection_service_b8cf0920.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - null injection: service ── +# case_id=TC-b8cf0920 +# case_name=POST /api/upload - null injection: service +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "rather", + "commitSha": "troop", + "service": null, + "specContent": "usually" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_null_injection_speccontent_fef2ed50.hurl b/cases/api_upload_post_null_injection_speccontent_fef2ed50.hurl new file mode 100644 index 0000000..fe29870 --- /dev/null +++ b/cases/api_upload_post_null_injection_speccontent_fef2ed50.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - null injection: specContent ── +# case_id=TC-fef2ed50 +# case_name=POST /api/upload - null injection: specContent +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "rather", + "commitSha": "troop", + "service": "we", + "specContent": null +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_owasp_api2_broken_authentication_4c9fd28e.hurl b/cases/api_upload_post_owasp_api2_broken_authentication_4c9fd28e.hurl new file mode 100644 index 0000000..224c9d1 --- /dev/null +++ b/cases/api_upload_post_owasp_api2_broken_authentication_4c9fd28e.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] POST /api/upload — broken authentication ── +# case_id=TC-4c9fd28e +# case_name=[OWASP-API2] POST /api/upload — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/upload + +HTTP 401 + diff --git a/cases/api_upload_post_owasp_api6_mass_assignment_bcf8922c.hurl b/cases/api_upload_post_owasp_api6_mass_assignment_bcf8922c.hurl new file mode 100644 index 0000000..9841209 --- /dev/null +++ b/cases/api_upload_post_owasp_api6_mass_assignment_bcf8922c.hurl @@ -0,0 +1,29 @@ +# ── [OWASP-API6] POST /api/upload — mass assignment ── +# case_id=TC-bcf8922c +# case_name=[OWASP-API6] POST /api/upload — mass assignment +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "second", + "commitSha": "he", + "createdAt": "2000-01-01T00:00:00Z", + "id": 99999, + "service": "his", + "specContent": "of", + "updatedAt": "2000-01-01T00:00:00Z" +} +``` + +HTTP 201 + +[Asserts] +jsonpath "$.id" != 99999 +jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" +jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" + diff --git a/cases/api_upload_post_owasp_api7_injection_path_traversal_553f4f51.hurl b/cases/api_upload_post_owasp_api7_injection_path_traversal_553f4f51.hurl new file mode 100644 index 0000000..92192bf --- /dev/null +++ b/cases/api_upload_post_owasp_api7_injection_path_traversal_553f4f51.hurl @@ -0,0 +1,18 @@ +# ── [OWASP-API7] POST /api/upload — injection (path-traversal) ── +# case_id=TC-553f4f51 +# case_name=[OWASP-API7] POST /api/upload — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "../../../etc/passwd" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_owasp_api7_injection_sqli_b528a6e6.hurl b/cases/api_upload_post_owasp_api7_injection_sqli_b528a6e6.hurl new file mode 100644 index 0000000..1eb2007 --- /dev/null +++ b/cases/api_upload_post_owasp_api7_injection_sqli_b528a6e6.hurl @@ -0,0 +1,18 @@ +# ── [OWASP-API7] POST /api/upload — injection (sqli) ── +# case_id=TC-b528a6e6 +# case_name=[OWASP-API7] POST /api/upload — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "' OR 1=1--" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_owasp_api7_injection_xss_81a2a747.hurl b/cases/api_upload_post_owasp_api7_injection_xss_81a2a747.hurl new file mode 100644 index 0000000..a363b2d --- /dev/null +++ b/cases/api_upload_post_owasp_api7_injection_xss_81a2a747.hurl @@ -0,0 +1,18 @@ +# ── [OWASP-API7] POST /api/upload — injection (xss) ── +# case_id=TC-81a2a747 +# case_name=[OWASP-API7] POST /api/upload — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_required_omission_branch_absent_893f33e4.hurl b/cases/api_upload_post_required_omission_branch_absent_893f33e4.hurl new file mode 100644 index 0000000..c1e9743 --- /dev/null +++ b/cases/api_upload_post_required_omission_branch_absent_893f33e4.hurl @@ -0,0 +1,24 @@ +# ── POST /api/upload - [required_omission] branch absent ── +# case_id=TC-893f33e4 +# case_name=POST /api/upload - [required_omission] branch absent +# step_id=step-main +# step_type=test +# technique=required_omission +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "commitSha": "where", + "service": "though", + "specContent": "wisp" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_upload_post_required_omission_service_absent_f4726c9d.hurl b/cases/api_upload_post_required_omission_service_absent_f4726c9d.hurl new file mode 100644 index 0000000..541b80c --- /dev/null +++ b/cases/api_upload_post_required_omission_service_absent_f4726c9d.hurl @@ -0,0 +1,24 @@ +# ── POST /api/upload - [required_omission] service absent ── +# case_id=TC-f4726c9d +# case_name=POST /api/upload - [required_omission] service absent +# step_id=step-main +# step_type=test +# technique=required_omission +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "whenever", + "commitSha": "himself", + "specContent": "did" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_upload_post_required_omission_speccontent_absent_196e600f.hurl b/cases/api_upload_post_required_omission_speccontent_absent_196e600f.hurl new file mode 100644 index 0000000..985881d --- /dev/null +++ b/cases/api_upload_post_required_omission_speccontent_absent_196e600f.hurl @@ -0,0 +1,24 @@ +# ── POST /api/upload - [required_omission] specContent absent ── +# case_id=TC-196e600f +# case_name=POST /api/upload - [required_omission] specContent absent +# step_id=step-main +# step_type=test +# technique=required_omission +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "now", + "commitSha": "occasionally", + "service": "might" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/api_upload_post_schema_violation_branch_missing_required_381d4381.hurl b/cases/api_upload_post_schema_violation_branch_missing_required_381d4381.hurl new file mode 100644 index 0000000..e2a4e25 --- /dev/null +++ b/cases/api_upload_post_schema_violation_branch_missing_required_381d4381.hurl @@ -0,0 +1,20 @@ +# ── POST /api/upload - [schema_violation] branch_missing_required ── +# case_id=TC-381d4381 +# case_name=POST /api/upload - [schema_violation] branch_missing_required +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "commitSha": "Brazilian", + "service": "intimidate", + "specContent": "tonight" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_schema_violation_branch_too_short_76d8b912.hurl b/cases/api_upload_post_schema_violation_branch_too_short_76d8b912.hurl new file mode 100644 index 0000000..ffd68bd --- /dev/null +++ b/cases/api_upload_post_schema_violation_branch_too_short_76d8b912.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [schema_violation] branch_too_short ── +# case_id=TC-76d8b912 +# case_name=POST /api/upload - [schema_violation] branch_too_short +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "", + "commitSha": "Brazilian", + "service": "intimidate", + "specContent": "tonight" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_schema_violation_service_missing_required_72938c30.hurl b/cases/api_upload_post_schema_violation_service_missing_required_72938c30.hurl new file mode 100644 index 0000000..b8c63cc --- /dev/null +++ b/cases/api_upload_post_schema_violation_service_missing_required_72938c30.hurl @@ -0,0 +1,20 @@ +# ── POST /api/upload - [schema_violation] service_missing_required ── +# case_id=TC-72938c30 +# case_name=POST /api/upload - [schema_violation] service_missing_required +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "to", + "commitSha": "Brazilian", + "specContent": "tonight" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_schema_violation_service_too_short_40be94ec.hurl b/cases/api_upload_post_schema_violation_service_too_short_40be94ec.hurl new file mode 100644 index 0000000..6644632 --- /dev/null +++ b/cases/api_upload_post_schema_violation_service_too_short_40be94ec.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [schema_violation] service_too_short ── +# case_id=TC-40be94ec +# case_name=POST /api/upload - [schema_violation] service_too_short +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "to", + "commitSha": "Brazilian", + "service": "", + "specContent": "tonight" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_schema_violation_speccontent_missing_required_555257e2.hurl b/cases/api_upload_post_schema_violation_speccontent_missing_required_555257e2.hurl new file mode 100644 index 0000000..566fd90 --- /dev/null +++ b/cases/api_upload_post_schema_violation_speccontent_missing_required_555257e2.hurl @@ -0,0 +1,20 @@ +# ── POST /api/upload - [schema_violation] specContent_missing_required ── +# case_id=TC-555257e2 +# case_name=POST /api/upload - [schema_violation] specContent_missing_required +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "to", + "commitSha": "Brazilian", + "service": "intimidate" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_schema_violation_speccontent_too_short_af512611.hurl b/cases/api_upload_post_schema_violation_speccontent_too_short_af512611.hurl new file mode 100644 index 0000000..3132953 --- /dev/null +++ b/cases/api_upload_post_schema_violation_speccontent_too_short_af512611.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [schema_violation] specContent_too_short ── +# case_id=TC-af512611 +# case_name=POST /api/upload - [schema_violation] specContent_too_short +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "to", + "commitSha": "Brazilian", + "service": "intimidate", + "specContent": "" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_service_at_max_plus_one_invalid_boundary_ad5debd5.hurl b/cases/api_upload_post_service_at_max_plus_one_invalid_boundary_ad5debd5.hurl new file mode 100644 index 0000000..eb70225 --- /dev/null +++ b/cases/api_upload_post_service_at_max_plus_one_invalid_boundary_ad5debd5.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - service at max_plus_one_invalid boundary ── +# case_id=TC-ad5debd5 +# case_name=POST /api/upload - service at max_plus_one_invalid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "annoying", + "commitSha": "horde", + "service": "UqQKQdxIBaEEFIOlbucPEjkejpJhtGCnYytkTfHBnTHmoeamHxyFTtNkqceSxPhYjEZfVjxnkUrCXnzCRdtVbcomgJaqcHidTZbQHOJgFusDCcCXqQuHRTajulzyqxxOFgJZTIrWbrgvHDgjlzyuuBztsMwepFaVmllpLTRwhONiNNZZDMtJFSySHEyRBmGBvFwEkoyGZJSFbcrJaJVmftRoXuHFuUwcKLaJFIIGOYYgsNiAMNTBUcmdjtEEKcrT", + "specContent": "early" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_service_at_max_valid_boundary_3cd9de74.hurl b/cases/api_upload_post_service_at_max_valid_boundary_3cd9de74.hurl new file mode 100644 index 0000000..dc251eb --- /dev/null +++ b/cases/api_upload_post_service_at_max_valid_boundary_3cd9de74.hurl @@ -0,0 +1,24 @@ +# ── POST /api/upload - service at max_valid boundary ── +# case_id=TC-3cd9de74 +# case_name=POST /api/upload - service at max_valid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P1 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "annoying", + "commitSha": "horde", + "service": "atLOmtVVmlQhFvFrwuMTJjhgqzDQgMAKdxkeUnYswKYRxCFECDdRtuhENDYOeachFgpnTjKElKhbRGMNBMqtQcJeLmJEdXosWDnsTCROKgowmZMFmjZPjXeSVkrLtqyrTdhcTIoNWdfwRXnmvZQoROrQlafSbnQScDRKBvbCIsqPEGzseScyClXaqHCuhtwbNgwbAjmxZkPvBMGOxVbdVVDWFWdnUugVnZaDTXdkaRzAOYonKbCYZPlwlDZDKdT", + "specContent": "early" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_upload_post_service_at_min_minus_one_invalid_boundary_c9639729.hurl b/cases/api_upload_post_service_at_min_minus_one_invalid_boundary_c9639729.hurl new file mode 100644 index 0000000..60ab48c --- /dev/null +++ b/cases/api_upload_post_service_at_min_minus_one_invalid_boundary_c9639729.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - service at min_minus_one_invalid boundary ── +# case_id=TC-c9639729 +# case_name=POST /api/upload - service at min_minus_one_invalid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "annoying", + "commitSha": "horde", + "service": "P", + "specContent": "early" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_service_at_min_valid_boundary_fa5f2879.hurl b/cases/api_upload_post_service_at_min_valid_boundary_fa5f2879.hurl new file mode 100644 index 0000000..782d42b --- /dev/null +++ b/cases/api_upload_post_service_at_min_valid_boundary_fa5f2879.hurl @@ -0,0 +1,24 @@ +# ── POST /api/upload - service at min_valid boundary ── +# case_id=TC-fa5f2879 +# case_name=POST /api/upload - service at min_valid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P1 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "annoying", + "commitSha": "horde", + "service": "v", + "specContent": "early" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_upload_post_speccontent_at_max_plus_one_invalid_boundary_dbbfdc22.hurl b/cases/api_upload_post_speccontent_at_max_plus_one_invalid_boundary_dbbfdc22.hurl new file mode 100644 index 0000000..92a4930 --- /dev/null +++ b/cases/api_upload_post_speccontent_at_max_plus_one_invalid_boundary_dbbfdc22.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - specContent at max_plus_one_invalid boundary ── +# case_id=TC-dbbfdc22 +# case_name=POST /api/upload - specContent at max_plus_one_invalid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "annoying", + "commitSha": "horde", + "service": "patrol", + "specContent": "XYmkqdAEnhShAWMWevPjaEMcXFnlEMIZdgvjHxCMmpYIjgEHzJtlzMbGailVdFqZrzsWsGjpkSIhqCvAYsNhMiEWeEQWONGHrvWYvfPFzZHeBPoEohTATwAWyNcNwDNUwxVeqZxdAsktxHReoFPVnXfhBUWjzySqMmVghKlODAqkgFPTiJazKylKgHzgmDXbLnPQAKRyAscyAKlFZnpEkpnjoXxDbJnVmagvmQfbszLtHuyUTPLDrWNwJGJvuHBn" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_speccontent_at_max_valid_boundary_201ba23b.hurl b/cases/api_upload_post_speccontent_at_max_valid_boundary_201ba23b.hurl new file mode 100644 index 0000000..02cabb1 --- /dev/null +++ b/cases/api_upload_post_speccontent_at_max_valid_boundary_201ba23b.hurl @@ -0,0 +1,24 @@ +# ── POST /api/upload - specContent at max_valid boundary ── +# case_id=TC-201ba23b +# case_name=POST /api/upload - specContent at max_valid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P1 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "annoying", + "commitSha": "horde", + "service": "patrol", + "specContent": "MvxueBBOuEUznvCnujHEfhfJEmIkMiFxMUaMDQYopjbpdETOJXbhaSibxhItFKowWSgvVTsEKoRBvRboGZCrpNFYbErOCedxMcVAnLzDekWtkEvgLpSZAGaDLsFRvNWihavpvGqXfpluZjqXgXkvQZEpaaHgrFeEHQhhHsZqkGppwxBdpFmjShygsygoqyopydhyLxSwTwouvqLXCFkgNFkmEiZKFOzPodlBbQdZyQXKtqOjjyxMqTwcyXFgxoI" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_upload_post_speccontent_at_min_minus_one_invalid_boundary_b6f8003e.hurl b/cases/api_upload_post_speccontent_at_min_minus_one_invalid_boundary_b6f8003e.hurl new file mode 100644 index 0000000..66e7601 --- /dev/null +++ b/cases/api_upload_post_speccontent_at_min_minus_one_invalid_boundary_b6f8003e.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - specContent at min_minus_one_invalid boundary ── +# case_id=TC-b6f8003e +# case_name=POST /api/upload - specContent at min_minus_one_invalid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "annoying", + "commitSha": "horde", + "service": "patrol", + "specContent": "E" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_speccontent_at_min_valid_boundary_edc8ded2.hurl b/cases/api_upload_post_speccontent_at_min_valid_boundary_edc8ded2.hurl new file mode 100644 index 0000000..ced74b5 --- /dev/null +++ b/cases/api_upload_post_speccontent_at_min_valid_boundary_edc8ded2.hurl @@ -0,0 +1,24 @@ +# ── POST /api/upload - specContent at min_valid boundary ── +# case_id=TC-edc8ded2 +# case_name=POST /api/upload - specContent at min_valid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P1 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "annoying", + "commitSha": "horde", + "service": "patrol", + "specContent": "s" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/api_upload_post_type_coercion_branch_wrong_type_boolean_e00401a8.hurl b/cases/api_upload_post_type_coercion_branch_wrong_type_boolean_e00401a8.hurl new file mode 100644 index 0000000..7231d0e --- /dev/null +++ b/cases/api_upload_post_type_coercion_branch_wrong_type_boolean_e00401a8.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [type_coercion] branch wrong_type_boolean ── +# case_id=TC-e00401a8 +# case_name=POST /api/upload - [type_coercion] branch wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": true, + "commitSha": "throw", + "service": "the", + "specContent": "you" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_type_coercion_branch_wrong_type_integer_6a08feec.hurl b/cases/api_upload_post_type_coercion_branch_wrong_type_integer_6a08feec.hurl new file mode 100644 index 0000000..533172d --- /dev/null +++ b/cases/api_upload_post_type_coercion_branch_wrong_type_integer_6a08feec.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [type_coercion] branch wrong_type_integer ── +# case_id=TC-6a08feec +# case_name=POST /api/upload - [type_coercion] branch wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": 123, + "commitSha": "throw", + "service": "the", + "specContent": "you" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_type_coercion_commitsha_wrong_type_boolean_16cf9e5b.hurl b/cases/api_upload_post_type_coercion_commitsha_wrong_type_boolean_16cf9e5b.hurl new file mode 100644 index 0000000..4876bcf --- /dev/null +++ b/cases/api_upload_post_type_coercion_commitsha_wrong_type_boolean_16cf9e5b.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [type_coercion] commitSha wrong_type_boolean ── +# case_id=TC-16cf9e5b +# case_name=POST /api/upload - [type_coercion] commitSha wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "point", + "commitSha": true, + "service": "the", + "specContent": "you" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_type_coercion_commitsha_wrong_type_integer_b806224f.hurl b/cases/api_upload_post_type_coercion_commitsha_wrong_type_integer_b806224f.hurl new file mode 100644 index 0000000..d6fc928 --- /dev/null +++ b/cases/api_upload_post_type_coercion_commitsha_wrong_type_integer_b806224f.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [type_coercion] commitSha wrong_type_integer ── +# case_id=TC-b806224f +# case_name=POST /api/upload - [type_coercion] commitSha wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "point", + "commitSha": 123, + "service": "the", + "specContent": "you" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_type_coercion_service_wrong_type_boolean_240bdc53.hurl b/cases/api_upload_post_type_coercion_service_wrong_type_boolean_240bdc53.hurl new file mode 100644 index 0000000..34eff09 --- /dev/null +++ b/cases/api_upload_post_type_coercion_service_wrong_type_boolean_240bdc53.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [type_coercion] service wrong_type_boolean ── +# case_id=TC-240bdc53 +# case_name=POST /api/upload - [type_coercion] service wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "point", + "commitSha": "throw", + "service": true, + "specContent": "you" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_type_coercion_service_wrong_type_integer_07462c7f.hurl b/cases/api_upload_post_type_coercion_service_wrong_type_integer_07462c7f.hurl new file mode 100644 index 0000000..4ed9bc0 --- /dev/null +++ b/cases/api_upload_post_type_coercion_service_wrong_type_integer_07462c7f.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [type_coercion] service wrong_type_integer ── +# case_id=TC-07462c7f +# case_name=POST /api/upload - [type_coercion] service wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "point", + "commitSha": "throw", + "service": 123, + "specContent": "you" +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_type_coercion_speccontent_wrong_type_boolean_4a28e8ae.hurl b/cases/api_upload_post_type_coercion_speccontent_wrong_type_boolean_4a28e8ae.hurl new file mode 100644 index 0000000..6e04d0e --- /dev/null +++ b/cases/api_upload_post_type_coercion_speccontent_wrong_type_boolean_4a28e8ae.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [type_coercion] specContent wrong_type_boolean ── +# case_id=TC-4a28e8ae +# case_name=POST /api/upload - [type_coercion] specContent wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "point", + "commitSha": "throw", + "service": "the", + "specContent": true +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_type_coercion_speccontent_wrong_type_integer_bbde20a6.hurl b/cases/api_upload_post_type_coercion_speccontent_wrong_type_integer_bbde20a6.hurl new file mode 100644 index 0000000..749e208 --- /dev/null +++ b/cases/api_upload_post_type_coercion_speccontent_wrong_type_integer_bbde20a6.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [type_coercion] specContent wrong_type_integer ── +# case_id=TC-bbde20a6 +# case_name=POST /api/upload - [type_coercion] specContent wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "point", + "commitSha": "throw", + "service": "the", + "specContent": 123 +} +``` + +HTTP 422 + diff --git a/cases/api_upload_post_unicode_fuzzing_branch_bidi_override_09b46ba6.hurl b/cases/api_upload_post_unicode_fuzzing_branch_bidi_override_09b46ba6.hurl new file mode 100644 index 0000000..3e44032 --- /dev/null +++ b/cases/api_upload_post_unicode_fuzzing_branch_bidi_override_09b46ba6.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [unicode_fuzzing] branch bidi_override ── +# case_id=TC-09b46ba6 +# case_name=POST /api/upload - [unicode_fuzzing] branch bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "‮hello", + "commitSha": "herself", + "service": "consequently", + "specContent": "neither" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_unicode_fuzzing_branch_control_char_eb8a46bc.hurl b/cases/api_upload_post_unicode_fuzzing_branch_control_char_eb8a46bc.hurl new file mode 100644 index 0000000..812ad44 --- /dev/null +++ b/cases/api_upload_post_unicode_fuzzing_branch_control_char_eb8a46bc.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [unicode_fuzzing] branch control_char ── +# case_id=TC-eb8a46bc +# case_name=POST /api/upload - [unicode_fuzzing] branch control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "hello\u0000world", + "commitSha": "herself", + "service": "consequently", + "specContent": "neither" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_unicode_fuzzing_branch_overlong_8ecf3f52.hurl b/cases/api_upload_post_unicode_fuzzing_branch_overlong_8ecf3f52.hurl new file mode 100644 index 0000000..2d564f7 --- /dev/null +++ b/cases/api_upload_post_unicode_fuzzing_branch_overlong_8ecf3f52.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [unicode_fuzzing] branch overlong ── +# case_id=TC-8ecf3f52 +# case_name=POST /api/upload - [unicode_fuzzing] branch overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "commitSha": "herself", + "service": "consequently", + "specContent": "neither" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_unicode_fuzzing_branch_zalgo_3c16d4b3.hurl b/cases/api_upload_post_unicode_fuzzing_branch_zalgo_3c16d4b3.hurl new file mode 100644 index 0000000..0973ad1 --- /dev/null +++ b/cases/api_upload_post_unicode_fuzzing_branch_zalgo_3c16d4b3.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [unicode_fuzzing] branch zalgo ── +# case_id=TC-3c16d4b3 +# case_name=POST /api/upload - [unicode_fuzzing] branch zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "z̀́̂̃̄̅̆̇a", + "commitSha": "herself", + "service": "consequently", + "specContent": "neither" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_unicode_fuzzing_branch_zero_width_d4d96d5e.hurl b/cases/api_upload_post_unicode_fuzzing_branch_zero_width_d4d96d5e.hurl new file mode 100644 index 0000000..6ba952f --- /dev/null +++ b/cases/api_upload_post_unicode_fuzzing_branch_zero_width_d4d96d5e.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [unicode_fuzzing] branch zero_width ── +# case_id=TC-d4d96d5e +# case_name=POST /api/upload - [unicode_fuzzing] branch zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "​hello", + "commitSha": "herself", + "service": "consequently", + "specContent": "neither" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_unicode_fuzzing_commitsha_bidi_override_471fcaef.hurl b/cases/api_upload_post_unicode_fuzzing_commitsha_bidi_override_471fcaef.hurl new file mode 100644 index 0000000..372334d --- /dev/null +++ b/cases/api_upload_post_unicode_fuzzing_commitsha_bidi_override_471fcaef.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [unicode_fuzzing] commitSha bidi_override ── +# case_id=TC-471fcaef +# case_name=POST /api/upload - [unicode_fuzzing] commitSha bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "honestly", + "commitSha": "‮hello", + "service": "consequently", + "specContent": "neither" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_unicode_fuzzing_commitsha_control_char_1e3b28af.hurl b/cases/api_upload_post_unicode_fuzzing_commitsha_control_char_1e3b28af.hurl new file mode 100644 index 0000000..7974c54 --- /dev/null +++ b/cases/api_upload_post_unicode_fuzzing_commitsha_control_char_1e3b28af.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [unicode_fuzzing] commitSha control_char ── +# case_id=TC-1e3b28af +# case_name=POST /api/upload - [unicode_fuzzing] commitSha control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "honestly", + "commitSha": "hello\u0000world", + "service": "consequently", + "specContent": "neither" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_unicode_fuzzing_commitsha_overlong_d3d69da1.hurl b/cases/api_upload_post_unicode_fuzzing_commitsha_overlong_d3d69da1.hurl new file mode 100644 index 0000000..4265fc1 --- /dev/null +++ b/cases/api_upload_post_unicode_fuzzing_commitsha_overlong_d3d69da1.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [unicode_fuzzing] commitSha overlong ── +# case_id=TC-d3d69da1 +# case_name=POST /api/upload - [unicode_fuzzing] commitSha overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "honestly", + "commitSha": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "service": "consequently", + "specContent": "neither" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_unicode_fuzzing_commitsha_zalgo_f298d13c.hurl b/cases/api_upload_post_unicode_fuzzing_commitsha_zalgo_f298d13c.hurl new file mode 100644 index 0000000..30de175 --- /dev/null +++ b/cases/api_upload_post_unicode_fuzzing_commitsha_zalgo_f298d13c.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [unicode_fuzzing] commitSha zalgo ── +# case_id=TC-f298d13c +# case_name=POST /api/upload - [unicode_fuzzing] commitSha zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "honestly", + "commitSha": "z̀́̂̃̄̅̆̇a", + "service": "consequently", + "specContent": "neither" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_unicode_fuzzing_commitsha_zero_width_e4c96b76.hurl b/cases/api_upload_post_unicode_fuzzing_commitsha_zero_width_e4c96b76.hurl new file mode 100644 index 0000000..a5eb18f --- /dev/null +++ b/cases/api_upload_post_unicode_fuzzing_commitsha_zero_width_e4c96b76.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [unicode_fuzzing] commitSha zero_width ── +# case_id=TC-e4c96b76 +# case_name=POST /api/upload - [unicode_fuzzing] commitSha zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "honestly", + "commitSha": "​hello", + "service": "consequently", + "specContent": "neither" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_unicode_fuzzing_service_bidi_override_71d03103.hurl b/cases/api_upload_post_unicode_fuzzing_service_bidi_override_71d03103.hurl new file mode 100644 index 0000000..43138d1 --- /dev/null +++ b/cases/api_upload_post_unicode_fuzzing_service_bidi_override_71d03103.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [unicode_fuzzing] service bidi_override ── +# case_id=TC-71d03103 +# case_name=POST /api/upload - [unicode_fuzzing] service bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "honestly", + "commitSha": "herself", + "service": "‮hello", + "specContent": "neither" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_unicode_fuzzing_service_control_char_76fd376c.hurl b/cases/api_upload_post_unicode_fuzzing_service_control_char_76fd376c.hurl new file mode 100644 index 0000000..ec56902 --- /dev/null +++ b/cases/api_upload_post_unicode_fuzzing_service_control_char_76fd376c.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [unicode_fuzzing] service control_char ── +# case_id=TC-76fd376c +# case_name=POST /api/upload - [unicode_fuzzing] service control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "honestly", + "commitSha": "herself", + "service": "hello\u0000world", + "specContent": "neither" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_unicode_fuzzing_service_overlong_4e0cc0d2.hurl b/cases/api_upload_post_unicode_fuzzing_service_overlong_4e0cc0d2.hurl new file mode 100644 index 0000000..0717ee6 --- /dev/null +++ b/cases/api_upload_post_unicode_fuzzing_service_overlong_4e0cc0d2.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [unicode_fuzzing] service overlong ── +# case_id=TC-4e0cc0d2 +# case_name=POST /api/upload - [unicode_fuzzing] service overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "honestly", + "commitSha": "herself", + "service": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "specContent": "neither" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_unicode_fuzzing_service_zalgo_7d8cc30e.hurl b/cases/api_upload_post_unicode_fuzzing_service_zalgo_7d8cc30e.hurl new file mode 100644 index 0000000..b6ed6c8 --- /dev/null +++ b/cases/api_upload_post_unicode_fuzzing_service_zalgo_7d8cc30e.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [unicode_fuzzing] service zalgo ── +# case_id=TC-7d8cc30e +# case_name=POST /api/upload - [unicode_fuzzing] service zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "honestly", + "commitSha": "herself", + "service": "z̀́̂̃̄̅̆̇a", + "specContent": "neither" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_unicode_fuzzing_service_zero_width_f8f99bf7.hurl b/cases/api_upload_post_unicode_fuzzing_service_zero_width_f8f99bf7.hurl new file mode 100644 index 0000000..3a77dc7 --- /dev/null +++ b/cases/api_upload_post_unicode_fuzzing_service_zero_width_f8f99bf7.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [unicode_fuzzing] service zero_width ── +# case_id=TC-f8f99bf7 +# case_name=POST /api/upload - [unicode_fuzzing] service zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "honestly", + "commitSha": "herself", + "service": "​hello", + "specContent": "neither" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_unicode_fuzzing_speccontent_bidi_override_131ad5f4.hurl b/cases/api_upload_post_unicode_fuzzing_speccontent_bidi_override_131ad5f4.hurl new file mode 100644 index 0000000..015e1ad --- /dev/null +++ b/cases/api_upload_post_unicode_fuzzing_speccontent_bidi_override_131ad5f4.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [unicode_fuzzing] specContent bidi_override ── +# case_id=TC-131ad5f4 +# case_name=POST /api/upload - [unicode_fuzzing] specContent bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "honestly", + "commitSha": "herself", + "service": "consequently", + "specContent": "‮hello" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_unicode_fuzzing_speccontent_control_char_7ff8ca85.hurl b/cases/api_upload_post_unicode_fuzzing_speccontent_control_char_7ff8ca85.hurl new file mode 100644 index 0000000..f980a1a --- /dev/null +++ b/cases/api_upload_post_unicode_fuzzing_speccontent_control_char_7ff8ca85.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [unicode_fuzzing] specContent control_char ── +# case_id=TC-7ff8ca85 +# case_name=POST /api/upload - [unicode_fuzzing] specContent control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "honestly", + "commitSha": "herself", + "service": "consequently", + "specContent": "hello\u0000world" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_unicode_fuzzing_speccontent_overlong_40f1423f.hurl b/cases/api_upload_post_unicode_fuzzing_speccontent_overlong_40f1423f.hurl new file mode 100644 index 0000000..8cdf56b --- /dev/null +++ b/cases/api_upload_post_unicode_fuzzing_speccontent_overlong_40f1423f.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [unicode_fuzzing] specContent overlong ── +# case_id=TC-40f1423f +# case_name=POST /api/upload - [unicode_fuzzing] specContent overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "honestly", + "commitSha": "herself", + "service": "consequently", + "specContent": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_unicode_fuzzing_speccontent_zalgo_6b2db722.hurl b/cases/api_upload_post_unicode_fuzzing_speccontent_zalgo_6b2db722.hurl new file mode 100644 index 0000000..01c88c0 --- /dev/null +++ b/cases/api_upload_post_unicode_fuzzing_speccontent_zalgo_6b2db722.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [unicode_fuzzing] specContent zalgo ── +# case_id=TC-6b2db722 +# case_name=POST /api/upload - [unicode_fuzzing] specContent zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "honestly", + "commitSha": "herself", + "service": "consequently", + "specContent": "z̀́̂̃̄̅̆̇a" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_unicode_fuzzing_speccontent_zero_width_7ac120c3.hurl b/cases/api_upload_post_unicode_fuzzing_speccontent_zero_width_7ac120c3.hurl new file mode 100644 index 0000000..ff7e223 --- /dev/null +++ b/cases/api_upload_post_unicode_fuzzing_speccontent_zero_width_7ac120c3.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - [unicode_fuzzing] specContent zero_width ── +# case_id=TC-7ac120c3 +# case_name=POST /api/upload - [unicode_fuzzing] specContent zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "honestly", + "commitSha": "herself", + "service": "consequently", + "specContent": "​hello" +} +``` + +HTTP 400 + diff --git a/cases/api_upload_post_valid_request_with_all_required_fields_e3da0de9.hurl b/cases/api_upload_post_valid_request_with_all_required_fields_e3da0de9.hurl new file mode 100644 index 0000000..d1a3e1e --- /dev/null +++ b/cases/api_upload_post_valid_request_with_all_required_fields_e3da0de9.hurl @@ -0,0 +1,30 @@ +# ── POST /api/upload - valid request with all required fields ── +# case_id=TC-e3da0de9 +# case_name=POST /api/upload - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "my", + "commitSha": "where", + "service": "Asian", + "specContent": "soon" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.endpointCount" exists +jsonpath "$.service" exists +jsonpath "$.unchanged" exists +jsonpath "$.warnings" exists +jsonpath "$.wasConverted" exists +jsonpath "$.branch" exists + diff --git a/cases/api_upload_post_wrong_content_type_text_plain_863dd501.hurl b/cases/api_upload_post_wrong_content_type_text_plain_863dd501.hurl new file mode 100644 index 0000000..c57a726 --- /dev/null +++ b/cases/api_upload_post_wrong_content_type_text_plain_863dd501.hurl @@ -0,0 +1,21 @@ +# ── POST /api/upload - wrong content-type (text/plain) ── +# case_id=TC-863dd501 +# case_name=POST /api/upload - wrong content-type (text/plain) +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/api/upload +Content-Type: text/plain +```json +{ + "branch": "rather", + "commitSha": "troop", + "service": "we", + "specContent": "usually" +} +``` + +HTTP 415 + diff --git a/cases/api_upload_sequence_chain_get_api_specs_service_branch_openapi_json_8c25506c.hurl b/cases/api_upload_sequence_chain_get_api_specs_service_branch_openapi_json_8c25506c.hurl new file mode 100644 index 0000000..09629cc --- /dev/null +++ b/cases/api_upload_sequence_chain_get_api_specs_service_branch_openapi_json_8c25506c.hurl @@ -0,0 +1,45 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/upload → GET /api/specs/{service}/{branch}/openapi.json +# case_id=TC-8c25506c +# case_name=sequence chain: /api/upload → GET /api/specs/{service}/{branch}/openapi.json +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/upload [setup] ───── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/upload + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "gift", + "commitSha": "host", + "service": "been", + "specContent": "time" +} +``` + +HTTP * + +[Captures] +service: jsonpath "$.service" + +[Asserts] +status < 300 + +# ── use via GET /api/specs/{service}/{branch}/openapi.json [test] ── +# step_id=step-test +# step_type=test +# title=use via GET /api/specs/{service}/{branch}/openapi.json +# depends_on=step-setup + +GET {{base_url}}/api/specs/{{service}}/{branch}/openapi.json + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/api_upload_sequence_chain_put_api_admin_services_serviceid_team_f88dc931.hurl b/cases/api_upload_sequence_chain_put_api_admin_services_serviceid_team_f88dc931.hurl new file mode 100644 index 0000000..e64b8db --- /dev/null +++ b/cases/api_upload_sequence_chain_put_api_admin_services_serviceid_team_f88dc931.hurl @@ -0,0 +1,51 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /api/upload → PUT /api/admin/services/{serviceId}/team +# case_id=TC-f88dc931 +# case_name=sequence chain: /api/upload → PUT /api/admin/services/{serviceId}/team +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /api/upload [setup] ───── +# step_id=step-setup +# step_type=setup +# title=create via POST /api/upload + +POST {{base_url}}/api/upload +Content-Type: application/json +```json +{ + "branch": "someone", + "commitSha": "instead", + "service": "therefore", + "specContent": "yesterday" +} +``` + +HTTP * + +[Captures] +serviceId: jsonpath "$.service" + +[Asserts] +status < 300 + +# ── use via PUT /api/admin/services/{serviceId}/team [test] ── +# step_id=step-test +# step_type=test +# title=use via PUT /api/admin/services/{serviceId}/team +# depends_on=step-setup + +PUT {{base_url}}/api/admin/services/{{serviceId}}/team +Content-Type: application/json +```json +{ + "teamId": "e76c96fd-19bb-41c3-a5a4-6720d313f439" +} +``` + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/auth_login_options_owasp_api8_cors_security_configuration_09111fdc.hurl b/cases/auth_login_options_owasp_api8_cors_security_configuration_09111fdc.hurl new file mode 100644 index 0000000..f676b0e --- /dev/null +++ b/cases/auth_login_options_owasp_api8_cors_security_configuration_09111fdc.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /auth/login — CORS security configuration ── +# case_id=TC-09111fdc +# case_name=[OWASP-API8] OPTIONS /auth/login — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/auth/login +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/auth_login_post_idempotent_second_call_must_be_safe_dc706f80.hurl b/cases/auth_login_post_idempotent_second_call_must_be_safe_dc706f80.hurl new file mode 100644 index 0000000..895af88 --- /dev/null +++ b/cases/auth_login_post_idempotent_second_call_must_be_safe_dc706f80.hurl @@ -0,0 +1,47 @@ +# ══════════════════════════════════════════════════ +# POST /auth/login - idempotent: second call must be safe +# case_id=TC-dc706f80 +# case_name=POST /auth/login - idempotent: second call must be safe +# case_kind=chain +# priority=P2 +# ══════════════════════════════════════════════════ + +# ── POST /auth/login — first call [setup] ── +# step_id=step-setup +# step_type=setup +# title=POST /auth/login — first call + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "arvidhanson@deckow.com", + "password": "thoughtful" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + +# ── POST /auth/login — identical second call must be safe [test] ── +# step_id=step-test +# step_type=test +# title=POST /auth/login — identical second call must be safe +# depends_on=step-setup + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "arvidhanson@deckow.com", + "password": "thoughtful" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/auth_login_post_invalid_email_invalid_email_format_2286db52.hurl b/cases/auth_login_post_invalid_email_invalid_email_format_2286db52.hurl new file mode 100644 index 0000000..7f39999 --- /dev/null +++ b/cases/auth_login_post_invalid_email_invalid_email_format_2286db52.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/login - invalid email: invalid email format ── +# case_id=TC-2286db52 +# case_name=POST /auth/login - invalid email: invalid email format +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "not-an-email", + "password": "sigh" +} +``` + +HTTP 422 + diff --git a/cases/auth_login_post_mass_assignment_financial_probe_5bcafac5.hurl b/cases/auth_login_post_mass_assignment_financial_probe_5bcafac5.hurl new file mode 100644 index 0000000..a2a9b06 --- /dev/null +++ b/cases/auth_login_post_mass_assignment_financial_probe_5bcafac5.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/login - [mass_assignment] financial probe ── +# case_id=TC-5bcafac5 +# case_name=POST /auth/login - [mass_assignment] financial probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "balance": 1, + "credits": 1, + "discount": 0, + "email": "kriswong@koch.io", + "password": "us", + "price": 1 +} +``` + +HTTP 400 + diff --git a/cases/auth_login_post_mass_assignment_identity_probe_4c0c3203.hurl b/cases/auth_login_post_mass_assignment_identity_probe_4c0c3203.hurl new file mode 100644 index 0000000..8c378f2 --- /dev/null +++ b/cases/auth_login_post_mass_assignment_identity_probe_4c0c3203.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/login - [mass_assignment] identity probe ── +# case_id=TC-4c0c3203 +# case_name=POST /auth/login - [mass_assignment] identity probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "createdBy": "__probe__", + "email": "kriswong@koch.io", + "ownerId": "__probe__", + "password": "us", + "userId": "__probe__", + "user_id": "__probe__" +} +``` + +HTTP 400 + diff --git a/cases/auth_login_post_mass_assignment_privilege_probe_f4f54666.hurl b/cases/auth_login_post_mass_assignment_privilege_probe_f4f54666.hurl new file mode 100644 index 0000000..bb06102 --- /dev/null +++ b/cases/auth_login_post_mass_assignment_privilege_probe_f4f54666.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/login - [mass_assignment] privilege probe ── +# case_id=TC-f4f54666 +# case_name=POST /auth/login - [mass_assignment] privilege probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "admin": true, + "email": "kriswong@koch.io", + "isAdmin": true, + "is_admin": true, + "password": "us", + "role": "__probe__" +} +``` + +HTTP 400 + diff --git a/cases/auth_login_post_mass_assignment_status_probe_f197447f.hurl b/cases/auth_login_post_mass_assignment_status_probe_f197447f.hurl new file mode 100644 index 0000000..b9abb95 --- /dev/null +++ b/cases/auth_login_post_mass_assignment_status_probe_f197447f.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/login - [mass_assignment] status probe ── +# case_id=TC-f197447f +# case_name=POST /auth/login - [mass_assignment] status probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "approved": true, + "banned": false, + "disabled": false, + "email": "kriswong@koch.io", + "password": "us", + "verified": true +} +``` + +HTTP 400 + diff --git a/cases/auth_login_post_missing_required_field_email_4cc99b0c.hurl b/cases/auth_login_post_missing_required_field_email_4cc99b0c.hurl new file mode 100644 index 0000000..627bd75 --- /dev/null +++ b/cases/auth_login_post_missing_required_field_email_4cc99b0c.hurl @@ -0,0 +1,18 @@ +# ── POST /auth/login - missing required field "email" ── +# case_id=TC-4cc99b0c +# case_name=POST /auth/login - missing required field "email" +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P1 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "password": "fuel" +} +``` + +HTTP 422 + diff --git a/cases/auth_login_post_missing_required_field_email_9b253ab6.hurl b/cases/auth_login_post_missing_required_field_email_9b253ab6.hurl new file mode 100644 index 0000000..41bc3e3 --- /dev/null +++ b/cases/auth_login_post_missing_required_field_email_9b253ab6.hurl @@ -0,0 +1,18 @@ +# ── POST /auth/login - missing required field "email" ── +# case_id=TC-9b253ab6 +# case_name=POST /auth/login - missing required field "email" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "password": "sigh" +} +``` + +HTTP 422 + diff --git a/cases/auth_login_post_missing_required_field_password_70187e79.hurl b/cases/auth_login_post_missing_required_field_password_70187e79.hurl new file mode 100644 index 0000000..266ec8f --- /dev/null +++ b/cases/auth_login_post_missing_required_field_password_70187e79.hurl @@ -0,0 +1,18 @@ +# ── POST /auth/login - missing required field "password" ── +# case_id=TC-70187e79 +# case_name=POST /auth/login - missing required field "password" +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P1 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "montemendez@campbell.name" +} +``` + +HTTP 422 + diff --git a/cases/auth_login_post_missing_required_field_password_a6bbbeb7.hurl b/cases/auth_login_post_missing_required_field_password_a6bbbeb7.hurl new file mode 100644 index 0000000..09804b4 --- /dev/null +++ b/cases/auth_login_post_missing_required_field_password_a6bbbeb7.hurl @@ -0,0 +1,18 @@ +# ── POST /auth/login - missing required field "password" ── +# case_id=TC-a6bbbeb7 +# case_name=POST /auth/login - missing required field "password" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "ebonysilva@mendez.info" +} +``` + +HTTP 422 + diff --git a/cases/auth_login_post_mutation_email_empty_string_81062c2f.hurl b/cases/auth_login_post_mutation_email_empty_string_81062c2f.hurl new file mode 100644 index 0000000..46f9e6c --- /dev/null +++ b/cases/auth_login_post_mutation_email_empty_string_81062c2f.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/login - mutation: email empty string ── +# case_id=TC-81062c2f +# case_name=POST /auth/login - mutation: email empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "", + "password": "staff" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/auth_login_post_mutation_email_integer_instead_of_string_d7ccf79e.hurl b/cases/auth_login_post_mutation_email_integer_instead_of_string_d7ccf79e.hurl new file mode 100644 index 0000000..d856fe6 --- /dev/null +++ b/cases/auth_login_post_mutation_email_integer_instead_of_string_d7ccf79e.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/login - mutation: email integer instead of string ── +# case_id=TC-d7ccf79e +# case_name=POST /auth/login - mutation: email integer instead of string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": 12345, + "password": "staff" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/auth_login_post_mutation_email_invalid_email_format_6926df81.hurl b/cases/auth_login_post_mutation_email_invalid_email_format_6926df81.hurl new file mode 100644 index 0000000..5f7d5fd --- /dev/null +++ b/cases/auth_login_post_mutation_email_invalid_email_format_6926df81.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/login - mutation: email invalid email format ── +# case_id=TC-6926df81 +# case_name=POST /auth/login - mutation: email invalid email format +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "not-an-email", + "password": "staff" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/auth_login_post_mutation_email_null_value_b5693707.hurl b/cases/auth_login_post_mutation_email_null_value_b5693707.hurl new file mode 100644 index 0000000..64846e9 --- /dev/null +++ b/cases/auth_login_post_mutation_email_null_value_b5693707.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/login - mutation: email null value ── +# case_id=TC-b5693707 +# case_name=POST /auth/login - mutation: email null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": null, + "password": "staff" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/auth_login_post_mutation_email_oversized_string_300_chars_7f53df98.hurl b/cases/auth_login_post_mutation_email_oversized_string_300_chars_7f53df98.hurl new file mode 100644 index 0000000..a196e7f --- /dev/null +++ b/cases/auth_login_post_mutation_email_oversized_string_300_chars_7f53df98.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/login - mutation: email oversized string (300 chars) ── +# case_id=TC-7f53df98 +# case_name=POST /auth/login - mutation: email oversized string (300 chars) +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "password": "staff" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/auth_login_post_mutation_password_empty_string_a0ca01b6.hurl b/cases/auth_login_post_mutation_password_empty_string_a0ca01b6.hurl new file mode 100644 index 0000000..01e4f48 --- /dev/null +++ b/cases/auth_login_post_mutation_password_empty_string_a0ca01b6.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/login - mutation: password empty string ── +# case_id=TC-a0ca01b6 +# case_name=POST /auth/login - mutation: password empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "naomipierce@lewis.biz", + "password": "" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/auth_login_post_mutation_password_integer_instead_of_string_f16c5d8d.hurl b/cases/auth_login_post_mutation_password_integer_instead_of_string_f16c5d8d.hurl new file mode 100644 index 0000000..1c5b158 --- /dev/null +++ b/cases/auth_login_post_mutation_password_integer_instead_of_string_f16c5d8d.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/login - mutation: password integer instead of string ── +# case_id=TC-f16c5d8d +# case_name=POST /auth/login - mutation: password integer instead of string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "naomipierce@lewis.biz", + "password": 12345 +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/auth_login_post_mutation_password_null_value_b531d0ea.hurl b/cases/auth_login_post_mutation_password_null_value_b531d0ea.hurl new file mode 100644 index 0000000..724405c --- /dev/null +++ b/cases/auth_login_post_mutation_password_null_value_b531d0ea.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/login - mutation: password null value ── +# case_id=TC-b531d0ea +# case_name=POST /auth/login - mutation: password null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "naomipierce@lewis.biz", + "password": null +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/auth_login_post_mutation_password_oversized_string_300_chars_acbb9354.hurl b/cases/auth_login_post_mutation_password_oversized_string_300_chars_acbb9354.hurl new file mode 100644 index 0000000..94a53cf --- /dev/null +++ b/cases/auth_login_post_mutation_password_oversized_string_300_chars_acbb9354.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/login - mutation: password oversized string (300 chars) ── +# case_id=TC-acbb9354 +# case_name=POST /auth/login - mutation: password oversized string (300 chars) +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "naomipierce@lewis.biz", + "password": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/auth_login_post_null_injection_email_a1de0446.hurl b/cases/auth_login_post_null_injection_email_a1de0446.hurl new file mode 100644 index 0000000..abff0b1 --- /dev/null +++ b/cases/auth_login_post_null_injection_email_a1de0446.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/login - null injection: email ── +# case_id=TC-a1de0446 +# case_name=POST /auth/login - null injection: email +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": null, + "password": "float" +} +``` + +HTTP 422 + diff --git a/cases/auth_login_post_null_injection_password_191c3a5b.hurl b/cases/auth_login_post_null_injection_password_191c3a5b.hurl new file mode 100644 index 0000000..9ca5a2b --- /dev/null +++ b/cases/auth_login_post_null_injection_password_191c3a5b.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/login - null injection: password ── +# case_id=TC-191c3a5b +# case_name=POST /auth/login - null injection: password +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "ottonorris@sullivan.com", + "password": null +} +``` + +HTTP 422 + diff --git a/cases/auth_login_post_owasp_api6_mass_assignment_09c747ae.hurl b/cases/auth_login_post_owasp_api6_mass_assignment_09c747ae.hurl new file mode 100644 index 0000000..77b7f54 --- /dev/null +++ b/cases/auth_login_post_owasp_api6_mass_assignment_09c747ae.hurl @@ -0,0 +1,27 @@ +# ── [OWASP-API6] POST /auth/login — mass assignment ── +# case_id=TC-09c747ae +# case_name=[OWASP-API6] POST /auth/login — mass assignment +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "createdAt": "2000-01-01T00:00:00Z", + "email": "eddhanson@thomas.net", + "id": 99999, + "password": "we", + "updatedAt": "2000-01-01T00:00:00Z" +} +``` + +HTTP 201 + +[Asserts] +jsonpath "$.id" != 99999 +jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" +jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" + diff --git a/cases/auth_login_post_owasp_api7_injection_path_traversal_c3fc26dc.hurl b/cases/auth_login_post_owasp_api7_injection_path_traversal_c3fc26dc.hurl new file mode 100644 index 0000000..5e442f7 --- /dev/null +++ b/cases/auth_login_post_owasp_api7_injection_path_traversal_c3fc26dc.hurl @@ -0,0 +1,18 @@ +# ── [OWASP-API7] POST /auth/login — injection (path-traversal) ── +# case_id=TC-c3fc26dc +# case_name=[OWASP-API7] POST /auth/login — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "../../../etc/passwd" +} +``` + +HTTP 400 + diff --git a/cases/auth_login_post_owasp_api7_injection_sqli_504b6c9e.hurl b/cases/auth_login_post_owasp_api7_injection_sqli_504b6c9e.hurl new file mode 100644 index 0000000..3b0bcf7 --- /dev/null +++ b/cases/auth_login_post_owasp_api7_injection_sqli_504b6c9e.hurl @@ -0,0 +1,18 @@ +# ── [OWASP-API7] POST /auth/login — injection (sqli) ── +# case_id=TC-504b6c9e +# case_name=[OWASP-API7] POST /auth/login — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "' OR 1=1--" +} +``` + +HTTP 400 + diff --git a/cases/auth_login_post_owasp_api7_injection_xss_d41b3855.hurl b/cases/auth_login_post_owasp_api7_injection_xss_d41b3855.hurl new file mode 100644 index 0000000..54eab51 --- /dev/null +++ b/cases/auth_login_post_owasp_api7_injection_xss_d41b3855.hurl @@ -0,0 +1,18 @@ +# ── [OWASP-API7] POST /auth/login — injection (xss) ── +# case_id=TC-d41b3855 +# case_name=[OWASP-API7] POST /auth/login — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" +} +``` + +HTTP 400 + diff --git a/cases/auth_login_post_required_omission_email_absent_3eaacfef.hurl b/cases/auth_login_post_required_omission_email_absent_3eaacfef.hurl new file mode 100644 index 0000000..e234fd0 --- /dev/null +++ b/cases/auth_login_post_required_omission_email_absent_3eaacfef.hurl @@ -0,0 +1,22 @@ +# ── POST /auth/login - [required_omission] email absent ── +# case_id=TC-3eaacfef +# case_name=POST /auth/login - [required_omission] email absent +# step_id=step-main +# step_type=test +# technique=required_omission +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "password": "abroad" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/auth_login_post_required_omission_password_absent_0a64a19d.hurl b/cases/auth_login_post_required_omission_password_absent_0a64a19d.hurl new file mode 100644 index 0000000..48c2b3c --- /dev/null +++ b/cases/auth_login_post_required_omission_password_absent_0a64a19d.hurl @@ -0,0 +1,22 @@ +# ── POST /auth/login - [required_omission] password absent ── +# case_id=TC-0a64a19d +# case_name=POST /auth/login - [required_omission] password absent +# step_id=step-main +# step_type=test +# technique=required_omission +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "darylfarrell@santiago.org" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/auth_login_post_schema_violation_email_invalid_format_email_891b32a4.hurl b/cases/auth_login_post_schema_violation_email_invalid_format_email_891b32a4.hurl new file mode 100644 index 0000000..09dd666 --- /dev/null +++ b/cases/auth_login_post_schema_violation_email_invalid_format_email_891b32a4.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/login - [schema_violation] email_invalid_format_email ── +# case_id=TC-891b32a4 +# case_name=POST /auth/login - [schema_violation] email_invalid_format_email +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "not-an-email", + "password": "eye" +} +``` + +HTTP 422 + diff --git a/cases/auth_login_post_schema_violation_email_missing_required_46bb3d69.hurl b/cases/auth_login_post_schema_violation_email_missing_required_46bb3d69.hurl new file mode 100644 index 0000000..81914f9 --- /dev/null +++ b/cases/auth_login_post_schema_violation_email_missing_required_46bb3d69.hurl @@ -0,0 +1,18 @@ +# ── POST /auth/login - [schema_violation] email_missing_required ── +# case_id=TC-46bb3d69 +# case_name=POST /auth/login - [schema_violation] email_missing_required +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "password": "eye" +} +``` + +HTTP 422 + diff --git a/cases/auth_login_post_schema_violation_password_missing_required_5bddd51c.hurl b/cases/auth_login_post_schema_violation_password_missing_required_5bddd51c.hurl new file mode 100644 index 0000000..18bed08 --- /dev/null +++ b/cases/auth_login_post_schema_violation_password_missing_required_5bddd51c.hurl @@ -0,0 +1,18 @@ +# ── POST /auth/login - [schema_violation] password_missing_required ── +# case_id=TC-5bddd51c +# case_name=POST /auth/login - [schema_violation] password_missing_required +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "clovissoto@clay.io" +} +``` + +HTTP 422 + diff --git a/cases/auth_login_post_type_coercion_email_wrong_type_boolean_91a4d98b.hurl b/cases/auth_login_post_type_coercion_email_wrong_type_boolean_91a4d98b.hurl new file mode 100644 index 0000000..5557bf0 --- /dev/null +++ b/cases/auth_login_post_type_coercion_email_wrong_type_boolean_91a4d98b.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/login - [type_coercion] email wrong_type_boolean ── +# case_id=TC-91a4d98b +# case_name=POST /auth/login - [type_coercion] email wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": true, + "password": "whole" +} +``` + +HTTP 422 + diff --git a/cases/auth_login_post_type_coercion_email_wrong_type_integer_2e0174b6.hurl b/cases/auth_login_post_type_coercion_email_wrong_type_integer_2e0174b6.hurl new file mode 100644 index 0000000..d286822 --- /dev/null +++ b/cases/auth_login_post_type_coercion_email_wrong_type_integer_2e0174b6.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/login - [type_coercion] email wrong_type_integer ── +# case_id=TC-2e0174b6 +# case_name=POST /auth/login - [type_coercion] email wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": 123, + "password": "whole" +} +``` + +HTTP 422 + diff --git a/cases/auth_login_post_type_coercion_password_wrong_type_boolean_5c25d6d2.hurl b/cases/auth_login_post_type_coercion_password_wrong_type_boolean_5c25d6d2.hurl new file mode 100644 index 0000000..a95a9f6 --- /dev/null +++ b/cases/auth_login_post_type_coercion_password_wrong_type_boolean_5c25d6d2.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/login - [type_coercion] password wrong_type_boolean ── +# case_id=TC-5c25d6d2 +# case_name=POST /auth/login - [type_coercion] password wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "lunasaunders@greene.net", + "password": true +} +``` + +HTTP 422 + diff --git a/cases/auth_login_post_type_coercion_password_wrong_type_integer_28167496.hurl b/cases/auth_login_post_type_coercion_password_wrong_type_integer_28167496.hurl new file mode 100644 index 0000000..6dac643 --- /dev/null +++ b/cases/auth_login_post_type_coercion_password_wrong_type_integer_28167496.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/login - [type_coercion] password wrong_type_integer ── +# case_id=TC-28167496 +# case_name=POST /auth/login - [type_coercion] password wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "lunasaunders@greene.net", + "password": 123 +} +``` + +HTTP 422 + diff --git a/cases/auth_login_post_unicode_fuzzing_email_bidi_override_08bd8265.hurl b/cases/auth_login_post_unicode_fuzzing_email_bidi_override_08bd8265.hurl new file mode 100644 index 0000000..fdcb4c4 --- /dev/null +++ b/cases/auth_login_post_unicode_fuzzing_email_bidi_override_08bd8265.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/login - [unicode_fuzzing] email bidi_override ── +# case_id=TC-08bd8265 +# case_name=POST /auth/login - [unicode_fuzzing] email bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "‮hello", + "password": "themselves" +} +``` + +HTTP 400 + diff --git a/cases/auth_login_post_unicode_fuzzing_email_control_char_ce646cde.hurl b/cases/auth_login_post_unicode_fuzzing_email_control_char_ce646cde.hurl new file mode 100644 index 0000000..02ccbb3 --- /dev/null +++ b/cases/auth_login_post_unicode_fuzzing_email_control_char_ce646cde.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/login - [unicode_fuzzing] email control_char ── +# case_id=TC-ce646cde +# case_name=POST /auth/login - [unicode_fuzzing] email control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "hello\u0000world", + "password": "themselves" +} +``` + +HTTP 400 + diff --git a/cases/auth_login_post_unicode_fuzzing_email_overlong_1951562a.hurl b/cases/auth_login_post_unicode_fuzzing_email_overlong_1951562a.hurl new file mode 100644 index 0000000..cd63299 --- /dev/null +++ b/cases/auth_login_post_unicode_fuzzing_email_overlong_1951562a.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/login - [unicode_fuzzing] email overlong ── +# case_id=TC-1951562a +# case_name=POST /auth/login - [unicode_fuzzing] email overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "password": "themselves" +} +``` + +HTTP 400 + diff --git a/cases/auth_login_post_unicode_fuzzing_email_zalgo_1091cce6.hurl b/cases/auth_login_post_unicode_fuzzing_email_zalgo_1091cce6.hurl new file mode 100644 index 0000000..eac3a96 --- /dev/null +++ b/cases/auth_login_post_unicode_fuzzing_email_zalgo_1091cce6.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/login - [unicode_fuzzing] email zalgo ── +# case_id=TC-1091cce6 +# case_name=POST /auth/login - [unicode_fuzzing] email zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "z̀́̂̃̄̅̆̇a", + "password": "themselves" +} +``` + +HTTP 400 + diff --git a/cases/auth_login_post_unicode_fuzzing_email_zero_width_e4c515d2.hurl b/cases/auth_login_post_unicode_fuzzing_email_zero_width_e4c515d2.hurl new file mode 100644 index 0000000..a1647c9 --- /dev/null +++ b/cases/auth_login_post_unicode_fuzzing_email_zero_width_e4c515d2.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/login - [unicode_fuzzing] email zero_width ── +# case_id=TC-e4c515d2 +# case_name=POST /auth/login - [unicode_fuzzing] email zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "​hello", + "password": "themselves" +} +``` + +HTTP 400 + diff --git a/cases/auth_login_post_unicode_fuzzing_password_bidi_override_dc3d45d4.hurl b/cases/auth_login_post_unicode_fuzzing_password_bidi_override_dc3d45d4.hurl new file mode 100644 index 0000000..d0e9e29 --- /dev/null +++ b/cases/auth_login_post_unicode_fuzzing_password_bidi_override_dc3d45d4.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/login - [unicode_fuzzing] password bidi_override ── +# case_id=TC-dc3d45d4 +# case_name=POST /auth/login - [unicode_fuzzing] password bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "lilyperez@allen.io", + "password": "‮hello" +} +``` + +HTTP 400 + diff --git a/cases/auth_login_post_unicode_fuzzing_password_control_char_3fbdbf7e.hurl b/cases/auth_login_post_unicode_fuzzing_password_control_char_3fbdbf7e.hurl new file mode 100644 index 0000000..41792d0 --- /dev/null +++ b/cases/auth_login_post_unicode_fuzzing_password_control_char_3fbdbf7e.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/login - [unicode_fuzzing] password control_char ── +# case_id=TC-3fbdbf7e +# case_name=POST /auth/login - [unicode_fuzzing] password control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "lilyperez@allen.io", + "password": "hello\u0000world" +} +``` + +HTTP 400 + diff --git a/cases/auth_login_post_unicode_fuzzing_password_overlong_b2225a4c.hurl b/cases/auth_login_post_unicode_fuzzing_password_overlong_b2225a4c.hurl new file mode 100644 index 0000000..d149553 --- /dev/null +++ b/cases/auth_login_post_unicode_fuzzing_password_overlong_b2225a4c.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/login - [unicode_fuzzing] password overlong ── +# case_id=TC-b2225a4c +# case_name=POST /auth/login - [unicode_fuzzing] password overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "lilyperez@allen.io", + "password": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +} +``` + +HTTP 400 + diff --git a/cases/auth_login_post_unicode_fuzzing_password_zalgo_7329e86c.hurl b/cases/auth_login_post_unicode_fuzzing_password_zalgo_7329e86c.hurl new file mode 100644 index 0000000..a5b8d77 --- /dev/null +++ b/cases/auth_login_post_unicode_fuzzing_password_zalgo_7329e86c.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/login - [unicode_fuzzing] password zalgo ── +# case_id=TC-7329e86c +# case_name=POST /auth/login - [unicode_fuzzing] password zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "lilyperez@allen.io", + "password": "z̀́̂̃̄̅̆̇a" +} +``` + +HTTP 400 + diff --git a/cases/auth_login_post_unicode_fuzzing_password_zero_width_4e879dad.hurl b/cases/auth_login_post_unicode_fuzzing_password_zero_width_4e879dad.hurl new file mode 100644 index 0000000..eeefefc --- /dev/null +++ b/cases/auth_login_post_unicode_fuzzing_password_zero_width_4e879dad.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/login - [unicode_fuzzing] password zero_width ── +# case_id=TC-4e879dad +# case_name=POST /auth/login - [unicode_fuzzing] password zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "lilyperez@allen.io", + "password": "​hello" +} +``` + +HTTP 400 + diff --git a/cases/auth_login_post_valid_request_with_all_required_fields_486e8c2a.hurl b/cases/auth_login_post_valid_request_with_all_required_fields_486e8c2a.hurl new file mode 100644 index 0000000..7af10e7 --- /dev/null +++ b/cases/auth_login_post_valid_request_with_all_required_fields_486e8c2a.hurl @@ -0,0 +1,25 @@ +# ── POST /auth/login - valid request with all required fields ── +# case_id=TC-486e8c2a +# case_name=POST /auth/login - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "ezrahowell@franklin.biz", + "password": "work" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.role" exists +jsonpath "$.token" exists +jsonpath "$.userId" exists + diff --git a/cases/auth_login_post_wrong_content_type_text_plain_ea0be7b9.hurl b/cases/auth_login_post_wrong_content_type_text_plain_ea0be7b9.hurl new file mode 100644 index 0000000..7c42dd5 --- /dev/null +++ b/cases/auth_login_post_wrong_content_type_text_plain_ea0be7b9.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/login - wrong content-type (text/plain) ── +# case_id=TC-ea0be7b9 +# case_name=POST /auth/login - wrong content-type (text/plain) +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/auth/login +Content-Type: text/plain +```json +{ + "email": "ottonorris@sullivan.com", + "password": "float" +} +``` + +HTTP 415 + diff --git a/cases/auth_login_sequence_chain_delete_api_admin_grants_id_2db91768.hurl b/cases/auth_login_sequence_chain_delete_api_admin_grants_id_2db91768.hurl new file mode 100644 index 0000000..86f0009 --- /dev/null +++ b/cases/auth_login_sequence_chain_delete_api_admin_grants_id_2db91768.hurl @@ -0,0 +1,43 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /auth/login → DELETE /api/admin/grants/{id} +# case_id=TC-2db91768 +# case_name=sequence chain: /auth/login → DELETE /api/admin/grants/{id} +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /auth/login [setup] ───── +# step_id=step-setup +# step_type=setup +# title=create via POST /auth/login + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "elbertgibson@sanchez.biz", + "password": "which" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.userId" + +[Asserts] +status < 300 + +# ── use via DELETE /api/admin/grants/{id} [test] ── +# step_id=step-test +# step_type=test +# title=use via DELETE /api/admin/grants/{id} +# depends_on=step-setup + +DELETE {{base_url}}/api/admin/grants/{{id}} + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/auth_login_sequence_chain_delete_api_admin_users_id_8192e6ba.hurl b/cases/auth_login_sequence_chain_delete_api_admin_users_id_8192e6ba.hurl new file mode 100644 index 0000000..237e8b8 --- /dev/null +++ b/cases/auth_login_sequence_chain_delete_api_admin_users_id_8192e6ba.hurl @@ -0,0 +1,43 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /auth/login → DELETE /api/admin/users/{id} +# case_id=TC-8192e6ba +# case_name=sequence chain: /auth/login → DELETE /api/admin/users/{id} +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /auth/login [setup] ───── +# step_id=step-setup +# step_type=setup +# title=create via POST /auth/login + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "meaghanbailey@simpson.io", + "password": "whatever" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.userId" + +[Asserts] +status < 300 + +# ── use via DELETE /api/admin/users/{id} [test] ── +# step_id=step-test +# step_type=test +# title=use via DELETE /api/admin/users/{id} +# depends_on=step-setup + +DELETE {{base_url}}/api/admin/users/{{id}} + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/auth_login_sequence_chain_get_api_admin_teams_id_grants_4f853ed4.hurl b/cases/auth_login_sequence_chain_get_api_admin_teams_id_grants_4f853ed4.hurl new file mode 100644 index 0000000..fb560ec --- /dev/null +++ b/cases/auth_login_sequence_chain_get_api_admin_teams_id_grants_4f853ed4.hurl @@ -0,0 +1,43 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /auth/login → GET /api/admin/teams/{id}/grants +# case_id=TC-4f853ed4 +# case_name=sequence chain: /auth/login → GET /api/admin/teams/{id}/grants +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /auth/login [setup] ───── +# step_id=step-setup +# step_type=setup +# title=create via POST /auth/login + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "frankiewebb@davies.org", + "password": "for" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.userId" + +[Asserts] +status < 300 + +# ── use via GET /api/admin/teams/{id}/grants [test] ── +# step_id=step-test +# step_type=test +# title=use via GET /api/admin/teams/{id}/grants +# depends_on=step-setup + +GET {{base_url}}/api/admin/teams/{{id}}/grants + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/auth_login_sequence_chain_get_api_admin_teams_id_members_315cb6bf.hurl b/cases/auth_login_sequence_chain_get_api_admin_teams_id_members_315cb6bf.hurl new file mode 100644 index 0000000..01065f7 --- /dev/null +++ b/cases/auth_login_sequence_chain_get_api_admin_teams_id_members_315cb6bf.hurl @@ -0,0 +1,43 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /auth/login → GET /api/admin/teams/{id}/members +# case_id=TC-315cb6bf +# case_name=sequence chain: /auth/login → GET /api/admin/teams/{id}/members +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /auth/login [setup] ───── +# step_id=step-setup +# step_type=setup +# title=create via POST /auth/login + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "manuelcasper@owen.net", + "password": "herself" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.userId" + +[Asserts] +status < 300 + +# ── use via GET /api/admin/teams/{id}/members [test] ── +# step_id=step-test +# step_type=test +# title=use via GET /api/admin/teams/{id}/members +# depends_on=step-setup + +GET {{base_url}}/api/admin/teams/{{id}}/members + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/auth_login_sequence_chain_get_api_admin_teams_id_services_ccf62dd8.hurl b/cases/auth_login_sequence_chain_get_api_admin_teams_id_services_ccf62dd8.hurl new file mode 100644 index 0000000..b822d91 --- /dev/null +++ b/cases/auth_login_sequence_chain_get_api_admin_teams_id_services_ccf62dd8.hurl @@ -0,0 +1,43 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /auth/login → GET /api/admin/teams/{id}/services +# case_id=TC-ccf62dd8 +# case_name=sequence chain: /auth/login → GET /api/admin/teams/{id}/services +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /auth/login [setup] ───── +# step_id=step-setup +# step_type=setup +# title=create via POST /auth/login + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "chetbergstrom@carroll.org", + "password": "additionally" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.userId" + +[Asserts] +status < 300 + +# ── use via GET /api/admin/teams/{id}/services [test] ── +# step_id=step-test +# step_type=test +# title=use via GET /api/admin/teams/{id}/services +# depends_on=step-setup + +GET {{base_url}}/api/admin/teams/{{id}}/services + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/auth_login_sequence_chain_post_api_admin_teams_id_grants_ba58927e.hurl b/cases/auth_login_sequence_chain_post_api_admin_teams_id_grants_ba58927e.hurl new file mode 100644 index 0000000..b1dcce2 --- /dev/null +++ b/cases/auth_login_sequence_chain_post_api_admin_teams_id_grants_ba58927e.hurl @@ -0,0 +1,55 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /auth/login → POST /api/admin/teams/{id}/grants +# case_id=TC-ba58927e +# case_name=sequence chain: /auth/login → POST /api/admin/teams/{id}/grants +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /auth/login [setup] ───── +# step_id=step-setup +# step_type=setup +# title=create via POST /auth/login + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "chaimbird@peters.info", + "password": "have" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.userId" + +[Asserts] +status < 300 + +# ── use via POST /api/admin/teams/{id}/grants [test] ── +# step_id=step-test +# step_type=test +# title=use via POST /api/admin/teams/{id}/grants +# depends_on=step-setup + +POST {{base_url}}/api/admin/teams/{{id}}/grants +Content-Type: application/json +```json +{ + "branches": [ + "anybody" + ], + "expiresAt": "1900-01-23T02:22:54Z", + "granteeTeamId": "2c916244-ec7b-46c4-8a46-75d8003b66f2", + "granteeUserId": "c582e301-b02e-418f-9960-f865b66da97f", + "serviceId": "eaa19ebb-002b-497c-a98a-0293aa5606ad" +} +``` + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/auth_login_sequence_chain_post_api_admin_teams_id_members_b9578186.hurl b/cases/auth_login_sequence_chain_post_api_admin_teams_id_members_b9578186.hurl new file mode 100644 index 0000000..0150d15 --- /dev/null +++ b/cases/auth_login_sequence_chain_post_api_admin_teams_id_members_b9578186.hurl @@ -0,0 +1,50 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /auth/login → POST /api/admin/teams/{id}/members +# case_id=TC-b9578186 +# case_name=sequence chain: /auth/login → POST /api/admin/teams/{id}/members +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /auth/login [setup] ───── +# step_id=step-setup +# step_type=setup +# title=create via POST /auth/login + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "dwightsummers@schuster.org", + "password": "model" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.userId" + +[Asserts] +status < 300 + +# ── use via POST /api/admin/teams/{id}/members [test] ── +# step_id=step-test +# step_type=test +# title=use via POST /api/admin/teams/{id}/members +# depends_on=step-setup + +POST {{base_url}}/api/admin/teams/{{id}}/members +Content-Type: application/json +```json +{ + "role": "owner", + "userId": "5f656700-5067-4ad1-8384-1fb850bc7bf2" +} +``` + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/auth_login_sequence_chain_put_api_admin_users_id_4e754ff4.hurl b/cases/auth_login_sequence_chain_put_api_admin_users_id_4e754ff4.hurl new file mode 100644 index 0000000..8568542 --- /dev/null +++ b/cases/auth_login_sequence_chain_put_api_admin_users_id_4e754ff4.hurl @@ -0,0 +1,50 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /auth/login → PUT /api/admin/users/{id} +# case_id=TC-4e754ff4 +# case_name=sequence chain: /auth/login → PUT /api/admin/users/{id} +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /auth/login [setup] ───── +# step_id=step-setup +# step_type=setup +# title=create via POST /auth/login + +POST {{base_url}}/auth/login +Content-Type: application/json +```json +{ + "email": "amparoknight@evans.biz", + "password": "always" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.userId" + +[Asserts] +status < 300 + +# ── use via PUT /api/admin/users/{id} [test] ── +# step_id=step-test +# step_type=test +# title=use via PUT /api/admin/users/{id} +# depends_on=step-setup + +PUT {{base_url}}/api/admin/users/{{id}} +Content-Type: application/json +```json +{ + "isActive": true, + "role": "team_owner" +} +``` + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/auth_logout_options_owasp_api8_cors_security_configuration_86522697.hurl b/cases/auth_logout_options_owasp_api8_cors_security_configuration_86522697.hurl new file mode 100644 index 0000000..22a7250 --- /dev/null +++ b/cases/auth_logout_options_owasp_api8_cors_security_configuration_86522697.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /auth/logout — CORS security configuration ── +# case_id=TC-86522697 +# case_name=[OWASP-API8] OPTIONS /auth/logout — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/auth/logout +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/auth_logout_post_idempotent_second_call_must_be_safe_cf0be90a.hurl b/cases/auth_logout_post_idempotent_second_call_must_be_safe_cf0be90a.hurl new file mode 100644 index 0000000..ba059e9 --- /dev/null +++ b/cases/auth_logout_post_idempotent_second_call_must_be_safe_cf0be90a.hurl @@ -0,0 +1,33 @@ +# ══════════════════════════════════════════════════ +# POST /auth/logout - idempotent: second call must be safe +# case_id=TC-cf0be90a +# case_name=POST /auth/logout - idempotent: second call must be safe +# case_kind=chain +# priority=P2 +# ══════════════════════════════════════════════════ + +# ── POST /auth/logout — first call [setup] ── +# step_id=step-setup +# step_type=setup +# title=POST /auth/logout — first call + +POST {{base_url}}/auth/logout + +HTTP 200 + +[Asserts] +duration < 2000 + +# ── POST /auth/logout — identical second call must be safe [test] ── +# step_id=step-test +# step_type=test +# title=POST /auth/logout — identical second call must be safe +# depends_on=step-setup + +POST {{base_url}}/auth/logout + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/auth_logout_post_valid_request_with_all_required_fields_a517ccf9.hurl b/cases/auth_logout_post_valid_request_with_all_required_fields_a517ccf9.hurl new file mode 100644 index 0000000..488fe3a --- /dev/null +++ b/cases/auth_logout_post_valid_request_with_all_required_fields_a517ccf9.hurl @@ -0,0 +1,16 @@ +# ── POST /auth/logout - valid request with all required fields ── +# case_id=TC-a517ccf9 +# case_name=POST /auth/logout - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +POST {{base_url}}/auth/logout + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.ok" exists + diff --git a/cases/auth_register_options_owasp_api8_cors_security_configuration_2f9039a1.hurl b/cases/auth_register_options_owasp_api8_cors_security_configuration_2f9039a1.hurl new file mode 100644 index 0000000..3ead36a --- /dev/null +++ b/cases/auth_register_options_owasp_api8_cors_security_configuration_2f9039a1.hurl @@ -0,0 +1,16 @@ +# ── [OWASP-API8] OPTIONS /auth/register — CORS security configuration ── +# case_id=TC-2f9039a1 +# case_name=[OWASP-API8] OPTIONS /auth/register — CORS security configuration +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10_spec +# priority=P0 + +OPTIONS {{base_url}}/auth/register +Origin: https://evil.example.com + +HTTP * + +[Asserts] +header "Access-Control-Allow-Origin" != "*" + diff --git a/cases/auth_register_post_auth_chain_46922b8d.hurl b/cases/auth_register_post_auth_chain_46922b8d.hurl new file mode 100644 index 0000000..c7142c2 --- /dev/null +++ b/cases/auth_register_post_auth_chain_46922b8d.hurl @@ -0,0 +1,51 @@ +# ══════════════════════════════════════════════════ +# auth chain: POST /auth/register +# case_id=TC-46922b8d +# case_name=auth chain: POST /auth/register +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── authenticate via POST /api/tokens [setup] ── +# step_id=step-auth +# step_type=setup +# title=authenticate via POST /api/tokens + +POST {{base_url}}/api/tokens +Content-Type: application/json +```json +{ + "name": "Jakob Jensen", + "scope": "write" +} +``` + +HTTP * + +[Captures] +authToken: jsonpath "$.token" + +[Asserts] +status < 300 + +# ── POST /auth/register with auth token [test] ── +# step_id=step-test +# step_type=test +# title=POST /auth/register with auth token +# depends_on=step-auth + +POST {{base_url}}/auth/register +Authorization: Bearer {{authToken}} +Content-Type: application/json +```json +{ + "email": "edbarber@reyes.name", + "password": "nest" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/auth_register_post_field_boundary_password_invalid_below_min_29d13f96.hurl b/cases/auth_register_post_field_boundary_password_invalid_below_min_29d13f96.hurl new file mode 100644 index 0000000..97e4ccb --- /dev/null +++ b/cases/auth_register_post_field_boundary_password_invalid_below_min_29d13f96.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/register - [field_boundary] password invalid_below_min ── +# case_id=TC-29d13f96 +# case_name=POST /auth/register - [field_boundary] password invalid_below_min +# step_id=step-main +# step_type=test +# technique=field_boundary +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "carmelmaldonado@schwartz.org", + "password": "aaaaaaa" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/auth_register_post_field_boundary_password_valid_min_31e0ac94.hurl b/cases/auth_register_post_field_boundary_password_valid_min_31e0ac94.hurl new file mode 100644 index 0000000..755f4dd --- /dev/null +++ b/cases/auth_register_post_field_boundary_password_valid_min_31e0ac94.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/register - [field_boundary] password valid_min ── +# case_id=TC-31e0ac94 +# case_name=POST /auth/register - [field_boundary] password valid_min +# step_id=step-main +# step_type=test +# technique=field_boundary +# priority=P1 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "cedrickhermann@morales.org", + "password": "aaaaaaaa" +} +``` + +HTTP * + +[Asserts] +status >= 200 +status < 300 + diff --git a/cases/auth_register_post_idempotent_second_call_must_be_safe_d4349959.hurl b/cases/auth_register_post_idempotent_second_call_must_be_safe_d4349959.hurl new file mode 100644 index 0000000..18074a0 --- /dev/null +++ b/cases/auth_register_post_idempotent_second_call_must_be_safe_d4349959.hurl @@ -0,0 +1,47 @@ +# ══════════════════════════════════════════════════ +# POST /auth/register - idempotent: second call must be safe +# case_id=TC-d4349959 +# case_name=POST /auth/register - idempotent: second call must be safe +# case_kind=chain +# priority=P2 +# ══════════════════════════════════════════════════ + +# ── POST /auth/register — first call [setup] ── +# step_id=step-setup +# step_type=setup +# title=POST /auth/register — first call + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "selenagarza@ross.name", + "password": "break" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + +# ── POST /auth/register — identical second call must be safe [test] ── +# step_id=step-test +# step_type=test +# title=POST /auth/register — identical second call must be safe +# depends_on=step-setup + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "selenagarza@ross.name", + "password": "break" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/auth_register_post_invalid_email_invalid_email_format_8449b518.hurl b/cases/auth_register_post_invalid_email_invalid_email_format_8449b518.hurl new file mode 100644 index 0000000..c0886b2 --- /dev/null +++ b/cases/auth_register_post_invalid_email_invalid_email_format_8449b518.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/register - invalid email: invalid email format ── +# case_id=TC-8449b518 +# case_name=POST /auth/register - invalid email: invalid email format +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "not-an-email", + "password": "this" +} +``` + +HTTP 422 + diff --git a/cases/auth_register_post_invalid_password_empty_string_violates_minlength_8_cf64a6d3.hurl b/cases/auth_register_post_invalid_password_empty_string_violates_minlength_8_cf64a6d3.hurl new file mode 100644 index 0000000..369c14b --- /dev/null +++ b/cases/auth_register_post_invalid_password_empty_string_violates_minlength_8_cf64a6d3.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/register - invalid password: empty string violates minLength 8 ── +# case_id=TC-cf64a6d3 +# case_name=POST /auth/register - invalid password: empty string violates minLength 8 +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "mayragrant@nichols.name", + "password": "" +} +``` + +HTTP 422 + diff --git a/cases/auth_register_post_mass_assignment_financial_probe_9b577a9f.hurl b/cases/auth_register_post_mass_assignment_financial_probe_9b577a9f.hurl new file mode 100644 index 0000000..33bd33c --- /dev/null +++ b/cases/auth_register_post_mass_assignment_financial_probe_9b577a9f.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/register - [mass_assignment] financial probe ── +# case_id=TC-9b577a9f +# case_name=POST /auth/register - [mass_assignment] financial probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "balance": 1, + "credits": 1, + "discount": 0, + "email": "waynedaniels@farrell.io", + "password": "instead", + "price": 1 +} +``` + +HTTP 400 + diff --git a/cases/auth_register_post_mass_assignment_identity_probe_be5d4ca2.hurl b/cases/auth_register_post_mass_assignment_identity_probe_be5d4ca2.hurl new file mode 100644 index 0000000..494c3d8 --- /dev/null +++ b/cases/auth_register_post_mass_assignment_identity_probe_be5d4ca2.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/register - [mass_assignment] identity probe ── +# case_id=TC-be5d4ca2 +# case_name=POST /auth/register - [mass_assignment] identity probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "createdBy": "__probe__", + "email": "waynedaniels@farrell.io", + "ownerId": "__probe__", + "password": "instead", + "userId": "__probe__", + "user_id": "__probe__" +} +``` + +HTTP 400 + diff --git a/cases/auth_register_post_mass_assignment_privilege_probe_065d2087.hurl b/cases/auth_register_post_mass_assignment_privilege_probe_065d2087.hurl new file mode 100644 index 0000000..f1974c0 --- /dev/null +++ b/cases/auth_register_post_mass_assignment_privilege_probe_065d2087.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/register - [mass_assignment] privilege probe ── +# case_id=TC-065d2087 +# case_name=POST /auth/register - [mass_assignment] privilege probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "admin": true, + "email": "waynedaniels@farrell.io", + "isAdmin": true, + "is_admin": true, + "password": "instead", + "role": "__probe__" +} +``` + +HTTP 400 + diff --git a/cases/auth_register_post_mass_assignment_status_probe_cabe7291.hurl b/cases/auth_register_post_mass_assignment_status_probe_cabe7291.hurl new file mode 100644 index 0000000..5a7f264 --- /dev/null +++ b/cases/auth_register_post_mass_assignment_status_probe_cabe7291.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/register - [mass_assignment] status probe ── +# case_id=TC-cabe7291 +# case_name=POST /auth/register - [mass_assignment] status probe +# step_id=step-main +# step_type=test +# technique=mass_assignment +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "approved": true, + "banned": false, + "disabled": false, + "email": "waynedaniels@farrell.io", + "password": "instead", + "verified": true +} +``` + +HTTP 400 + diff --git a/cases/auth_register_post_missing_required_field_email_445d8b1f.hurl b/cases/auth_register_post_missing_required_field_email_445d8b1f.hurl new file mode 100644 index 0000000..b9d3bdf --- /dev/null +++ b/cases/auth_register_post_missing_required_field_email_445d8b1f.hurl @@ -0,0 +1,18 @@ +# ── POST /auth/register - missing required field "email" ── +# case_id=TC-445d8b1f +# case_name=POST /auth/register - missing required field "email" +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P1 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "password": "still" +} +``` + +HTTP 422 + diff --git a/cases/auth_register_post_missing_required_field_email_cae39bb3.hurl b/cases/auth_register_post_missing_required_field_email_cae39bb3.hurl new file mode 100644 index 0000000..b6fc8cd --- /dev/null +++ b/cases/auth_register_post_missing_required_field_email_cae39bb3.hurl @@ -0,0 +1,18 @@ +# ── POST /auth/register - missing required field "email" ── +# case_id=TC-cae39bb3 +# case_name=POST /auth/register - missing required field "email" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "password": "this" +} +``` + +HTTP 422 + diff --git a/cases/auth_register_post_missing_required_field_password_31707ae5.hurl b/cases/auth_register_post_missing_required_field_password_31707ae5.hurl new file mode 100644 index 0000000..80177d1 --- /dev/null +++ b/cases/auth_register_post_missing_required_field_password_31707ae5.hurl @@ -0,0 +1,18 @@ +# ── POST /auth/register - missing required field "password" ── +# case_id=TC-31707ae5 +# case_name=POST /auth/register - missing required field "password" +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P1 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "leahawkins@white.io" +} +``` + +HTTP 422 + diff --git a/cases/auth_register_post_missing_required_field_password_72f7ecb7.hurl b/cases/auth_register_post_missing_required_field_password_72f7ecb7.hurl new file mode 100644 index 0000000..906eed6 --- /dev/null +++ b/cases/auth_register_post_missing_required_field_password_72f7ecb7.hurl @@ -0,0 +1,18 @@ +# ── POST /auth/register - missing required field "password" ── +# case_id=TC-72f7ecb7 +# case_name=POST /auth/register - missing required field "password" +# step_id=step-main +# step_type=test +# technique=isolated_negative +# priority=P1 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "mayragrant@nichols.name" +} +``` + +HTTP 422 + diff --git a/cases/auth_register_post_mutation_email_empty_string_b9e7832e.hurl b/cases/auth_register_post_mutation_email_empty_string_b9e7832e.hurl new file mode 100644 index 0000000..8f52798 --- /dev/null +++ b/cases/auth_register_post_mutation_email_empty_string_b9e7832e.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/register - mutation: email empty string ── +# case_id=TC-b9e7832e +# case_name=POST /auth/register - mutation: email empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "", + "password": "where" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/auth_register_post_mutation_email_integer_instead_of_string_00b95383.hurl b/cases/auth_register_post_mutation_email_integer_instead_of_string_00b95383.hurl new file mode 100644 index 0000000..073aabc --- /dev/null +++ b/cases/auth_register_post_mutation_email_integer_instead_of_string_00b95383.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/register - mutation: email integer instead of string ── +# case_id=TC-00b95383 +# case_name=POST /auth/register - mutation: email integer instead of string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": 12345, + "password": "where" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/auth_register_post_mutation_email_invalid_email_format_7c859b9c.hurl b/cases/auth_register_post_mutation_email_invalid_email_format_7c859b9c.hurl new file mode 100644 index 0000000..37657c6 --- /dev/null +++ b/cases/auth_register_post_mutation_email_invalid_email_format_7c859b9c.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/register - mutation: email invalid email format ── +# case_id=TC-7c859b9c +# case_name=POST /auth/register - mutation: email invalid email format +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "not-an-email", + "password": "where" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/auth_register_post_mutation_email_null_value_6da4f717.hurl b/cases/auth_register_post_mutation_email_null_value_6da4f717.hurl new file mode 100644 index 0000000..71c07ac --- /dev/null +++ b/cases/auth_register_post_mutation_email_null_value_6da4f717.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/register - mutation: email null value ── +# case_id=TC-6da4f717 +# case_name=POST /auth/register - mutation: email null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": null, + "password": "where" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/auth_register_post_mutation_email_oversized_string_300_chars_3dfbbb02.hurl b/cases/auth_register_post_mutation_email_oversized_string_300_chars_3dfbbb02.hurl new file mode 100644 index 0000000..1ccb068 --- /dev/null +++ b/cases/auth_register_post_mutation_email_oversized_string_300_chars_3dfbbb02.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/register - mutation: email oversized string (300 chars) ── +# case_id=TC-3dfbbb02 +# case_name=POST /auth/register - mutation: email oversized string (300 chars) +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "password": "where" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/auth_register_post_mutation_password_empty_string_f66d6ba8.hurl b/cases/auth_register_post_mutation_password_empty_string_f66d6ba8.hurl new file mode 100644 index 0000000..63f0ff2 --- /dev/null +++ b/cases/auth_register_post_mutation_password_empty_string_f66d6ba8.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/register - mutation: password empty string ── +# case_id=TC-f66d6ba8 +# case_name=POST /auth/register - mutation: password empty string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "marjoriecole@donnelly.org", + "password": "" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/auth_register_post_mutation_password_integer_instead_of_string_85af6488.hurl b/cases/auth_register_post_mutation_password_integer_instead_of_string_85af6488.hurl new file mode 100644 index 0000000..955183e --- /dev/null +++ b/cases/auth_register_post_mutation_password_integer_instead_of_string_85af6488.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/register - mutation: password integer instead of string ── +# case_id=TC-85af6488 +# case_name=POST /auth/register - mutation: password integer instead of string +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "marjoriecole@donnelly.org", + "password": 12345 +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/auth_register_post_mutation_password_null_value_8df134ff.hurl b/cases/auth_register_post_mutation_password_null_value_8df134ff.hurl new file mode 100644 index 0000000..0c54e74 --- /dev/null +++ b/cases/auth_register_post_mutation_password_null_value_8df134ff.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/register - mutation: password null value ── +# case_id=TC-8df134ff +# case_name=POST /auth/register - mutation: password null value +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "marjoriecole@donnelly.org", + "password": null +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/auth_register_post_mutation_password_oversized_string_300_chars_ffcd46cb.hurl b/cases/auth_register_post_mutation_password_oversized_string_300_chars_ffcd46cb.hurl new file mode 100644 index 0000000..3ef380f --- /dev/null +++ b/cases/auth_register_post_mutation_password_oversized_string_300_chars_ffcd46cb.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/register - mutation: password oversized string (300 chars) ── +# case_id=TC-ffcd46cb +# case_name=POST /auth/register - mutation: password oversized string (300 chars) +# step_id=step-main +# step_type=test +# technique=mutation +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "marjoriecole@donnelly.org", + "password": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/auth_register_post_null_injection_email_031620b5.hurl b/cases/auth_register_post_null_injection_email_031620b5.hurl new file mode 100644 index 0000000..8fb879a --- /dev/null +++ b/cases/auth_register_post_null_injection_email_031620b5.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/register - null injection: email ── +# case_id=TC-031620b5 +# case_name=POST /auth/register - null injection: email +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": null, + "password": "mouth" +} +``` + +HTTP 422 + diff --git a/cases/auth_register_post_null_injection_password_dc0c76f3.hurl b/cases/auth_register_post_null_injection_password_dc0c76f3.hurl new file mode 100644 index 0000000..b5e0c7a --- /dev/null +++ b/cases/auth_register_post_null_injection_password_dc0c76f3.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/register - null injection: password ── +# case_id=TC-dc0c76f3 +# case_name=POST /auth/register - null injection: password +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "audreygarrett@morris.info", + "password": null +} +``` + +HTTP 422 + diff --git a/cases/auth_register_post_owasp_api2_broken_authentication_e8a47f18.hurl b/cases/auth_register_post_owasp_api2_broken_authentication_e8a47f18.hurl new file mode 100644 index 0000000..e259ea8 --- /dev/null +++ b/cases/auth_register_post_owasp_api2_broken_authentication_e8a47f18.hurl @@ -0,0 +1,12 @@ +# ── [OWASP-API2] POST /auth/register — broken authentication ── +# case_id=TC-e8a47f18 +# case_name=[OWASP-API2] POST /auth/register — broken authentication +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/auth/register + +HTTP 401 + diff --git a/cases/auth_register_post_owasp_api6_mass_assignment_900b6a9f.hurl b/cases/auth_register_post_owasp_api6_mass_assignment_900b6a9f.hurl new file mode 100644 index 0000000..44b6299 --- /dev/null +++ b/cases/auth_register_post_owasp_api6_mass_assignment_900b6a9f.hurl @@ -0,0 +1,27 @@ +# ── [OWASP-API6] POST /auth/register — mass assignment ── +# case_id=TC-900b6a9f +# case_name=[OWASP-API6] POST /auth/register — mass assignment +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "createdAt": "2000-01-01T00:00:00Z", + "email": "gennarogislason@newton.io", + "id": 99999, + "password": "did", + "updatedAt": "2000-01-01T00:00:00Z" +} +``` + +HTTP 201 + +[Asserts] +jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" +jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" +jsonpath "$.id" != 99999 + diff --git a/cases/auth_register_post_owasp_api7_injection_path_traversal_2f3c6761.hurl b/cases/auth_register_post_owasp_api7_injection_path_traversal_2f3c6761.hurl new file mode 100644 index 0000000..2218a11 --- /dev/null +++ b/cases/auth_register_post_owasp_api7_injection_path_traversal_2f3c6761.hurl @@ -0,0 +1,18 @@ +# ── [OWASP-API7] POST /auth/register — injection (path-traversal) ── +# case_id=TC-2f3c6761 +# case_name=[OWASP-API7] POST /auth/register — injection (path-traversal) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "../../../etc/passwd" +} +``` + +HTTP 400 + diff --git a/cases/auth_register_post_owasp_api7_injection_sqli_ff6e6a6b.hurl b/cases/auth_register_post_owasp_api7_injection_sqli_ff6e6a6b.hurl new file mode 100644 index 0000000..20d0608 --- /dev/null +++ b/cases/auth_register_post_owasp_api7_injection_sqli_ff6e6a6b.hurl @@ -0,0 +1,18 @@ +# ── [OWASP-API7] POST /auth/register — injection (sqli) ── +# case_id=TC-ff6e6a6b +# case_name=[OWASP-API7] POST /auth/register — injection (sqli) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "' OR 1=1--" +} +``` + +HTTP 400 + diff --git a/cases/auth_register_post_owasp_api7_injection_xss_368fd7b5.hurl b/cases/auth_register_post_owasp_api7_injection_xss_368fd7b5.hurl new file mode 100644 index 0000000..c2b01a5 --- /dev/null +++ b/cases/auth_register_post_owasp_api7_injection_xss_368fd7b5.hurl @@ -0,0 +1,18 @@ +# ── [OWASP-API7] POST /auth/register — injection (xss) ── +# case_id=TC-368fd7b5 +# case_name=[OWASP-API7] POST /auth/register — injection (xss) +# step_id=step-1 +# step_type=test +# technique=owasp_api_top10 +# priority=P0 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" +} +``` + +HTTP 400 + diff --git a/cases/auth_register_post_password_at_max_plus_one_invalid_boundary_0de23fb9.hurl b/cases/auth_register_post_password_at_max_plus_one_invalid_boundary_0de23fb9.hurl new file mode 100644 index 0000000..75bf589 --- /dev/null +++ b/cases/auth_register_post_password_at_max_plus_one_invalid_boundary_0de23fb9.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/register - password at max_plus_one_invalid boundary ── +# case_id=TC-0de23fb9 +# case_name=POST /auth/register - password at max_plus_one_invalid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "kasandravelazquez@willis.org", + "password": "rPNlcdUMPwImsPdHFstXXMFIWbajRRdQloozwcKtoDbGhjiVVjHhIxcPpxMVGqqKfZycxZGoowdemLuYWOaEvFeerqBahGZywYIkuGXZrJdCNLryEunbqPYCHWypnUwNviWToCVJFisKyZtCteizZYgpdPlJDBzSucWfdtYFBAzmlDrKirFlAXDxVwWdZscUXFIAryQbydibyCuTJuKPjVPFBgydzlVHJwlOmkfnmyWhxdOnhlOMZdXVRggOpqya" +} +``` + +HTTP 422 + diff --git a/cases/auth_register_post_password_at_max_valid_boundary_b381fdb9.hurl b/cases/auth_register_post_password_at_max_valid_boundary_b381fdb9.hurl new file mode 100644 index 0000000..518c5cf --- /dev/null +++ b/cases/auth_register_post_password_at_max_valid_boundary_b381fdb9.hurl @@ -0,0 +1,22 @@ +# ── POST /auth/register - password at max_valid boundary ── +# case_id=TC-b381fdb9 +# case_name=POST /auth/register - password at max_valid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P1 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "kasandravelazquez@willis.org", + "password": "zBlKzdHplyIohqMEAqvZSLUwRAAjdZKfbpkfEhUcSKoTKSlgMvwBEjoRpxXhryTaTAoTzCYyWaXpUkIgpumlAMpSEYEqFYHvmPDdtFumNUpHtbSoyugqaeiVyRdgqNwJsZzlXPJtrDBniDFcfYhHvlLEZBOqZCOoAPKPXTaHVHlRPRLPdCiRYyBYiVNGQIfRCXVbfVAECwwZbjBrGaKIfctBAjeidCzjvfjsjckVQIlqUrEHxrxTFDKxXvgrcFS" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/auth_register_post_password_at_min_minus_one_invalid_boundary_15e47d10.hurl b/cases/auth_register_post_password_at_min_minus_one_invalid_boundary_15e47d10.hurl new file mode 100644 index 0000000..1f69ab4 --- /dev/null +++ b/cases/auth_register_post_password_at_min_minus_one_invalid_boundary_15e47d10.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/register - password at min_minus_one_invalid boundary ── +# case_id=TC-15e47d10 +# case_name=POST /auth/register - password at min_minus_one_invalid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "kasandravelazquez@willis.org", + "password": "qnWvUIn" +} +``` + +HTTP 422 + diff --git a/cases/auth_register_post_password_at_min_valid_boundary_0f0b429e.hurl b/cases/auth_register_post_password_at_min_valid_boundary_0f0b429e.hurl new file mode 100644 index 0000000..a6b22ae --- /dev/null +++ b/cases/auth_register_post_password_at_min_valid_boundary_0f0b429e.hurl @@ -0,0 +1,22 @@ +# ── POST /auth/register - password at min_valid boundary ── +# case_id=TC-0f0b429e +# case_name=POST /auth/register - password at min_valid boundary +# step_id=step-main +# step_type=test +# technique=boundary_value +# priority=P1 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "kasandravelazquez@willis.org", + "password": "htnnilAG" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 + diff --git a/cases/auth_register_post_required_omission_email_absent_b724df31.hurl b/cases/auth_register_post_required_omission_email_absent_b724df31.hurl new file mode 100644 index 0000000..47787e5 --- /dev/null +++ b/cases/auth_register_post_required_omission_email_absent_b724df31.hurl @@ -0,0 +1,22 @@ +# ── POST /auth/register - [required_omission] email absent ── +# case_id=TC-b724df31 +# case_name=POST /auth/register - [required_omission] email absent +# step_id=step-main +# step_type=test +# technique=required_omission +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "password": "themselves" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/auth_register_post_required_omission_password_absent_3d6d9a7d.hurl b/cases/auth_register_post_required_omission_password_absent_3d6d9a7d.hurl new file mode 100644 index 0000000..90d3b45 --- /dev/null +++ b/cases/auth_register_post_required_omission_password_absent_3d6d9a7d.hurl @@ -0,0 +1,22 @@ +# ── POST /auth/register - [required_omission] password absent ── +# case_id=TC-3d6d9a7d +# case_name=POST /auth/register - [required_omission] password absent +# step_id=step-main +# step_type=test +# technique=required_omission +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "artperkins@smith.net" +} +``` + +HTTP * + +[Asserts] +status >= 400 +status < 500 + diff --git a/cases/auth_register_post_schema_violation_email_invalid_format_email_75e2908b.hurl b/cases/auth_register_post_schema_violation_email_invalid_format_email_75e2908b.hurl new file mode 100644 index 0000000..367b6ee --- /dev/null +++ b/cases/auth_register_post_schema_violation_email_invalid_format_email_75e2908b.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/register - [schema_violation] email_invalid_format_email ── +# case_id=TC-75e2908b +# case_name=POST /auth/register - [schema_violation] email_invalid_format_email +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "not-an-email", + "password": "these" +} +``` + +HTTP 422 + diff --git a/cases/auth_register_post_schema_violation_email_missing_required_95b20a12.hurl b/cases/auth_register_post_schema_violation_email_missing_required_95b20a12.hurl new file mode 100644 index 0000000..75f251e --- /dev/null +++ b/cases/auth_register_post_schema_violation_email_missing_required_95b20a12.hurl @@ -0,0 +1,18 @@ +# ── POST /auth/register - [schema_violation] email_missing_required ── +# case_id=TC-95b20a12 +# case_name=POST /auth/register - [schema_violation] email_missing_required +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "password": "these" +} +``` + +HTTP 422 + diff --git a/cases/auth_register_post_schema_violation_password_missing_required_88fb391a.hurl b/cases/auth_register_post_schema_violation_password_missing_required_88fb391a.hurl new file mode 100644 index 0000000..d073f89 --- /dev/null +++ b/cases/auth_register_post_schema_violation_password_missing_required_88fb391a.hurl @@ -0,0 +1,18 @@ +# ── POST /auth/register - [schema_violation] password_missing_required ── +# case_id=TC-88fb391a +# case_name=POST /auth/register - [schema_violation] password_missing_required +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "jadonrobertson@wu.org" +} +``` + +HTTP 422 + diff --git a/cases/auth_register_post_schema_violation_password_too_short_225366e2.hurl b/cases/auth_register_post_schema_violation_password_too_short_225366e2.hurl new file mode 100644 index 0000000..8aad65e --- /dev/null +++ b/cases/auth_register_post_schema_violation_password_too_short_225366e2.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/register - [schema_violation] password_too_short ── +# case_id=TC-225366e2 +# case_name=POST /auth/register - [schema_violation] password_too_short +# step_id=step-main +# step_type=test +# technique=schema_violation +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "jadonrobertson@wu.org", + "password": "" +} +``` + +HTTP 422 + diff --git a/cases/auth_register_post_type_coercion_email_wrong_type_boolean_cff3b5ee.hurl b/cases/auth_register_post_type_coercion_email_wrong_type_boolean_cff3b5ee.hurl new file mode 100644 index 0000000..e49b791 --- /dev/null +++ b/cases/auth_register_post_type_coercion_email_wrong_type_boolean_cff3b5ee.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/register - [type_coercion] email wrong_type_boolean ── +# case_id=TC-cff3b5ee +# case_name=POST /auth/register - [type_coercion] email wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": true, + "password": "it" +} +``` + +HTTP 422 + diff --git a/cases/auth_register_post_type_coercion_email_wrong_type_integer_c40fa64f.hurl b/cases/auth_register_post_type_coercion_email_wrong_type_integer_c40fa64f.hurl new file mode 100644 index 0000000..f2d8955 --- /dev/null +++ b/cases/auth_register_post_type_coercion_email_wrong_type_integer_c40fa64f.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/register - [type_coercion] email wrong_type_integer ── +# case_id=TC-c40fa64f +# case_name=POST /auth/register - [type_coercion] email wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": 123, + "password": "it" +} +``` + +HTTP 422 + diff --git a/cases/auth_register_post_type_coercion_password_wrong_type_boolean_4af1b36a.hurl b/cases/auth_register_post_type_coercion_password_wrong_type_boolean_4af1b36a.hurl new file mode 100644 index 0000000..46be377 --- /dev/null +++ b/cases/auth_register_post_type_coercion_password_wrong_type_boolean_4af1b36a.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/register - [type_coercion] password wrong_type_boolean ── +# case_id=TC-4af1b36a +# case_name=POST /auth/register - [type_coercion] password wrong_type_boolean +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "bentonwoods@marsh.net", + "password": true +} +``` + +HTTP 422 + diff --git a/cases/auth_register_post_type_coercion_password_wrong_type_integer_4a32c12b.hurl b/cases/auth_register_post_type_coercion_password_wrong_type_integer_4a32c12b.hurl new file mode 100644 index 0000000..2c03f35 --- /dev/null +++ b/cases/auth_register_post_type_coercion_password_wrong_type_integer_4a32c12b.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/register - [type_coercion] password wrong_type_integer ── +# case_id=TC-4a32c12b +# case_name=POST /auth/register - [type_coercion] password wrong_type_integer +# step_id=step-main +# step_type=test +# technique=type_coercion +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "bentonwoods@marsh.net", + "password": 123 +} +``` + +HTTP 422 + diff --git a/cases/auth_register_post_unicode_fuzzing_email_bidi_override_cd50c303.hurl b/cases/auth_register_post_unicode_fuzzing_email_bidi_override_cd50c303.hurl new file mode 100644 index 0000000..16a4941 --- /dev/null +++ b/cases/auth_register_post_unicode_fuzzing_email_bidi_override_cd50c303.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/register - [unicode_fuzzing] email bidi_override ── +# case_id=TC-cd50c303 +# case_name=POST /auth/register - [unicode_fuzzing] email bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "‮hello", + "password": "every" +} +``` + +HTTP 400 + diff --git a/cases/auth_register_post_unicode_fuzzing_email_control_char_619e4131.hurl b/cases/auth_register_post_unicode_fuzzing_email_control_char_619e4131.hurl new file mode 100644 index 0000000..1740526 --- /dev/null +++ b/cases/auth_register_post_unicode_fuzzing_email_control_char_619e4131.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/register - [unicode_fuzzing] email control_char ── +# case_id=TC-619e4131 +# case_name=POST /auth/register - [unicode_fuzzing] email control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "hello\u0000world", + "password": "every" +} +``` + +HTTP 400 + diff --git a/cases/auth_register_post_unicode_fuzzing_email_overlong_aea85ac5.hurl b/cases/auth_register_post_unicode_fuzzing_email_overlong_aea85ac5.hurl new file mode 100644 index 0000000..243e5db --- /dev/null +++ b/cases/auth_register_post_unicode_fuzzing_email_overlong_aea85ac5.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/register - [unicode_fuzzing] email overlong ── +# case_id=TC-aea85ac5 +# case_name=POST /auth/register - [unicode_fuzzing] email overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "password": "every" +} +``` + +HTTP 400 + diff --git a/cases/auth_register_post_unicode_fuzzing_email_zalgo_67eec10b.hurl b/cases/auth_register_post_unicode_fuzzing_email_zalgo_67eec10b.hurl new file mode 100644 index 0000000..7443fc2 --- /dev/null +++ b/cases/auth_register_post_unicode_fuzzing_email_zalgo_67eec10b.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/register - [unicode_fuzzing] email zalgo ── +# case_id=TC-67eec10b +# case_name=POST /auth/register - [unicode_fuzzing] email zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "z̀́̂̃̄̅̆̇a", + "password": "every" +} +``` + +HTTP 400 + diff --git a/cases/auth_register_post_unicode_fuzzing_email_zero_width_c30816fe.hurl b/cases/auth_register_post_unicode_fuzzing_email_zero_width_c30816fe.hurl new file mode 100644 index 0000000..b55bfd6 --- /dev/null +++ b/cases/auth_register_post_unicode_fuzzing_email_zero_width_c30816fe.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/register - [unicode_fuzzing] email zero_width ── +# case_id=TC-c30816fe +# case_name=POST /auth/register - [unicode_fuzzing] email zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "​hello", + "password": "every" +} +``` + +HTTP 400 + diff --git a/cases/auth_register_post_unicode_fuzzing_password_bidi_override_28ca4955.hurl b/cases/auth_register_post_unicode_fuzzing_password_bidi_override_28ca4955.hurl new file mode 100644 index 0000000..9803b42 --- /dev/null +++ b/cases/auth_register_post_unicode_fuzzing_password_bidi_override_28ca4955.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/register - [unicode_fuzzing] password bidi_override ── +# case_id=TC-28ca4955 +# case_name=POST /auth/register - [unicode_fuzzing] password bidi_override +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "charityross@barber.biz", + "password": "‮hello" +} +``` + +HTTP 400 + diff --git a/cases/auth_register_post_unicode_fuzzing_password_control_char_cd54b4b0.hurl b/cases/auth_register_post_unicode_fuzzing_password_control_char_cd54b4b0.hurl new file mode 100644 index 0000000..9d81cf0 --- /dev/null +++ b/cases/auth_register_post_unicode_fuzzing_password_control_char_cd54b4b0.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/register - [unicode_fuzzing] password control_char ── +# case_id=TC-cd54b4b0 +# case_name=POST /auth/register - [unicode_fuzzing] password control_char +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "charityross@barber.biz", + "password": "hello\u0000world" +} +``` + +HTTP 400 + diff --git a/cases/auth_register_post_unicode_fuzzing_password_overlong_3ac12861.hurl b/cases/auth_register_post_unicode_fuzzing_password_overlong_3ac12861.hurl new file mode 100644 index 0000000..70aa7fa --- /dev/null +++ b/cases/auth_register_post_unicode_fuzzing_password_overlong_3ac12861.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/register - [unicode_fuzzing] password overlong ── +# case_id=TC-3ac12861 +# case_name=POST /auth/register - [unicode_fuzzing] password overlong +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "charityross@barber.biz", + "password": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" +} +``` + +HTTP 400 + diff --git a/cases/auth_register_post_unicode_fuzzing_password_zalgo_ab0475dc.hurl b/cases/auth_register_post_unicode_fuzzing_password_zalgo_ab0475dc.hurl new file mode 100644 index 0000000..5fb1590 --- /dev/null +++ b/cases/auth_register_post_unicode_fuzzing_password_zalgo_ab0475dc.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/register - [unicode_fuzzing] password zalgo ── +# case_id=TC-ab0475dc +# case_name=POST /auth/register - [unicode_fuzzing] password zalgo +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "charityross@barber.biz", + "password": "z̀́̂̃̄̅̆̇a" +} +``` + +HTTP 400 + diff --git a/cases/auth_register_post_unicode_fuzzing_password_zero_width_e4e8966c.hurl b/cases/auth_register_post_unicode_fuzzing_password_zero_width_e4e8966c.hurl new file mode 100644 index 0000000..689dec9 --- /dev/null +++ b/cases/auth_register_post_unicode_fuzzing_password_zero_width_e4e8966c.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/register - [unicode_fuzzing] password zero_width ── +# case_id=TC-e4e8966c +# case_name=POST /auth/register - [unicode_fuzzing] password zero_width +# step_id=step-main +# step_type=test +# technique=unicode_fuzzing +# priority=P3 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "charityross@barber.biz", + "password": "​hello" +} +``` + +HTTP 400 + diff --git a/cases/auth_register_post_valid_request_with_all_required_fields_787a33be.hurl b/cases/auth_register_post_valid_request_with_all_required_fields_787a33be.hurl new file mode 100644 index 0000000..08bb698 --- /dev/null +++ b/cases/auth_register_post_valid_request_with_all_required_fields_787a33be.hurl @@ -0,0 +1,23 @@ +# ── POST /auth/register - valid request with all required fields ── +# case_id=TC-787a33be +# case_name=POST /auth/register - valid request with all required fields +# step_id=step-main +# step_type=test +# technique=equivalence_partitioning +# priority=P0 + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "alessandravaldez@daniel.net", + "password": "who" +} +``` + +HTTP 200 + +[Asserts] +duration < 2000 +jsonpath "$.userId" exists + diff --git a/cases/auth_register_post_wrong_content_type_text_plain_9cf203de.hurl b/cases/auth_register_post_wrong_content_type_text_plain_9cf203de.hurl new file mode 100644 index 0000000..619b41e --- /dev/null +++ b/cases/auth_register_post_wrong_content_type_text_plain_9cf203de.hurl @@ -0,0 +1,19 @@ +# ── POST /auth/register - wrong content-type (text/plain) ── +# case_id=TC-9cf203de +# case_name=POST /auth/register - wrong content-type (text/plain) +# step_id=step-main +# step_type=test +# technique=constraint_mutation +# priority=P2 + +POST {{base_url}}/auth/register +Content-Type: text/plain +```json +{ + "email": "audreygarrett@morris.info", + "password": "mouth" +} +``` + +HTTP 415 + diff --git a/cases/auth_register_sequence_chain_delete_api_admin_grants_id_465a3cf5.hurl b/cases/auth_register_sequence_chain_delete_api_admin_grants_id_465a3cf5.hurl new file mode 100644 index 0000000..205e802 --- /dev/null +++ b/cases/auth_register_sequence_chain_delete_api_admin_grants_id_465a3cf5.hurl @@ -0,0 +1,43 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /auth/register → DELETE /api/admin/grants/{id} +# case_id=TC-465a3cf5 +# case_name=sequence chain: /auth/register → DELETE /api/admin/grants/{id} +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /auth/register [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /auth/register + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "hollybarker@garza.com", + "password": "who" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.userId" + +[Asserts] +status < 300 + +# ── use via DELETE /api/admin/grants/{id} [test] ── +# step_id=step-test +# step_type=test +# title=use via DELETE /api/admin/grants/{id} +# depends_on=step-setup + +DELETE {{base_url}}/api/admin/grants/{{id}} + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/auth_register_sequence_chain_delete_api_admin_users_id_b3bffa74.hurl b/cases/auth_register_sequence_chain_delete_api_admin_users_id_b3bffa74.hurl new file mode 100644 index 0000000..a91f4f8 --- /dev/null +++ b/cases/auth_register_sequence_chain_delete_api_admin_users_id_b3bffa74.hurl @@ -0,0 +1,43 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /auth/register → DELETE /api/admin/users/{id} +# case_id=TC-b3bffa74 +# case_name=sequence chain: /auth/register → DELETE /api/admin/users/{id} +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /auth/register [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /auth/register + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "fannystevenson@daugherty.com", + "password": "way" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.userId" + +[Asserts] +status < 300 + +# ── use via DELETE /api/admin/users/{id} [test] ── +# step_id=step-test +# step_type=test +# title=use via DELETE /api/admin/users/{id} +# depends_on=step-setup + +DELETE {{base_url}}/api/admin/users/{{id}} + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/auth_register_sequence_chain_get_api_admin_teams_id_grants_a05de11b.hurl b/cases/auth_register_sequence_chain_get_api_admin_teams_id_grants_a05de11b.hurl new file mode 100644 index 0000000..2a08f4a --- /dev/null +++ b/cases/auth_register_sequence_chain_get_api_admin_teams_id_grants_a05de11b.hurl @@ -0,0 +1,43 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /auth/register → GET /api/admin/teams/{id}/grants +# case_id=TC-a05de11b +# case_name=sequence chain: /auth/register → GET /api/admin/teams/{id}/grants +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /auth/register [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /auth/register + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "claramorales@barton.org", + "password": "tickle" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.userId" + +[Asserts] +status < 300 + +# ── use via GET /api/admin/teams/{id}/grants [test] ── +# step_id=step-test +# step_type=test +# title=use via GET /api/admin/teams/{id}/grants +# depends_on=step-setup + +GET {{base_url}}/api/admin/teams/{{id}}/grants + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/auth_register_sequence_chain_get_api_admin_teams_id_members_b5dca30c.hurl b/cases/auth_register_sequence_chain_get_api_admin_teams_id_members_b5dca30c.hurl new file mode 100644 index 0000000..a6eda8f --- /dev/null +++ b/cases/auth_register_sequence_chain_get_api_admin_teams_id_members_b5dca30c.hurl @@ -0,0 +1,43 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /auth/register → GET /api/admin/teams/{id}/members +# case_id=TC-b5dca30c +# case_name=sequence chain: /auth/register → GET /api/admin/teams/{id}/members +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /auth/register [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /auth/register + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "greggburns@spencer.info", + "password": "motivation" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.userId" + +[Asserts] +status < 300 + +# ── use via GET /api/admin/teams/{id}/members [test] ── +# step_id=step-test +# step_type=test +# title=use via GET /api/admin/teams/{id}/members +# depends_on=step-setup + +GET {{base_url}}/api/admin/teams/{{id}}/members + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/auth_register_sequence_chain_get_api_admin_teams_id_services_344df791.hurl b/cases/auth_register_sequence_chain_get_api_admin_teams_id_services_344df791.hurl new file mode 100644 index 0000000..294766e --- /dev/null +++ b/cases/auth_register_sequence_chain_get_api_admin_teams_id_services_344df791.hurl @@ -0,0 +1,43 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /auth/register → GET /api/admin/teams/{id}/services +# case_id=TC-344df791 +# case_name=sequence chain: /auth/register → GET /api/admin/teams/{id}/services +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /auth/register [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /auth/register + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "joshpalmer@blake.info", + "password": "wad" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.userId" + +[Asserts] +status < 300 + +# ── use via GET /api/admin/teams/{id}/services [test] ── +# step_id=step-test +# step_type=test +# title=use via GET /api/admin/teams/{id}/services +# depends_on=step-setup + +GET {{base_url}}/api/admin/teams/{{id}}/services + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/auth_register_sequence_chain_post_api_admin_teams_id_grants_10533daf.hurl b/cases/auth_register_sequence_chain_post_api_admin_teams_id_grants_10533daf.hurl new file mode 100644 index 0000000..31c1c1c --- /dev/null +++ b/cases/auth_register_sequence_chain_post_api_admin_teams_id_grants_10533daf.hurl @@ -0,0 +1,55 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /auth/register → POST /api/admin/teams/{id}/grants +# case_id=TC-10533daf +# case_name=sequence chain: /auth/register → POST /api/admin/teams/{id}/grants +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /auth/register [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /auth/register + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "chaunceyjacobi@white.com", + "password": "that" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.userId" + +[Asserts] +status < 300 + +# ── use via POST /api/admin/teams/{id}/grants [test] ── +# step_id=step-test +# step_type=test +# title=use via POST /api/admin/teams/{id}/grants +# depends_on=step-setup + +POST {{base_url}}/api/admin/teams/{{id}}/grants +Content-Type: application/json +```json +{ + "branches": [ + "disregard" + ], + "expiresAt": "2003-09-24T09:23:31Z", + "granteeTeamId": "c727d010-3eb5-469f-93d2-a46ab145fcf5", + "granteeUserId": "9f6fa71f-b14f-4fe8-bd62-fe79743d34db", + "serviceId": "1f968d6d-ab6e-4d94-b8de-a0df2b4a5209" +} +``` + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/auth_register_sequence_chain_post_api_admin_teams_id_members_98e576b1.hurl b/cases/auth_register_sequence_chain_post_api_admin_teams_id_members_98e576b1.hurl new file mode 100644 index 0000000..fa0a5d9 --- /dev/null +++ b/cases/auth_register_sequence_chain_post_api_admin_teams_id_members_98e576b1.hurl @@ -0,0 +1,50 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /auth/register → POST /api/admin/teams/{id}/members +# case_id=TC-98e576b1 +# case_name=sequence chain: /auth/register → POST /api/admin/teams/{id}/members +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /auth/register [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /auth/register + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "lukasvalencia@cummings.name", + "password": "couple" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.userId" + +[Asserts] +status < 300 + +# ── use via POST /api/admin/teams/{id}/members [test] ── +# step_id=step-test +# step_type=test +# title=use via POST /api/admin/teams/{id}/members +# depends_on=step-setup + +POST {{base_url}}/api/admin/teams/{{id}}/members +Content-Type: application/json +```json +{ + "role": "owner", + "userId": "204452b4-832e-4601-a227-8ecf3cc125ec" +} +``` + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/auth_register_sequence_chain_put_api_admin_users_id_0c6076ab.hurl b/cases/auth_register_sequence_chain_put_api_admin_users_id_0c6076ab.hurl new file mode 100644 index 0000000..028e04a --- /dev/null +++ b/cases/auth_register_sequence_chain_put_api_admin_users_id_0c6076ab.hurl @@ -0,0 +1,50 @@ +# ══════════════════════════════════════════════════ +# sequence chain: /auth/register → PUT /api/admin/users/{id} +# case_id=TC-0c6076ab +# case_name=sequence chain: /auth/register → PUT /api/admin/users/{id} +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── create via POST /auth/register [setup] ── +# step_id=step-setup +# step_type=setup +# title=create via POST /auth/register + +POST {{base_url}}/auth/register +Content-Type: application/json +```json +{ + "email": "sharonwright@dietrich.org", + "password": "it" +} +``` + +HTTP * + +[Captures] +id: jsonpath "$.userId" + +[Asserts] +status < 300 + +# ── use via PUT /api/admin/users/{id} [test] ── +# step_id=step-test +# step_type=test +# title=use via PUT /api/admin/users/{id} +# depends_on=step-setup + +PUT {{base_url}}/api/admin/users/{{id}} +Content-Type: application/json +```json +{ + "isActive": false, + "role": "team_owner" +} +``` + +HTTP * + +[Asserts] +status < 300 + diff --git a/cases/index.json b/cases/index.json new file mode 100644 index 0000000..7622214 --- /dev/null +++ b/cases/index.json @@ -0,0 +1,43397 @@ +{ + "$schema": "https://caseforge.dev/schema/v1/index.json", + "version": "1", + "generated_at": "2026-05-06T21:30:41.942433+08:00", + "meta": { + "spec_hash": "d71b77814ff5a1561722a8f11f3aab40e8d0000e681fd9d1666ff726cdb24a40", + "caseforge_version": "dev", + "by_technique": { + "auth_chain": 13, + "boundary_value": 28, + "chain_sequence": 52, + "classification_tree": 11, + "constraint_mutation": 47, + "decision_table": 6, + "equivalence_partitioning": 53, + "field_boundary": 14, + "idempotency": 21, + "idor": 34, + "isolated_negative": 60, + "mass_assignment": 52, + "mutation": 107, + "owasp_api_top10": 154, + "owasp_api_top10_spec": 47, + "required_omission": 17, + "schema_violation": 34, + "semantic_annotation": 1, + "type_coercion": 67, + "unicode_fuzzing": 150 + }, + "by_priority": { + "P0": 237, + "P1": 188, + "P2": 393, + "P3": 150 + }, + "by_kind": { + "chain": 86, + "single": 882 + } + }, + "test_cases": [ + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c9b53fc1", + "title": "GET /api/catalog - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Catalog" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "GET /api/catalog", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "GET", + "path": "/api/catalog", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.services", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.897602+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e1fa3406", + "title": "[OWASP-API2] GET /api/catalog — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/catalog", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "GET", + "path": "/api/catalog", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.897742+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b2745533", + "title": "DELETE /api/catalog/:serviceId - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Catalog" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "DELETE /api/catalog/:serviceId", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "DELETE", + "path": "/api/catalog/:serviceId", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.ok", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.898217+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-84233d9e", + "title": "DELETE /api/catalog/:serviceId - idempotent: second call must be safe", + "kind": "chain", + "priority": "P2", + "tags": [ + "Catalog" + ], + "source": { + "technique": "idempotency", + "spec_path": "DELETE /api/catalog/:serviceId", + "rationale": "DELETE is a write operation; test that repeat calls are safe" + }, + "steps": [ + { + "id": "step-setup", + "title": "DELETE /api/catalog/:serviceId — first call", + "type": "setup", + "method": "DELETE", + "path": "/api/catalog/:serviceId", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + }, + { + "id": "step-test", + "title": "DELETE /api/catalog/:serviceId — identical second call must be safe", + "type": "test", + "method": "DELETE", + "path": "/api/catalog/:serviceId", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "labels": { + "type": "idempotency" + }, + "generated_at": "2026-05-06T21:30:41.898273+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-be467598", + "title": "[OWASP-API2] DELETE /api/catalog/:serviceId — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/catalog/:serviceId", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "DELETE", + "path": "/api/catalog/:serviceId", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.898279+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-bfdae539", + "title": "[OWASP-API7] DELETE /api/catalog/:serviceId — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/catalog/:serviceId", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "DELETE", + "path": "/api/catalog/:serviceId", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.898284+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d27beca6", + "title": "[OWASP-API7] DELETE /api/catalog/:serviceId — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/catalog/:serviceId", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "DELETE", + "path": "/api/catalog/:serviceId", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.898286+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c37e4439", + "title": "[OWASP-API7] DELETE /api/catalog/:serviceId — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/catalog/:serviceId", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "DELETE", + "path": "/api/catalog/:serviceId", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.898288+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3209e4f6", + "title": "DELETE /api/catalog/:serviceId - missing required param \"serviceId\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Catalog" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "DELETE /api/catalog/:serviceId parameters.serviceId", + "rationale": "isolated failure: required param \"serviceId\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"serviceId\"", + "type": "test", + "method": "DELETE", + "path": "/api/catalog/:serviceId", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.89833+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e72a9984", + "title": "DELETE /api/catalog/:serviceId - IDOR serviceId=00000000-0000-0000-0000-000000000001 (alt_uuid)", + "kind": "single", + "priority": "P1", + "tags": [ + "Catalog" + ], + "source": { + "technique": "idor", + "spec_path": "DELETE /api/catalog/:serviceId parameters.serviceId", + "rationale": "IDOR probe: substituting serviceId=00000000-0000-0000-0000-000000000001 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR serviceId=00000000-0000-0000-0000-000000000001 (alt_uuid)", + "type": "test", + "method": "DELETE", + "path": "/api/catalog/:serviceId", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.898351+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c4621de0", + "title": "DELETE /api/catalog/:serviceId - IDOR serviceId=00000000-0000-0000-0000-000000000000 (nil_uuid)", + "kind": "single", + "priority": "P1", + "tags": [ + "Catalog" + ], + "source": { + "technique": "idor", + "spec_path": "DELETE /api/catalog/:serviceId parameters.serviceId", + "rationale": "IDOR probe: substituting serviceId=00000000-0000-0000-0000-000000000000 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR serviceId=00000000-0000-0000-0000-000000000000 (nil_uuid)", + "type": "test", + "method": "DELETE", + "path": "/api/catalog/:serviceId", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.898353+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2f56068b", + "title": "DELETE /api/admin/teams/{id} - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "DELETE /api/admin/teams/{id}", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "DELETE", + "path": "/api/admin/teams/{id}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.ok", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.89853+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2d2c1dda", + "title": "DELETE /api/admin/teams/{id} - idempotent: second call must be safe", + "kind": "chain", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "idempotency", + "spec_path": "DELETE /api/admin/teams/{id}", + "rationale": "DELETE is a write operation; test that repeat calls are safe" + }, + "steps": [ + { + "id": "step-setup", + "title": "DELETE /api/admin/teams/{id} — first call", + "type": "setup", + "method": "DELETE", + "path": "/api/admin/teams/{id}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + }, + { + "id": "step-test", + "title": "DELETE /api/admin/teams/{id} — identical second call must be safe", + "type": "test", + "method": "DELETE", + "path": "/api/admin/teams/{id}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "labels": { + "type": "idempotency" + }, + "generated_at": "2026-05-06T21:30:41.898559+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a23b7745", + "title": "[OWASP-API1] DELETE /api/admin/teams/{id} — BOLA unauthorized access", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api1-bola" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/teams/{id}", + "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access other user's resource", + "type": "test", + "method": "DELETE", + "path": "/api/admin/teams/{{other_resource_id}}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.898566+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f7305717", + "title": "[OWASP-API2] DELETE /api/admin/teams/{id} — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/teams/{id}", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "DELETE", + "path": "/api/admin/teams/{id}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.898567+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-cdcba009", + "title": "[OWASP-API7] DELETE /api/admin/teams/{id} — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/teams/{id}", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "DELETE", + "path": "/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.898571+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e0aa0be4", + "title": "[OWASP-API7] DELETE /api/admin/teams/{id} — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/teams/{id}", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "DELETE", + "path": "/api/admin/teams/%27%20OR%201=1--", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.898573+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-726d486c", + "title": "[OWASP-API7] DELETE /api/admin/teams/{id} — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/teams/{id}", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "DELETE", + "path": "/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.898575+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d700a9bc", + "title": "DELETE /api/admin/teams/{id} - missing required param \"id\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "DELETE /api/admin/teams/{id} parameters.id", + "rationale": "isolated failure: required param \"id\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"id\"", + "type": "test", + "method": "DELETE", + "path": "/api/admin/teams/1", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.898659+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-0d533645", + "title": "DELETE /api/admin/teams/{id} - IDOR id=99999 (alt_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "DELETE /api/admin/teams/{id} parameters.id", + "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=99999 (alt_id)", + "type": "test", + "method": "DELETE", + "path": "/api/admin/teams/99999", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.898667+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-04e9a0f9", + "title": "DELETE /api/admin/teams/{id} - IDOR id=0 (zero_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "DELETE /api/admin/teams/{id} parameters.id", + "rationale": "IDOR probe: substituting id=0 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=0 (zero_id)", + "type": "test", + "method": "DELETE", + "path": "/api/admin/teams/0", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.89867+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-92de58a1", + "title": "PUT /api/admin/teams/{id} - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "PUT /api/admin/teams/{id}", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Optimize company for lovely clarity.", + "displayName": "snore" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.isDeletable", + "operator": "exists" + }, + { + "target": "body.name", + "operator": "exists" + }, + { + "target": "body.createdAt", + "operator": "exists" + }, + { + "target": "body.description", + "operator": "exists" + }, + { + "target": "body.displayName", + "operator": "exists" + }, + { + "target": "body.id", + "operator": "exists" + }, + { + "target": "body.isDefault", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.898836+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1ca0ed36", + "title": "PUT /api/admin/teams/{id} - idempotent: second call must be safe", + "kind": "chain", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "idempotency", + "spec_path": "PUT /api/admin/teams/{id}", + "rationale": "PUT is a write operation; test that repeat calls are safe" + }, + "steps": [ + { + "id": "step-setup", + "title": "PUT /api/admin/teams/{id} — first call", + "type": "setup", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Anything lean when the person spikes.", + "displayName": "dig" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + }, + { + "id": "step-test", + "title": "PUT /api/admin/teams/{id} — identical second call must be safe", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Anything lean when the person spikes.", + "displayName": "dig" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "labels": { + "type": "idempotency" + }, + "generated_at": "2026-05-06T21:30:41.898855+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-50ace962", + "title": "[OWASP-API1] PUT /api/admin/teams/{id} — BOLA unauthorized access", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api1-bola" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/teams/{id}", + "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access other user's resource", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{{other_resource_id}}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.898882+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-fea6c4f7", + "title": "[OWASP-API2] PUT /api/admin/teams/{id} — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/teams/{id}", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.898883+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d147b4f6", + "title": "[OWASP-API3] PUT /api/admin/teams/{id} — BOPLA property-level access", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api3-bopla" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/teams/{id}", + "rationale": "PATCH/PUT with injected privileged fields; those fields must not be modified or reflected in the response" + }, + "steps": [ + { + "id": "step-1", + "title": "inject privileged fields in body", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Onward to better way!", + "displayName": "moreover", + "is_admin": true, + "role": "admin" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "jsonpath $.is_admin", + "operator": "ne", + "expected": true + }, + { + "target": "jsonpath $.role", + "operator": "ne", + "expected": "admin" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.898893+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6357ae57", + "title": "[OWASP-API6] PUT /api/admin/teams/{id} — mass assignment", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api6-mass-assignment" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/teams/{id}", + "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" + }, + "steps": [ + { + "id": "step-1", + "title": "inject read-only fields in body", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "createdAt": "2000-01-01T00:00:00Z", + "description": "Carefully massage the juicer daringly.", + "displayName": "theirs", + "id": 99999, + "updatedAt": "2000-01-01T00:00:00Z" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "jsonpath $.id", + "operator": "ne", + "expected": 99999 + }, + { + "target": "jsonpath $.createdAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + }, + { + "target": "jsonpath $.updatedAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.898903+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d3681129", + "title": "[OWASP-API7] PUT /api/admin/teams/{id} — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/teams/{id}", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.898905+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c7f786e4", + "title": "[OWASP-API7] PUT /api/admin/teams/{id} — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/teams/{id}", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/%27%20OR%201=1--", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.898907+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-894772da", + "title": "[OWASP-API7] PUT /api/admin/teams/{id} — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/teams/{id}", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.898909+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-09825850", + "title": "PUT /api/admin/teams/{id} - missing required param \"id\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "PUT /api/admin/teams/{id} parameters.id", + "rationale": "isolated failure: required param \"id\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"id\"", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/1", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899033+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-df8e9c3a", + "title": "PUT /api/admin/teams/{id} - mutation: description null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PUT /api/admin/teams/{id} requestBody.description", + "rationale": "field \"description\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: description → null value", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": null, + "displayName": "shall" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899052+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-eb263846", + "title": "PUT /api/admin/teams/{id} - mutation: description empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PUT /api/admin/teams/{id} requestBody.description", + "rationale": "field \"description\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: description → empty string", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "", + "displayName": "shall" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899054+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f0d62caa", + "title": "PUT /api/admin/teams/{id} - mutation: description integer instead of string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PUT /api/admin/teams/{id} requestBody.description", + "rationale": "field \"description\" mutated with integer instead of string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: description → integer instead of string", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": 12345, + "displayName": "shall" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899056+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-68ace4a3", + "title": "PUT /api/admin/teams/{id} - mutation: description oversized string (300 chars)", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PUT /api/admin/teams/{id} requestBody.description", + "rationale": "field \"description\" mutated with oversized string (300 chars); API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: description → oversized string (300 chars)", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "displayName": "shall" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899058+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c587ff33", + "title": "PUT /api/admin/teams/{id} - mutation: displayName null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PUT /api/admin/teams/{id} requestBody.displayName", + "rationale": "field \"displayName\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: displayName → null value", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "First of all, document the company and specify the rest.", + "displayName": null + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.89906+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-13a9f6ae", + "title": "PUT /api/admin/teams/{id} - mutation: displayName empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PUT /api/admin/teams/{id} requestBody.displayName", + "rationale": "field \"displayName\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: displayName → empty string", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "First of all, document the company and specify the rest.", + "displayName": "" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899062+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-05b44595", + "title": "PUT /api/admin/teams/{id} - mutation: displayName integer instead of string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PUT /api/admin/teams/{id} requestBody.displayName", + "rationale": "field \"displayName\" mutated with integer instead of string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: displayName → integer instead of string", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "First of all, document the company and specify the rest.", + "displayName": 12345 + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899064+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7def0ad8", + "title": "PUT /api/admin/teams/{id} - mutation: displayName oversized string (300 chars)", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PUT /api/admin/teams/{id} requestBody.displayName", + "rationale": "field \"displayName\" mutated with oversized string (300 chars); API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: displayName → oversized string (300 chars)", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "First of all, document the company and specify the rest.", + "displayName": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899066+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-794499ad", + "title": "PUT /api/admin/teams/{id} - null injection: description", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.description", + "rationale": "field \"description\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: description", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": null, + "displayName": "nervous" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899196+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6c433e61", + "title": "PUT /api/admin/teams/{id} - null injection: displayName", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.displayName", + "rationale": "field \"displayName\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: displayName", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Publish a changelog entry for the work.", + "displayName": null + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899199+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a77a2981", + "title": "PUT /api/admin/teams/{id} - wrong content-type (text/plain)", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "PUT /api/admin/teams/{id} requestBody", + "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", + "scenario": "WRONG_CONTENT_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "wrong content-type (text/plain)", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "text/plain" + }, + "body": { + "description": "Publish a changelog entry for the work.", + "displayName": "nervous" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 415 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899201+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3296a87f", + "title": "PUT /api/admin/teams/{id} - [type_coercion] description wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.description", + "rationale": "field \"description\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] description wrong_type_integer", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": 123, + "displayName": "addition" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899255+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6dd640a7", + "title": "PUT /api/admin/teams/{id} - [type_coercion] description wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.description", + "rationale": "field \"description\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] description wrong_type_boolean", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": true, + "displayName": "addition" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899258+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3ade9411", + "title": "PUT /api/admin/teams/{id} - [type_coercion] displayName wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.displayName", + "rationale": "field \"displayName\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] displayName wrong_type_integer", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Visualize hand for faster decisions.", + "displayName": 123 + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.89926+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ccdc6ae5", + "title": "PUT /api/admin/teams/{id} - [type_coercion] displayName wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.displayName", + "rationale": "field \"displayName\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] displayName wrong_type_boolean", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Visualize hand for faster decisions.", + "displayName": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899262+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d9200d81", + "title": "PUT /api/admin/teams/{id} - [unicode_fuzzing] description control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.description", + "rationale": "field \"description\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] description control_char", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "hello\u0000world", + "displayName": "quarterly" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899332+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1f9507e6", + "title": "PUT /api/admin/teams/{id} - [unicode_fuzzing] description zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.description", + "rationale": "field \"description\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] description zero_width", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "​hello", + "displayName": "quarterly" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899335+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c42ef106", + "title": "PUT /api/admin/teams/{id} - [unicode_fuzzing] description bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.description", + "rationale": "field \"description\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] description bidi_override", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "‮hello", + "displayName": "quarterly" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899337+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a87f58e7", + "title": "PUT /api/admin/teams/{id} - [unicode_fuzzing] description overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.description", + "rationale": "field \"description\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] description overlong", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "displayName": "quarterly" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899341+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e354e0de", + "title": "PUT /api/admin/teams/{id} - [unicode_fuzzing] description zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.description", + "rationale": "field \"description\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] description zalgo", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "z̀́̂̃̄̅̆̇a", + "displayName": "quarterly" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899343+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-39195267", + "title": "PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.displayName", + "rationale": "field \"displayName\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] displayName control_char", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Warm starts beat cold work.", + "displayName": "hello\u0000world" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899346+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a1cdc859", + "title": "PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.displayName", + "rationale": "field \"displayName\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] displayName zero_width", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Warm starts beat cold work.", + "displayName": "​hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899349+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7c97c5e9", + "title": "PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.displayName", + "rationale": "field \"displayName\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] displayName bidi_override", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Warm starts beat cold work.", + "displayName": "‮hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899351+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-cb9e326e", + "title": "PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.displayName", + "rationale": "field \"displayName\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] displayName overlong", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Warm starts beat cold work.", + "displayName": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899353+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5add01e6", + "title": "PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.displayName", + "rationale": "field \"displayName\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] displayName zalgo", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Warm starts beat cold work.", + "displayName": "z̀́̂̃̄̅̆̇a" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899356+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1b5cbca5", + "title": "PUT /api/admin/teams/{id} - [mass_assignment] privilege probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "PUT /api/admin/teams/{id} requestBody", + "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_PRIVILEGE" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] privilege probe", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "admin": true, + "description": "Alert on way thresholds yesterday.", + "displayName": "this", + "isAdmin": true, + "is_admin": true, + "role": "__probe__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899527+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c574427d", + "title": "PUT /api/admin/teams/{id} - [mass_assignment] status probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "PUT /api/admin/teams/{id} requestBody", + "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_STATUS" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] status probe", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "approved": true, + "banned": false, + "description": "Alert on way thresholds yesterday.", + "disabled": false, + "displayName": "this", + "verified": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.89953+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4c631268", + "title": "PUT /api/admin/teams/{id} - [mass_assignment] financial probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "PUT /api/admin/teams/{id} requestBody", + "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_FINANCIAL" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] financial probe", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "balance": 1, + "credits": 1, + "description": "Alert on way thresholds yesterday.", + "discount": 0, + "displayName": "this", + "price": 1 + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899534+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ed4e87e7", + "title": "PUT /api/admin/teams/{id} - [mass_assignment] identity probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "PUT /api/admin/teams/{id} requestBody", + "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_IDENTITY" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] identity probe", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "createdBy": "__probe__", + "description": "Alert on way thresholds yesterday.", + "displayName": "this", + "ownerId": "__probe__", + "userId": "__probe__", + "user_id": "__probe__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899536+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d4dddc4b", + "title": "PUT /api/admin/teams/{id} - IDOR id=99999 (alt_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "PUT /api/admin/teams/{id} parameters.id", + "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=99999 (alt_id)", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/99999", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899595+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3c4cc44b", + "title": "PUT /api/admin/teams/{id} - IDOR id=0 (zero_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "PUT /api/admin/teams/{id} parameters.id", + "rationale": "IDOR probe: substituting id=0 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=0 (zero_id)", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/0", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899597+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1b69193c", + "title": "GET /api/admin/teams/{id}/services - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "GET /api/admin/teams/{id}/services", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{id}/services", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.services", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899737+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ce61c6bf", + "title": "[OWASP-API1] GET /api/admin/teams/{id}/services — BOLA unauthorized access", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api1-bola" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/admin/teams/{id}/services", + "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access other user's resource", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{{other_resource_id}}/services", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.89978+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-29194ed9", + "title": "[OWASP-API2] GET /api/admin/teams/{id}/services — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/admin/teams/{id}/services", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{id}/services", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899781+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-80ccb269", + "title": "[OWASP-API7] GET /api/admin/teams/{id}/services — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/admin/teams/{id}/services", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/services", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899783+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2e72efb4", + "title": "[OWASP-API7] GET /api/admin/teams/{id}/services — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/admin/teams/{id}/services", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/%27%20OR%201=1--/services", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899785+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-961479c7", + "title": "[OWASP-API7] GET /api/admin/teams/{id}/services — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/admin/teams/{id}/services", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/services", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899787+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-bbd8e250", + "title": "GET /api/admin/teams/{id}/services - missing required param \"id\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "GET /api/admin/teams/{id}/services parameters.id", + "rationale": "isolated failure: required param \"id\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"id\"", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/1/services", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899874+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-09f2f077", + "title": "GET /api/admin/teams/{id}/services - IDOR id=99999 (alt_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "GET /api/admin/teams/{id}/services parameters.id", + "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=99999 (alt_id)", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/99999/services", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899913+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-405d2163", + "title": "GET /api/admin/teams/{id}/services - IDOR id=0 (zero_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "GET /api/admin/teams/{id}/services parameters.id", + "rationale": "IDOR probe: substituting id=0 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=0 (zero_id)", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/0/services", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.899915+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-fd2d7e20", + "title": "DELETE /api/admin/users/{id} - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "DELETE /api/admin/users/{id}", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "DELETE", + "path": "/api/admin/users/{id}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.ok", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.900097+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-380dcf78", + "title": "DELETE /api/admin/users/{id} - idempotent: second call must be safe", + "kind": "chain", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "idempotency", + "spec_path": "DELETE /api/admin/users/{id}", + "rationale": "DELETE is a write operation; test that repeat calls are safe" + }, + "steps": [ + { + "id": "step-setup", + "title": "DELETE /api/admin/users/{id} — first call", + "type": "setup", + "method": "DELETE", + "path": "/api/admin/users/{id}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + }, + { + "id": "step-test", + "title": "DELETE /api/admin/users/{id} — identical second call must be safe", + "type": "test", + "method": "DELETE", + "path": "/api/admin/users/{id}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "labels": { + "type": "idempotency" + }, + "generated_at": "2026-05-06T21:30:41.900154+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-073a78a5", + "title": "[OWASP-API1] DELETE /api/admin/users/{id} — BOLA unauthorized access", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api1-bola" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/users/{id}", + "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access other user's resource", + "type": "test", + "method": "DELETE", + "path": "/api/admin/users/{{other_resource_id}}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.900159+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5cc69e63", + "title": "[OWASP-API2] DELETE /api/admin/users/{id} — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/users/{id}", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "DELETE", + "path": "/api/admin/users/{id}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.90016+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ae1228c7", + "title": "[OWASP-API7] DELETE /api/admin/users/{id} — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/users/{id}", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "DELETE", + "path": "/api/admin/users/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.900162+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-35704eb4", + "title": "[OWASP-API7] DELETE /api/admin/users/{id} — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/users/{id}", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "DELETE", + "path": "/api/admin/users/%27%20OR%201=1--", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.900164+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-9a54d420", + "title": "[OWASP-API7] DELETE /api/admin/users/{id} — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/users/{id}", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "DELETE", + "path": "/api/admin/users/..%2F..%2F..%2Fetc%2Fpasswd", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.900166+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-abfeb37c", + "title": "DELETE /api/admin/users/{id} - missing required param \"id\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "DELETE /api/admin/users/{id} parameters.id", + "rationale": "isolated failure: required param \"id\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"id\"", + "type": "test", + "method": "DELETE", + "path": "/api/admin/users/1", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.900313+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f53c958f", + "title": "DELETE /api/admin/users/{id} - IDOR id=99999 (alt_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "DELETE /api/admin/users/{id} parameters.id", + "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=99999 (alt_id)", + "type": "test", + "method": "DELETE", + "path": "/api/admin/users/99999", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.900328+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f8eac138", + "title": "DELETE /api/admin/users/{id} - IDOR id=0 (zero_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "DELETE /api/admin/users/{id} parameters.id", + "rationale": "IDOR probe: substituting id=0 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=0 (zero_id)", + "type": "test", + "method": "DELETE", + "path": "/api/admin/users/0", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.90033+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d7979f2a", + "title": "PUT /api/admin/users/{id} - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "PUT /api/admin/users/{id}", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": true, + "role": "team_owner" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.ok", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.900481+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-920617a8", + "title": "PUT /api/admin/users/{id} - isActive = true", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "decision_table", + "spec_path": "PUT /api/admin/users/{id} requestBody.properties.isActive", + "rationale": "decision table: isActive takes boolean value true" + }, + "steps": [ + { + "id": "step-main", + "title": "isActive = true", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": true, + "role": "super_admin" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.900554+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-307b2101", + "title": "PUT /api/admin/users/{id} - isActive = false", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "decision_table", + "spec_path": "PUT /api/admin/users/{id} requestBody.properties.isActive", + "rationale": "decision table: isActive takes boolean value false" + }, + "steps": [ + { + "id": "step-main", + "title": "isActive = false", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": false, + "role": "team_member" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.900558+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-72c28c85", + "title": "PUT /api/admin/users/{id} - role = super_admin", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "decision_table", + "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", + "rationale": "decision table: role takes enum value super_admin" + }, + "steps": [ + { + "id": "step-main", + "title": "role = super_admin", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": false, + "role": "super_admin" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.900561+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c8807eae", + "title": "PUT /api/admin/users/{id} - role = team_owner", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "decision_table", + "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", + "rationale": "decision table: role takes enum value team_owner" + }, + "steps": [ + { + "id": "step-main", + "title": "role = team_owner", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": true, + "role": "team_owner" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.900564+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c19312b9", + "title": "PUT /api/admin/users/{id} - role = team_member", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "decision_table", + "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", + "rationale": "decision table: role takes enum value team_member" + }, + "steps": [ + { + "id": "step-main", + "title": "role = team_member", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": false, + "role": "team_member" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.900567+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d671319d", + "title": "PUT /api/admin/users/{id} - role = guest", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "decision_table", + "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", + "rationale": "decision table: role takes enum value guest" + }, + "steps": [ + { + "id": "step-main", + "title": "role = guest", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": false, + "role": "guest" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.90057+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-383d2878", + "title": "PUT /api/admin/users/{id} - idempotent: second call must be safe", + "kind": "chain", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "idempotency", + "spec_path": "PUT /api/admin/users/{id}", + "rationale": "PUT is a write operation; test that repeat calls are safe" + }, + "steps": [ + { + "id": "step-setup", + "title": "PUT /api/admin/users/{id} — first call", + "type": "setup", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": false, + "role": "team_owner" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + }, + { + "id": "step-test", + "title": "PUT /api/admin/users/{id} — identical second call must be safe", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": false, + "role": "team_owner" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "labels": { + "type": "idempotency" + }, + "generated_at": "2026-05-06T21:30:41.900736+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-91b47863", + "title": "[OWASP-API1] PUT /api/admin/users/{id} — BOLA unauthorized access", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api1-bola" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/users/{id}", + "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access other user's resource", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{{other_resource_id}}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.900785+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3552a6c6", + "title": "[OWASP-API2] PUT /api/admin/users/{id} — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/users/{id}", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.900786+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4ae5244a", + "title": "[OWASP-API3] PUT /api/admin/users/{id} — BOPLA property-level access", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api3-bopla" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/users/{id}", + "rationale": "PATCH/PUT with injected privileged fields; those fields must not be modified or reflected in the response" + }, + "steps": [ + { + "id": "step-1", + "title": "inject privileged fields in body", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": true, + "is_admin": true, + "role": "admin" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "jsonpath $.is_admin", + "operator": "ne", + "expected": true + }, + { + "target": "jsonpath $.role", + "operator": "ne", + "expected": "admin" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.90079+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-38dd166b", + "title": "[OWASP-API6] PUT /api/admin/users/{id} — mass assignment", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api6-mass-assignment" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/users/{id}", + "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" + }, + "steps": [ + { + "id": "step-1", + "title": "inject read-only fields in body", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "createdAt": "2000-01-01T00:00:00Z", + "id": 99999, + "isActive": false, + "role": "team_member", + "updatedAt": "2000-01-01T00:00:00Z" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "jsonpath $.id", + "operator": "ne", + "expected": 99999 + }, + { + "target": "jsonpath $.createdAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + }, + { + "target": "jsonpath $.updatedAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.900794+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-51b9a625", + "title": "[OWASP-API7] PUT /api/admin/users/{id} — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/users/{id}", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.900797+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c653b26d", + "title": "[OWASP-API7] PUT /api/admin/users/{id} — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/users/{id}", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/%27%20OR%201=1--", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.900799+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e9f5a9c9", + "title": "[OWASP-API7] PUT /api/admin/users/{id} — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/users/{id}", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/..%2F..%2F..%2Fetc%2Fpasswd", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.900801+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-9a696767", + "title": "PUT /api/admin/users/{id} - invalid isActive: wrong type (string for boolean)", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "PUT /api/admin/users/{id} requestBody.properties.isActive", + "rationale": "isolated failure: only \"isActive\" is invalid (wrong type (string for boolean)); all other fields valid", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "invalid isActive: wrong type (string for boolean)", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": "not_a_boolean", + "role": "super_admin" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.900998+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-be8b477d", + "title": "PUT /api/admin/users/{id} - invalid role: value not in enum", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", + "rationale": "isolated failure: only \"role\" is invalid (value not in enum); all other fields valid", + "scenario": "ENUM_INVALID" + }, + "steps": [ + { + "id": "step-main", + "title": "invalid role: value not in enum", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": true, + "role": "__invalid_enum__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-fe77f880", + "title": "PUT /api/admin/users/{id} - missing required param \"id\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "PUT /api/admin/users/{id} parameters.id", + "rationale": "isolated failure: required param \"id\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"id\"", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/1", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901002+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-891572b6", + "title": "PUT /api/admin/users/{id} - [schema_violation] isActive_wrong_type", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "schema_violation", + "spec_path": "PUT /api/admin/users/{id} requestBody.properties.isActive", + "rationale": "isActive is boolean but received a string" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] isActive_wrong_type", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": "not_a_boolean", + "role": "team_owner" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901116+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3765a2be", + "title": "PUT /api/admin/users/{id} - [schema_violation] role_invalid_enum", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "schema_violation", + "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", + "rationale": "role=\"__invalid__\" is not in enum [super_admin team_owner team_member guest]" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] role_invalid_enum", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": true, + "role": "__invalid__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901119+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-48706298", + "title": "PUT /api/admin/users/{id} - mutation: isActive null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PUT /api/admin/users/{id} requestBody.isActive", + "rationale": "field \"isActive\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: isActive → null value", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": null, + "role": "super_admin" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901164+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c83a8b69", + "title": "PUT /api/admin/users/{id} - mutation: isActive string instead of boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PUT /api/admin/users/{id} requestBody.isActive", + "rationale": "field \"isActive\" mutated with string instead of boolean; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: isActive → string instead of boolean", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": "yes", + "role": "super_admin" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901166+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-56c3f6cc", + "title": "PUT /api/admin/users/{id} - mutation: isActive integer instead of boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PUT /api/admin/users/{id} requestBody.isActive", + "rationale": "field \"isActive\" mutated with integer instead of boolean; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: isActive → integer instead of boolean", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": 1, + "role": "super_admin" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901168+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-091acd05", + "title": "PUT /api/admin/users/{id} - mutation: role null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PUT /api/admin/users/{id} requestBody.role", + "rationale": "field \"role\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: role → null value", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": false, + "role": null + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901171+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f4802a98", + "title": "PUT /api/admin/users/{id} - mutation: role empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PUT /api/admin/users/{id} requestBody.role", + "rationale": "field \"role\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: role → empty string", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": false, + "role": "" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901172+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1d2d0cbd", + "title": "PUT /api/admin/users/{id} - mutation: role integer instead of string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PUT /api/admin/users/{id} requestBody.role", + "rationale": "field \"role\" mutated with integer instead of string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: role → integer instead of string", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": false, + "role": 12345 + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.90118+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-786de8b3", + "title": "PUT /api/admin/users/{id} - mutation: role oversized string (300 chars)", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PUT /api/admin/users/{id} requestBody.role", + "rationale": "field \"role\" mutated with oversized string (300 chars); API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: role → oversized string (300 chars)", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": false, + "role": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901181+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c8deaf48", + "title": "PUT /api/admin/users/{id} - null injection: isActive", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "PUT /api/admin/users/{id} requestBody.properties.isActive", + "rationale": "field \"isActive\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: isActive", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": null, + "role": "super_admin" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901372+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e890383a", + "title": "PUT /api/admin/users/{id} - null injection: role", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", + "rationale": "field \"role\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: role", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": false, + "role": null + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901374+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-69ba511c", + "title": "PUT /api/admin/users/{id} - wrong content-type (text/plain)", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "PUT /api/admin/users/{id} requestBody", + "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", + "scenario": "WRONG_CONTENT_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "wrong content-type (text/plain)", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "text/plain" + }, + "body": { + "isActive": false, + "role": "super_admin" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 415 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901377+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4a329fab", + "title": "PUT /api/admin/users/{id} - [type_coercion] isActive wrong_type_string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "PUT /api/admin/users/{id} requestBody.properties.isActive", + "rationale": "field \"isActive\" is boolean but receives wrong_type_string — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] isActive wrong_type_string", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": "not_a_boolean", + "role": "super_admin" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901487+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-308337db", + "title": "PUT /api/admin/users/{id} - [type_coercion] isActive wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "PUT /api/admin/users/{id} requestBody.properties.isActive", + "rationale": "field \"isActive\" is boolean but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] isActive wrong_type_integer", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": 1, + "role": "super_admin" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901491+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-60c61680", + "title": "PUT /api/admin/users/{id} - [type_coercion] role wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", + "rationale": "field \"role\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] role wrong_type_integer", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": false, + "role": 123 + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901493+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c4d77768", + "title": "PUT /api/admin/users/{id} - [type_coercion] role wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", + "rationale": "field \"role\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] role wrong_type_boolean", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": false, + "role": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901496+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-be44c91e", + "title": "PUT /api/admin/users/{id} - [unicode_fuzzing] role control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", + "rationale": "field \"role\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] role control_char", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": false, + "role": "hello\u0000world" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901606+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b1e60615", + "title": "PUT /api/admin/users/{id} - [unicode_fuzzing] role zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", + "rationale": "field \"role\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] role zero_width", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": false, + "role": "​hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901609+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a2217373", + "title": "PUT /api/admin/users/{id} - [unicode_fuzzing] role bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", + "rationale": "field \"role\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] role bidi_override", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": false, + "role": "‮hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901611+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4c95b987", + "title": "PUT /api/admin/users/{id} - [unicode_fuzzing] role overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", + "rationale": "field \"role\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] role overlong", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": false, + "role": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901613+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d015a170", + "title": "PUT /api/admin/users/{id} - [unicode_fuzzing] role zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", + "rationale": "field \"role\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] role zalgo", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": false, + "role": "z̀́̂̃̄̅̆̇a" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901617+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a6a6cd31", + "title": "PUT /api/admin/users/{id} - [mass_assignment] privilege probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "PUT /api/admin/users/{id} requestBody", + "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_PRIVILEGE" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] privilege probe", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "admin": true, + "isActive": true, + "isAdmin": true, + "is_admin": true, + "role": "__probe__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901757+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1054f864", + "title": "PUT /api/admin/users/{id} - [mass_assignment] status probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "PUT /api/admin/users/{id} requestBody", + "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_STATUS" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] status probe", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "approved": true, + "banned": false, + "disabled": false, + "isActive": true, + "role": "super_admin", + "verified": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901759+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-9e2cf67b", + "title": "PUT /api/admin/users/{id} - [mass_assignment] financial probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "PUT /api/admin/users/{id} requestBody", + "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_FINANCIAL" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] financial probe", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "balance": 1, + "credits": 1, + "discount": 0, + "isActive": true, + "price": 1, + "role": "super_admin" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901761+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4fb556e6", + "title": "PUT /api/admin/users/{id} - [mass_assignment] identity probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "PUT /api/admin/users/{id} requestBody", + "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_IDENTITY" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] identity probe", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "createdBy": "__probe__", + "isActive": true, + "ownerId": "__probe__", + "role": "super_admin", + "userId": "__probe__", + "user_id": "__probe__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901763+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b306fbb7", + "title": "PUT /api/admin/users/{id} - IDOR id=99999 (alt_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "PUT /api/admin/users/{id} parameters.id", + "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=99999 (alt_id)", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/99999", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901884+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1420839c", + "title": "PUT /api/admin/users/{id} - IDOR id=0 (zero_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "PUT /api/admin/users/{id} parameters.id", + "rationale": "IDOR probe: substituting id=0 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=0 (zero_id)", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/0", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.901886+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-978ae5a8", + "title": "GET /api/admin/teams - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "GET /api/admin/teams", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "GET", + "path": "/api/admin/teams", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.teams", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902048+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1e347647", + "title": "[OWASP-API2] GET /api/admin/teams — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/admin/teams", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "GET", + "path": "/api/admin/teams", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902101+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-17f73440", + "title": "POST /api/admin/teams - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /api/admin/teams", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Explicitly name the year before you enlist it.", + "displayName": "downstairs", + "name": "Amie Paul" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.isDefault", + "operator": "exists" + }, + { + "target": "body.isDeletable", + "operator": "exists" + }, + { + "target": "body.name", + "operator": "exists" + }, + { + "target": "body.createdAt", + "operator": "exists" + }, + { + "target": "body.description", + "operator": "exists" + }, + { + "target": "body.displayName", + "operator": "exists" + }, + { + "target": "body.id", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902269+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-11fe758b", + "title": "POST /api/admin/teams - missing required field \"name\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /api/admin/teams requestBody.properties.name", + "rationale": "invalid equivalence class: required field \"name\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"name\"", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Celebrate wins tied to the man.", + "displayName": "lastly" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902279+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-084178e7", + "title": "POST /api/admin/teams - name at min_valid boundary", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/admin/teams requestBody.properties.name", + "rationale": "boundary value analysis: name at min_valid", + "scenario": "STRING_MIN_LENGTH" + }, + "steps": [ + { + "id": "step-main", + "title": "name at min_valid boundary", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Set a realistic target for year.", + "displayName": "moreover", + "name": "X" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902377+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2ccbadc2", + "title": "POST /api/admin/teams - name at min_minus_one_invalid boundary", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/admin/teams requestBody.properties.name", + "rationale": "boundary value analysis: name at min_minus_one_invalid", + "scenario": "STRING_BELOW_MIN" + }, + "steps": [ + { + "id": "step-main", + "title": "name at min_minus_one_invalid boundary", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Set a realistic target for year.", + "displayName": "moreover", + "name": "s" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.90238+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b9c84944", + "title": "POST /api/admin/teams - name at max_valid boundary", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/admin/teams requestBody.properties.name", + "rationale": "boundary value analysis: name at max_valid", + "scenario": "STRING_MAX_LENGTH" + }, + "steps": [ + { + "id": "step-main", + "title": "name at max_valid boundary", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Set a realistic target for year.", + "displayName": "moreover", + "name": "QwCYspLXkpxGOghGBAQQBwflPXgoWvhGdSfHetGtYilHuuDTyQSJhKPGDgKczaCxDpqtPwSxTRBXZsvwyOKFUjPlXpiZYdiKJDkXXVdorLRBbSwkWgnsOYWFORpmxttOkrxBSpnwCjUTtdlyJAHEngHXxdIWDaffLvZkTZkWCJUVyiifCZgqSawuIlAGbEiAnDOroikvCBKifoHJslPiNnNblPtqCBgLmeBPgAYPdKbwYJijByQnQztRjhIMyOD" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902389+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5330751c", + "title": "POST /api/admin/teams - name at max_plus_one_invalid boundary", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/admin/teams requestBody.properties.name", + "rationale": "boundary value analysis: name at max_plus_one_invalid", + "scenario": "STRING_ABOVE_MAX" + }, + "steps": [ + { + "id": "step-main", + "title": "name at max_plus_one_invalid boundary", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Set a realistic target for year.", + "displayName": "moreover", + "name": "NsuMXKIpRYHIsYlDqMIwHXCpmoJEoGRjveFxqkteFFRHsDPXXDkOZQyCTvmlDediiHwswqMHROyBnxWdJtPOyhacYUuBuSvUUwXvrUKWVzudMnyjVntJuUYzBPFCotHeHkpYmkHdUOShzqofcgBtwMxJUjYmOXFRzNOHavFSdrdDbcwRZENjxPYAsrFWybsnpNXjCoirqTPMReAhczhfudWubkAFgtGBfAYCjEEcpOFGrDbNiwwxeNwTsovFnExW" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902408+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-bee426f4", + "title": "POST /api/admin/teams - idempotent: second call must be safe", + "kind": "chain", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "idempotency", + "spec_path": "POST /api/admin/teams", + "rationale": "POST is a write operation; test that repeat calls are safe" + }, + "steps": [ + { + "id": "step-setup", + "title": "POST /api/admin/teams — first call", + "type": "setup", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Theirs year do ready for idea.", + "displayName": "quality", + "name": "Lillie Hart" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + }, + { + "id": "step-test", + "title": "POST /api/admin/teams — identical second call must be safe", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Theirs year do ready for idea.", + "displayName": "quality", + "name": "Lillie Hart" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "labels": { + "type": "idempotency" + }, + "generated_at": "2026-05-06T21:30:41.90255+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-0f5c6cec", + "title": "[OWASP-API2] POST /api/admin/teams — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/teams", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902578+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e17876cf", + "title": "[OWASP-API6] POST /api/admin/teams — mass assignment", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api6-mass-assignment" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/teams", + "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" + }, + "steps": [ + { + "id": "step-1", + "title": "inject read-only fields in body", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "createdAt": "2000-01-01T00:00:00Z", + "description": "Prefer predictable government over surprising work.", + "displayName": "can", + "id": 99999, + "name": "Dane Bates", + "updatedAt": "2000-01-01T00:00:00Z" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 201 + }, + { + "target": "jsonpath $.id", + "operator": "ne", + "expected": 99999 + }, + { + "target": "jsonpath $.createdAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + }, + { + "target": "jsonpath $.updatedAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902585+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a582e336", + "title": "[OWASP-API7] POST /api/admin/teams — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/teams", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902587+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3e99ea9b", + "title": "[OWASP-API7] POST /api/admin/teams — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/teams", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "' OR 1=1--" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902589+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a1f1c968", + "title": "[OWASP-API7] POST /api/admin/teams — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/teams", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "../../../etc/passwd" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902592+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-80c70bf8", + "title": "POST /api/admin/teams - missing required field \"name\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /api/admin/teams requestBody.properties.name", + "rationale": "isolated failure: only \"name\" is absent; all other fields valid", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"name\"", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Track thing over time weekly.", + "displayName": "everybody" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902781+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-97aa6ff1", + "title": "POST /api/admin/teams - invalid name: empty string violates minLength 1", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /api/admin/teams requestBody.properties.name", + "rationale": "isolated failure: only \"name\" is invalid (empty string violates minLength 1); all other fields valid", + "scenario": "STRING_BELOW_MIN" + }, + "steps": [ + { + "id": "step-main", + "title": "invalid name: empty string violates minLength 1", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Track thing over time weekly.", + "displayName": "everybody", + "name": "" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902783+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-144ca893", + "title": "POST /api/admin/teams - [schema_violation] name_missing_required", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /api/admin/teams requestBody.properties.name", + "rationale": "required field \"name\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] name_missing_required", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Alert on person thresholds then.", + "displayName": "most" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902859+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2d1be97b", + "title": "POST /api/admin/teams - [schema_violation] name_too_short", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /api/admin/teams requestBody.properties.name", + "rationale": "name is empty, violates minLength 1" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] name_too_short", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Alert on person thresholds then.", + "displayName": "most", + "name": "" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902861+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-672e2bba", + "title": "POST /api/admin/teams - mutation: description null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams requestBody.description", + "rationale": "field \"description\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: description → null value", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": null, + "displayName": "his", + "name": "Alysson Tucker" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902939+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-569a3993", + "title": "POST /api/admin/teams - mutation: description empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams requestBody.description", + "rationale": "field \"description\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: description → empty string", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "", + "displayName": "his", + "name": "Alysson Tucker" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902942+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4d295fcc", + "title": "POST /api/admin/teams - mutation: description integer instead of string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams requestBody.description", + "rationale": "field \"description\" mutated with integer instead of string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: description → integer instead of string", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": 12345, + "displayName": "his", + "name": "Alysson Tucker" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902944+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-20eb5b64", + "title": "POST /api/admin/teams - mutation: description oversized string (300 chars)", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams requestBody.description", + "rationale": "field \"description\" mutated with oversized string (300 chars); API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: description → oversized string (300 chars)", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "displayName": "his", + "name": "Alysson Tucker" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902946+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-782f4da8", + "title": "POST /api/admin/teams - mutation: displayName null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams requestBody.displayName", + "rationale": "field \"displayName\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: displayName → null value", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "At this point the review, you want the number.", + "displayName": null, + "name": "Alysson Tucker" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902948+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-34993282", + "title": "POST /api/admin/teams - mutation: displayName empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams requestBody.displayName", + "rationale": "field \"displayName\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: displayName → empty string", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "At this point the review, you want the number.", + "displayName": "", + "name": "Alysson Tucker" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.90295+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c361779d", + "title": "POST /api/admin/teams - mutation: displayName integer instead of string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams requestBody.displayName", + "rationale": "field \"displayName\" mutated with integer instead of string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: displayName → integer instead of string", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "At this point the review, you want the number.", + "displayName": 12345, + "name": "Alysson Tucker" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902952+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b00969d7", + "title": "POST /api/admin/teams - mutation: displayName oversized string (300 chars)", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams requestBody.displayName", + "rationale": "field \"displayName\" mutated with oversized string (300 chars); API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: displayName → oversized string (300 chars)", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "At this point the review, you want the number.", + "displayName": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "name": "Alysson Tucker" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902954+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ec9e6e43", + "title": "POST /api/admin/teams - mutation: name null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams requestBody.name", + "rationale": "field \"name\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: name → null value", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "At this point the review, you want the number.", + "displayName": "his", + "name": null + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902956+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e4058fd4", + "title": "POST /api/admin/teams - mutation: name empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams requestBody.name", + "rationale": "field \"name\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: name → empty string", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "At this point the review, you want the number.", + "displayName": "his", + "name": "" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.902959+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5294fe7b", + "title": "POST /api/admin/teams - null injection: description", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/admin/teams requestBody.properties.description", + "rationale": "field \"description\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: description", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": null, + "displayName": "should", + "name": "Chloe Oliver" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.903338+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-acaa7cdb", + "title": "POST /api/admin/teams - null injection: displayName", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/admin/teams requestBody.properties.displayName", + "rationale": "field \"displayName\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: displayName", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Explicitly name the person before you wrap it.", + "displayName": null, + "name": "Chloe Oliver" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.90334+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-abe4e3e2", + "title": "POST /api/admin/teams - null injection: name", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/admin/teams requestBody.properties.name", + "rationale": "field \"name\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: name", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Explicitly name the person before you wrap it.", + "displayName": "should", + "name": null + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.903342+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-bd5b4e9e", + "title": "POST /api/admin/teams - wrong content-type (text/plain)", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/admin/teams requestBody", + "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", + "scenario": "WRONG_CONTENT_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "wrong content-type (text/plain)", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "text/plain" + }, + "body": { + "description": "Explicitly name the person before you wrap it.", + "displayName": "should", + "name": "Chloe Oliver" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 415 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.903345+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1aea557e", + "title": "POST /api/admin/teams - [type_coercion] description wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/teams requestBody.properties.description", + "rationale": "field \"description\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] description wrong_type_integer", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": 123, + "displayName": "yet", + "name": "Ardith Cole" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.903492+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-bf50b6f1", + "title": "POST /api/admin/teams - [type_coercion] description wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/teams requestBody.properties.description", + "rationale": "field \"description\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] description wrong_type_boolean", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": true, + "displayName": "yet", + "name": "Ardith Cole" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.903494+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-759d30e5", + "title": "POST /api/admin/teams - [type_coercion] displayName wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/teams requestBody.properties.displayName", + "rationale": "field \"displayName\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] displayName wrong_type_integer", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Map the happy path through part.", + "displayName": 123, + "name": "Ardith Cole" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.903496+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-97c4c8ca", + "title": "POST /api/admin/teams - [type_coercion] displayName wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/teams requestBody.properties.displayName", + "rationale": "field \"displayName\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] displayName wrong_type_boolean", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Map the happy path through part.", + "displayName": true, + "name": "Ardith Cole" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.903499+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-05c0d231", + "title": "POST /api/admin/teams - [type_coercion] name wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/teams requestBody.properties.name", + "rationale": "field \"name\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] name wrong_type_integer", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Map the happy path through part.", + "displayName": "yet", + "name": 123 + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.903501+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b516cdc6", + "title": "POST /api/admin/teams - [type_coercion] name wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/teams requestBody.properties.name", + "rationale": "field \"name\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] name wrong_type_boolean", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Map the happy path through part.", + "displayName": "yet", + "name": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.903503+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8656dd0b", + "title": "POST /api/admin/teams - [unicode_fuzzing] description control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams requestBody.properties.description", + "rationale": "field \"description\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] description control_char", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "hello\u0000world", + "displayName": "example", + "name": "Thomas Castillo" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.903767+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5161dc9c", + "title": "POST /api/admin/teams - [unicode_fuzzing] description zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams requestBody.properties.description", + "rationale": "field \"description\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] description zero_width", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "​hello", + "displayName": "example", + "name": "Thomas Castillo" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.90377+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d96ca637", + "title": "POST /api/admin/teams - [unicode_fuzzing] description bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams requestBody.properties.description", + "rationale": "field \"description\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] description bidi_override", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "‮hello", + "displayName": "example", + "name": "Thomas Castillo" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.903773+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-432c6afa", + "title": "POST /api/admin/teams - [unicode_fuzzing] description overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams requestBody.properties.description", + "rationale": "field \"description\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] description overlong", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "displayName": "example", + "name": "Thomas Castillo" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.903776+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-760794e2", + "title": "POST /api/admin/teams - [unicode_fuzzing] description zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams requestBody.properties.description", + "rationale": "field \"description\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] description zalgo", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "z̀́̂̃̄̅̆̇a", + "displayName": "example", + "name": "Thomas Castillo" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.903778+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7ead4ab7", + "title": "POST /api/admin/teams - [unicode_fuzzing] displayName control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams requestBody.properties.displayName", + "rationale": "field \"displayName\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] displayName control_char", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Review the woman every 2 weeks.", + "displayName": "hello\u0000world", + "name": "Thomas Castillo" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.903783+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8b028ce1", + "title": "POST /api/admin/teams - [unicode_fuzzing] displayName zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams requestBody.properties.displayName", + "rationale": "field \"displayName\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] displayName zero_width", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Review the woman every 2 weeks.", + "displayName": "​hello", + "name": "Thomas Castillo" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.903786+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-693c8224", + "title": "POST /api/admin/teams - [unicode_fuzzing] displayName bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams requestBody.properties.displayName", + "rationale": "field \"displayName\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] displayName bidi_override", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Review the woman every 2 weeks.", + "displayName": "‮hello", + "name": "Thomas Castillo" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.903788+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3d12d252", + "title": "POST /api/admin/teams - [unicode_fuzzing] displayName overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams requestBody.properties.displayName", + "rationale": "field \"displayName\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] displayName overlong", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Review the woman every 2 weeks.", + "displayName": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "name": "Thomas Castillo" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.90379+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6474b9c1", + "title": "POST /api/admin/teams - [unicode_fuzzing] displayName zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams requestBody.properties.displayName", + "rationale": "field \"displayName\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] displayName zalgo", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Review the woman every 2 weeks.", + "displayName": "z̀́̂̃̄̅̆̇a", + "name": "Thomas Castillo" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.903793+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4e8b3875", + "title": "POST /api/admin/teams - [unicode_fuzzing] name control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams requestBody.properties.name", + "rationale": "field \"name\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] name control_char", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Review the woman every 2 weeks.", + "displayName": "example", + "name": "hello\u0000world" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.903796+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-76a6b2ca", + "title": "POST /api/admin/teams - [unicode_fuzzing] name zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams requestBody.properties.name", + "rationale": "field \"name\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] name zero_width", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Review the woman every 2 weeks.", + "displayName": "example", + "name": "​hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.903798+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-19447855", + "title": "POST /api/admin/teams - [unicode_fuzzing] name bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams requestBody.properties.name", + "rationale": "field \"name\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] name bidi_override", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Review the woman every 2 weeks.", + "displayName": "example", + "name": "‮hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.9038+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ee78ddc5", + "title": "POST /api/admin/teams - [unicode_fuzzing] name overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams requestBody.properties.name", + "rationale": "field \"name\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] name overlong", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Review the woman every 2 weeks.", + "displayName": "example", + "name": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.903802+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b42d8584", + "title": "POST /api/admin/teams - [unicode_fuzzing] name zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams requestBody.properties.name", + "rationale": "field \"name\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] name zalgo", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Review the woman every 2 weeks.", + "displayName": "example", + "name": "z̀́̂̃̄̅̆̇a" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.903804+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ed2bac60", + "title": "POST /api/admin/teams - [mass_assignment] privilege probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/admin/teams requestBody", + "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_PRIVILEGE" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] privilege probe", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "admin": true, + "description": "Prefer predictable group over surprising thing.", + "displayName": "tensely", + "isAdmin": true, + "is_admin": true, + "name": "Jalen Lyons", + "role": "__probe__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.904384+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-9b89bdf9", + "title": "POST /api/admin/teams - [mass_assignment] status probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/admin/teams requestBody", + "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_STATUS" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] status probe", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "approved": true, + "banned": false, + "description": "Prefer predictable group over surprising thing.", + "disabled": false, + "displayName": "tensely", + "name": "Jalen Lyons", + "verified": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.90439+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3c2025cc", + "title": "POST /api/admin/teams - [mass_assignment] financial probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/admin/teams requestBody", + "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_FINANCIAL" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] financial probe", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "balance": 1, + "credits": 1, + "description": "Prefer predictable group over surprising thing.", + "discount": 0, + "displayName": "tensely", + "name": "Jalen Lyons", + "price": 1 + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.904392+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-82f380ef", + "title": "POST /api/admin/teams - [mass_assignment] identity probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/admin/teams requestBody", + "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_IDENTITY" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] identity probe", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "createdBy": "__probe__", + "description": "Prefer predictable group over surprising thing.", + "displayName": "tensely", + "name": "Jalen Lyons", + "ownerId": "__probe__", + "userId": "__probe__", + "user_id": "__probe__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.904394+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-787507a6", + "title": "POST /api/admin/teams - [field_boundary] name valid_min", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "field_boundary", + "spec_path": "POST /api/admin/teams requestBody.name", + "rationale": "field \"name\" boundary test: valid_min", + "scenario": "FIELD_BOUNDARY_VALID" + }, + "steps": [ + { + "id": "step-main", + "title": "[field_boundary] name valid_min", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Guard world with sensible limits.", + "displayName": "those", + "name": "a" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 200 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.90454+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f9b893d9", + "title": "POST /api/admin/teams - [field_boundary] name invalid_below_min", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "field_boundary", + "spec_path": "POST /api/admin/teams requestBody.name", + "rationale": "field \"name\" boundary test: invalid_below_min", + "scenario": "FIELD_BOUNDARY_INVALID" + }, + "steps": [ + { + "id": "step-main", + "title": "[field_boundary] name invalid_below_min", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "The lingering fact been unexpectedly tensely.", + "displayName": "yours", + "name": "" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.904548+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7a6a3b1a", + "title": "POST /api/admin/teams - [required_omission] name absent", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "required_omission", + "spec_path": "POST /api/admin/teams requestBody.name", + "rationale": "required field \"name\" omitted entirely (not null) — server must reject with 4xx", + "scenario": "REQUIRED_OMISSION" + }, + "steps": [ + { + "id": "step-main", + "title": "[required_omission] name absent", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Sample week at 11s intervals.", + "displayName": "annually" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.904616+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-abcd14ab", + "title": "GET /api/tokens - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "GET /api/tokens", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "GET", + "path": "/api/tokens", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.tokens", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.904756+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-dcecca87", + "title": "[OWASP-API2] GET /api/tokens — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/tokens", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "GET", + "path": "/api/tokens", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.904818+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6a65bf78", + "title": "POST /api/tokens - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /api/tokens", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Allison Hunter", + "scope": "read" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.name", + "operator": "exists" + }, + { + "target": "body.prefix", + "operator": "exists" + }, + { + "target": "body.scope", + "operator": "exists" + }, + { + "target": "body.token", + "operator": "exists" + }, + { + "target": "body.createdAt", + "operator": "exists" + }, + { + "target": "body.id", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.904975+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5566a91f", + "title": "POST /api/tokens - missing required field \"name\"", + "kind": "single", + "priority": "P1", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /api/tokens requestBody.properties.name", + "rationale": "invalid equivalence class: required field \"name\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"name\"", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "scope": "read" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.904982+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-aa18d499", + "title": "POST /api/tokens - missing required field \"scope\"", + "kind": "single", + "priority": "P1", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /api/tokens requestBody.properties.scope", + "rationale": "invalid equivalence class: required field \"scope\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"scope\"", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Lawrence Braun" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.904986+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1c063dd5", + "title": "POST /api/tokens - name at min_valid boundary", + "kind": "single", + "priority": "P1", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/tokens requestBody.properties.name", + "rationale": "boundary value analysis: name at min_valid", + "scenario": "STRING_MIN_LENGTH" + }, + "steps": [ + { + "id": "step-main", + "title": "name at min_valid boundary", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Y", + "scope": "read" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.90514+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d08f5a90", + "title": "POST /api/tokens - name at min_minus_one_invalid boundary", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/tokens requestBody.properties.name", + "rationale": "boundary value analysis: name at min_minus_one_invalid", + "scenario": "STRING_BELOW_MIN" + }, + "steps": [ + { + "id": "step-main", + "title": "name at min_minus_one_invalid boundary", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "e", + "scope": "read" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.905143+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a0247f03", + "title": "POST /api/tokens - name at max_valid boundary", + "kind": "single", + "priority": "P1", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/tokens requestBody.properties.name", + "rationale": "boundary value analysis: name at max_valid", + "scenario": "STRING_MAX_LENGTH" + }, + "steps": [ + { + "id": "step-main", + "title": "name at max_valid boundary", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "dIcVzeAXIpwOMzbhuWAKvYpdHpXhDnlquznBMpHNObsplNJMCmfagUMlgmyfFcxjiOSjnDPJMExECRCIPMONUmxCjiZwOKphjBRzxRgqBHCPWiUvPVxGpuIuOwqcjGDtPEXvUFwTFgNBEKmwQejgeRCcxYCgaGRusgCHYhGuMkhuWBKpkpOWZMOWQrWAqMGwVOnWXHenTnRwxoXQNWVzoLuAeLfEUWmvtOaUOzDopkvdpjDJgEGrzToimadBCbq", + "scope": "read" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.905152+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7b3217ba", + "title": "POST /api/tokens - name at max_plus_one_invalid boundary", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/tokens requestBody.properties.name", + "rationale": "boundary value analysis: name at max_plus_one_invalid", + "scenario": "STRING_ABOVE_MAX" + }, + "steps": [ + { + "id": "step-main", + "title": "name at max_plus_one_invalid boundary", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "gZkkKaBcgUUrJhMvMmXsjgUJDOfrVpkfGCKVAUujjHuMbmjqYrroOdpRDCHXNKftgwkIjzdVDnyjNbwYqqZrajsqPvSTaCwhMFwMjAZyBQIjmghcfkelirBpAPxhbuYkwsodExCcRneWXSlyLvtcufLRHJWucpZNlpPiKuSLlicpZPdObnVxJdhXykuHmqCapfBevaSSFSPEtYlzUlPAVbisIBFXneKSEoFFcgPCMSeUhOCBMxaqhfiLFJvQwWsX", + "scope": "read" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.905161+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-85621889", + "title": "POST /api/tokens - idempotent: second call must be safe", + "kind": "chain", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "idempotency", + "spec_path": "POST /api/tokens", + "rationale": "POST is a write operation; test that repeat calls are safe" + }, + "steps": [ + { + "id": "step-setup", + "title": "POST /api/tokens — first call", + "type": "setup", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Kaya Saunders", + "scope": "read" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + }, + { + "id": "step-test", + "title": "POST /api/tokens — identical second call must be safe", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Kaya Saunders", + "scope": "read" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "labels": { + "type": "idempotency" + }, + "generated_at": "2026-05-06T21:30:41.905324+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-9e6576d2", + "title": "[OWASP-API2] POST /api/tokens — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/tokens", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.905369+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d9979992", + "title": "[OWASP-API6] POST /api/tokens — mass assignment", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api6-mass-assignment" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/tokens", + "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" + }, + "steps": [ + { + "id": "step-1", + "title": "inject read-only fields in body", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "createdAt": "2000-01-01T00:00:00Z", + "id": 99999, + "name": "Marianne Nolan", + "scope": "write", + "updatedAt": "2000-01-01T00:00:00Z" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 201 + }, + { + "target": "jsonpath $.updatedAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + }, + { + "target": "jsonpath $.id", + "operator": "ne", + "expected": 99999 + }, + { + "target": "jsonpath $.createdAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.905373+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8157a3a5", + "title": "[OWASP-API7] POST /api/tokens — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/tokens", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "scope": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.905375+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1df31a27", + "title": "[OWASP-API7] POST /api/tokens — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/tokens", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "scope": "' OR 1=1--" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.905377+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-26975d5c", + "title": "[OWASP-API7] POST /api/tokens — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/tokens", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "scope": "../../../etc/passwd" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.905378+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-75703d6a", + "title": "POST /api/tokens - missing required field \"name\"", + "kind": "single", + "priority": "P1", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /api/tokens requestBody.properties.name", + "rationale": "isolated failure: only \"name\" is absent; all other fields valid", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"name\"", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "scope": "read" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.905607+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6284c90d", + "title": "POST /api/tokens - missing required field \"scope\"", + "kind": "single", + "priority": "P1", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /api/tokens requestBody.properties.scope", + "rationale": "isolated failure: only \"scope\" is absent; all other fields valid", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"scope\"", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Damion Rivera" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.905609+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b579ade9", + "title": "POST /api/tokens - invalid name: empty string violates minLength 1", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /api/tokens requestBody.properties.name", + "rationale": "isolated failure: only \"name\" is invalid (empty string violates minLength 1); all other fields valid", + "scenario": "STRING_BELOW_MIN" + }, + "steps": [ + { + "id": "step-main", + "title": "invalid name: empty string violates minLength 1", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "", + "scope": "read" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.905611+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a9cdb025", + "title": "POST /api/tokens - invalid scope: value not in enum", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /api/tokens requestBody.properties.scope", + "rationale": "isolated failure: only \"scope\" is invalid (value not in enum); all other fields valid", + "scenario": "ENUM_INVALID" + }, + "steps": [ + { + "id": "step-main", + "title": "invalid scope: value not in enum", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Damion Rivera", + "scope": "__invalid_enum__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.905615+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c2cef5a1", + "title": "POST /api/tokens - [schema_violation] name_missing_required", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /api/tokens requestBody.properties.name", + "rationale": "required field \"name\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] name_missing_required", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "scope": "read" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.906058+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ad285328", + "title": "POST /api/tokens - [schema_violation] scope_missing_required", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /api/tokens requestBody.properties.scope", + "rationale": "required field \"scope\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] scope_missing_required", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Bonita Hermann" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.90607+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-bf65e63e", + "title": "POST /api/tokens - [schema_violation] name_too_short", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /api/tokens requestBody.properties.name", + "rationale": "name is empty, violates minLength 1" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] name_too_short", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "", + "scope": "read" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.906075+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a6a38420", + "title": "POST /api/tokens - [schema_violation] scope_invalid_enum", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /api/tokens requestBody.properties.scope", + "rationale": "scope=\"__invalid__\" is not in enum [read write]" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] scope_invalid_enum", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Bonita Hermann", + "scope": "__invalid__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.906082+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-816809db", + "title": "POST /api/tokens - mutation: name null value", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/tokens requestBody.name", + "rationale": "field \"name\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: name → null value", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": null, + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.906335+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-188465c8", + "title": "POST /api/tokens - mutation: name empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/tokens requestBody.name", + "rationale": "field \"name\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: name → empty string", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "", + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.906346+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-30aabbdc", + "title": "POST /api/tokens - mutation: name integer instead of string", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/tokens requestBody.name", + "rationale": "field \"name\" mutated with integer instead of string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: name → integer instead of string", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": 12345, + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.906351+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8c9976d8", + "title": "POST /api/tokens - mutation: name oversized string (300 chars)", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/tokens requestBody.name", + "rationale": "field \"name\" mutated with oversized string (300 chars); API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: name → oversized string (300 chars)", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.906357+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-75bc6e95", + "title": "POST /api/tokens - mutation: scope null value", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/tokens requestBody.scope", + "rationale": "field \"scope\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: scope → null value", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Clifford Ruiz", + "scope": null + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.906371+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c8cd2aed", + "title": "POST /api/tokens - mutation: scope empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/tokens requestBody.scope", + "rationale": "field \"scope\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: scope → empty string", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Clifford Ruiz", + "scope": "" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.906375+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-745ea604", + "title": "POST /api/tokens - mutation: scope integer instead of string", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/tokens requestBody.scope", + "rationale": "field \"scope\" mutated with integer instead of string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: scope → integer instead of string", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Clifford Ruiz", + "scope": 12345 + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.906379+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4d189659", + "title": "POST /api/tokens - mutation: scope oversized string (300 chars)", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/tokens requestBody.scope", + "rationale": "field \"scope\" mutated with oversized string (300 chars); API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: scope → oversized string (300 chars)", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Clifford Ruiz", + "scope": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.906383+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-97bd0c77", + "title": "POST /api/tokens - null injection: name", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/tokens requestBody.properties.name", + "rationale": "field \"name\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: name", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": null, + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.906877+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-0b4d216c", + "title": "POST /api/tokens - null injection: scope", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/tokens requestBody.properties.scope", + "rationale": "field \"scope\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: scope", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Evelyn Coleman", + "scope": null + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.90688+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b0b71990", + "title": "POST /api/tokens - wrong content-type (text/plain)", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/tokens requestBody", + "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", + "scenario": "WRONG_CONTENT_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "wrong content-type (text/plain)", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "text/plain" + }, + "body": { + "name": "Evelyn Coleman", + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 415 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.906882+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-9bc60d9a", + "title": "POST /api/tokens - [type_coercion] name wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/tokens requestBody.properties.name", + "rationale": "field \"name\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] name wrong_type_integer", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": 123, + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.907024+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-bd1e61be", + "title": "POST /api/tokens - [type_coercion] name wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/tokens requestBody.properties.name", + "rationale": "field \"name\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] name wrong_type_boolean", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": true, + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.907027+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-9bf5d669", + "title": "POST /api/tokens - [type_coercion] scope wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/tokens requestBody.properties.scope", + "rationale": "field \"scope\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] scope wrong_type_integer", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Nathanael Connelly", + "scope": 123 + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.90703+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-28d94662", + "title": "POST /api/tokens - [type_coercion] scope wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/tokens requestBody.properties.scope", + "rationale": "field \"scope\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] scope wrong_type_boolean", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Nathanael Connelly", + "scope": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.907032+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-fc869137", + "title": "POST /api/tokens - [unicode_fuzzing] name control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/tokens requestBody.properties.name", + "rationale": "field \"name\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] name control_char", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "hello\u0000world", + "scope": "read" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.907222+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6f9f1e83", + "title": "POST /api/tokens - [unicode_fuzzing] name zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/tokens requestBody.properties.name", + "rationale": "field \"name\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] name zero_width", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "​hello", + "scope": "read" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.907225+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-33a5a9d7", + "title": "POST /api/tokens - [unicode_fuzzing] name bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/tokens requestBody.properties.name", + "rationale": "field \"name\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] name bidi_override", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "‮hello", + "scope": "read" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.907227+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4faf49f0", + "title": "POST /api/tokens - [unicode_fuzzing] name overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/tokens requestBody.properties.name", + "rationale": "field \"name\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] name overlong", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "scope": "read" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.90723+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-431d2bbf", + "title": "POST /api/tokens - [unicode_fuzzing] name zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/tokens requestBody.properties.name", + "rationale": "field \"name\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] name zalgo", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "z̀́̂̃̄̅̆̇a", + "scope": "read" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.907232+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-0d728fca", + "title": "POST /api/tokens - [unicode_fuzzing] scope control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/tokens requestBody.properties.scope", + "rationale": "field \"scope\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] scope control_char", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Amelia Cummings", + "scope": "hello\u0000world" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.907236+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6b8f84d1", + "title": "POST /api/tokens - [unicode_fuzzing] scope zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/tokens requestBody.properties.scope", + "rationale": "field \"scope\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] scope zero_width", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Amelia Cummings", + "scope": "​hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.907243+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8643ca22", + "title": "POST /api/tokens - [unicode_fuzzing] scope bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/tokens requestBody.properties.scope", + "rationale": "field \"scope\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] scope bidi_override", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Amelia Cummings", + "scope": "‮hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.907245+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8adfe998", + "title": "POST /api/tokens - [unicode_fuzzing] scope overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/tokens requestBody.properties.scope", + "rationale": "field \"scope\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] scope overlong", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Amelia Cummings", + "scope": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.907247+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-734aea93", + "title": "POST /api/tokens - [unicode_fuzzing] scope zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/tokens requestBody.properties.scope", + "rationale": "field \"scope\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] scope zalgo", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Amelia Cummings", + "scope": "z̀́̂̃̄̅̆̇a" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.907249+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2411ba2b", + "title": "POST /api/tokens - [mass_assignment] privilege probe", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/tokens requestBody", + "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_PRIVILEGE" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] privilege probe", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "admin": true, + "isAdmin": true, + "is_admin": true, + "name": "Jalen Phillips", + "role": "__probe__", + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.907695+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-248852e9", + "title": "POST /api/tokens - [mass_assignment] status probe", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/tokens requestBody", + "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_STATUS" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] status probe", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "approved": true, + "banned": false, + "disabled": false, + "name": "Jalen Phillips", + "scope": "write", + "verified": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.907697+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b896a4fe", + "title": "POST /api/tokens - [mass_assignment] financial probe", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/tokens requestBody", + "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_FINANCIAL" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] financial probe", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "balance": 1, + "credits": 1, + "discount": 0, + "name": "Jalen Phillips", + "price": 1, + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.907699+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b46880dc", + "title": "POST /api/tokens - [mass_assignment] identity probe", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/tokens requestBody", + "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_IDENTITY" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] identity probe", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "createdBy": "__probe__", + "name": "Jalen Phillips", + "ownerId": "__probe__", + "scope": "write", + "userId": "__probe__", + "user_id": "__probe__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.907701+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-041bf0da", + "title": "POST /api/tokens - [field_boundary] name valid_min", + "kind": "single", + "priority": "P1", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "field_boundary", + "spec_path": "POST /api/tokens requestBody.name", + "rationale": "field \"name\" boundary test: valid_min", + "scenario": "FIELD_BOUNDARY_VALID" + }, + "steps": [ + { + "id": "step-main", + "title": "[field_boundary] name valid_min", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "a", + "scope": "read" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 200 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.907874+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-107263c8", + "title": "POST /api/tokens - [field_boundary] name invalid_below_min", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "field_boundary", + "spec_path": "POST /api/tokens requestBody.name", + "rationale": "field \"name\" boundary test: invalid_below_min", + "scenario": "FIELD_BOUNDARY_INVALID" + }, + "steps": [ + { + "id": "step-main", + "title": "[field_boundary] name invalid_below_min", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "", + "scope": "read" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.907877+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b998dc1a", + "title": "POST /api/tokens - [required_omission] name absent", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "required_omission", + "spec_path": "POST /api/tokens requestBody.name", + "rationale": "required field \"name\" omitted entirely (not null) — server must reject with 4xx", + "scenario": "REQUIRED_OMISSION" + }, + "steps": [ + { + "id": "step-main", + "title": "[required_omission] name absent", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.907964+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-fcb3e065", + "title": "POST /api/tokens - [required_omission] scope absent", + "kind": "single", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "required_omission", + "spec_path": "POST /api/tokens requestBody.scope", + "rationale": "required field \"scope\" omitted entirely (not null) — server must reject with 4xx", + "scenario": "REQUIRED_OMISSION" + }, + "steps": [ + { + "id": "step-main", + "title": "[required_omission] scope absent", + "type": "test", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Macey Wolfe" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.907967+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a517ccf9", + "title": "POST /auth/logout - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Auth" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /auth/logout", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "POST", + "path": "/auth/logout", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.ok", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.90814+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-cf0be90a", + "title": "POST /auth/logout - idempotent: second call must be safe", + "kind": "chain", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "idempotency", + "spec_path": "POST /auth/logout", + "rationale": "POST is a write operation; test that repeat calls are safe" + }, + "steps": [ + { + "id": "step-setup", + "title": "POST /auth/logout — first call", + "type": "setup", + "method": "POST", + "path": "/auth/logout", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + }, + { + "id": "step-test", + "title": "POST /auth/logout — identical second call must be safe", + "type": "test", + "method": "POST", + "path": "/auth/logout", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "labels": { + "type": "idempotency" + }, + "generated_at": "2026-05-06T21:30:41.908207+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f1d4a7ff", + "title": "GET /api/admin/teams/{id}/members - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "GET /api/admin/teams/{id}/members", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{id}/members", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.members", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.908347+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-be93ffb9", + "title": "[OWASP-API1] GET /api/admin/teams/{id}/members — BOLA unauthorized access", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api1-bola" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/admin/teams/{id}/members", + "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access other user's resource", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{{other_resource_id}}/members", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.908417+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-942888a7", + "title": "[OWASP-API2] GET /api/admin/teams/{id}/members — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/admin/teams/{id}/members", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{id}/members", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.908418+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-9935c2df", + "title": "[OWASP-API7] GET /api/admin/teams/{id}/members — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/admin/teams/{id}/members", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/members", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.908421+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-05eacd8d", + "title": "[OWASP-API7] GET /api/admin/teams/{id}/members — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/admin/teams/{id}/members", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/%27%20OR%201=1--/members", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.908422+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c5fcb2bd", + "title": "[OWASP-API7] GET /api/admin/teams/{id}/members — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/admin/teams/{id}/members", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/members", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.908424+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-724cd05d", + "title": "GET /api/admin/teams/{id}/members - missing required param \"id\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "GET /api/admin/teams/{id}/members parameters.id", + "rationale": "isolated failure: required param \"id\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"id\"", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/1/members", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.908669+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4af55f13", + "title": "GET /api/admin/teams/{id}/members - IDOR id=99999 (alt_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "GET /api/admin/teams/{id}/members parameters.id", + "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=99999 (alt_id)", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/99999/members", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.908724+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8d769a8b", + "title": "GET /api/admin/teams/{id}/members - IDOR id=0 (zero_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "GET /api/admin/teams/{id}/members parameters.id", + "rationale": "IDOR probe: substituting id=0 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=0 (zero_id)", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/0/members", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.908726+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-17f7b78e", + "title": "POST /api/admin/teams/{id}/members - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /api/admin/teams/{id}/members", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "member", + "userId": "a3bd36d6-0660-42cd-82e2-4ffe231776bc" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.ok", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.908902+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-aea81fb1", + "title": "POST /api/admin/teams/{id}/members - missing required field \"userId\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.userId", + "rationale": "invalid equivalence class: required field \"userId\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"userId\"", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "owner" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.908907+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-fce8d8db", + "title": "POST /api/admin/teams/{id}/members - idempotent: second call must be safe", + "kind": "chain", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "idempotency", + "spec_path": "POST /api/admin/teams/{id}/members", + "rationale": "POST is a write operation; test that repeat calls are safe" + }, + "steps": [ + { + "id": "step-setup", + "title": "POST /api/admin/teams/{id}/members — first call", + "type": "setup", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "member", + "userId": "f78fd0f2-6376-4a2b-8124-8006f5d96d4a" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + }, + { + "id": "step-test", + "title": "POST /api/admin/teams/{id}/members — identical second call must be safe", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "member", + "userId": "f78fd0f2-6376-4a2b-8124-8006f5d96d4a" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "labels": { + "type": "idempotency" + }, + "generated_at": "2026-05-06T21:30:41.909032+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-bc997516", + "title": "[OWASP-API1] POST /api/admin/teams/{id}/members — BOLA unauthorized access", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api1-bola" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/teams/{id}/members", + "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access other user's resource", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{{other_resource_id}}/members", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.909082+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d1200108", + "title": "[OWASP-API2] POST /api/admin/teams/{id}/members — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/teams/{id}/members", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.909083+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5a01a3ba", + "title": "[OWASP-API6] POST /api/admin/teams/{id}/members — mass assignment", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api6-mass-assignment" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/teams/{id}/members", + "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" + }, + "steps": [ + { + "id": "step-1", + "title": "inject read-only fields in body", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "createdAt": "2000-01-01T00:00:00Z", + "id": 99999, + "role": "owner", + "updatedAt": "2000-01-01T00:00:00Z", + "userId": "4409317f-6972-4069-8ed6-942e90d42ec2" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 201 + }, + { + "target": "jsonpath $.id", + "operator": "ne", + "expected": 99999 + }, + { + "target": "jsonpath $.createdAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + }, + { + "target": "jsonpath $.updatedAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.909087+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-dd4d8c19", + "title": "[OWASP-API7] POST /api/admin/teams/{id}/members — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/teams/{id}/members", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/members", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.90909+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5a3931f1", + "title": "[OWASP-API7] POST /api/admin/teams/{id}/members — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/teams/{id}/members", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/%27%20OR%201=1--/members", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.909092+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-60a70815", + "title": "[OWASP-API7] POST /api/admin/teams/{id}/members — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/teams/{id}/members", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/members", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.909093+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4eda623b", + "title": "POST /api/admin/teams/{id}/members - missing required field \"userId\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.userId", + "rationale": "isolated failure: only \"userId\" is absent; all other fields valid", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"userId\"", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "member" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.909407+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-54b6ea73", + "title": "POST /api/admin/teams/{id}/members - invalid role: value not in enum", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.role", + "rationale": "isolated failure: only \"role\" is invalid (value not in enum); all other fields valid", + "scenario": "ENUM_INVALID" + }, + "steps": [ + { + "id": "step-main", + "title": "invalid role: value not in enum", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "__invalid_enum__", + "userId": "45cf0fb5-a53d-4f38-94af-85fabe94e394" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.909409+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e44fc900", + "title": "POST /api/admin/teams/{id}/members - missing required param \"id\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /api/admin/teams/{id}/members parameters.id", + "rationale": "isolated failure: required param \"id\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"id\"", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/1/members", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.909411+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-71efcd62", + "title": "POST /api/admin/teams/{id}/members - [schema_violation] userId_missing_required", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.userId", + "rationale": "required field \"userId\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] userId_missing_required", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "member" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.909567+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1d2b8bb8", + "title": "POST /api/admin/teams/{id}/members - [schema_violation] role_invalid_enum", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.role", + "rationale": "role=\"__invalid__\" is not in enum [owner member]" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] role_invalid_enum", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "__invalid__", + "userId": "b28b1b32-e5b1-4269-b005-d53ff9fd5a8d" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.909569+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-aff2608e", + "title": "POST /api/admin/teams/{id}/members - mutation: role null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.role", + "rationale": "field \"role\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: role → null value", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": null, + "userId": "eb5af601-571e-49ce-a28d-f33fe87bc344" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.909673+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-0cb69d90", + "title": "POST /api/admin/teams/{id}/members - mutation: role empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.role", + "rationale": "field \"role\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: role → empty string", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "", + "userId": "eb5af601-571e-49ce-a28d-f33fe87bc344" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.909675+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-dc8849f5", + "title": "POST /api/admin/teams/{id}/members - mutation: role integer instead of string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.role", + "rationale": "field \"role\" mutated with integer instead of string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: role → integer instead of string", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": 12345, + "userId": "eb5af601-571e-49ce-a28d-f33fe87bc344" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.909677+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-977e71fa", + "title": "POST /api/admin/teams/{id}/members - mutation: role oversized string (300 chars)", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.role", + "rationale": "field \"role\" mutated with oversized string (300 chars); API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: role → oversized string (300 chars)", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "userId": "eb5af601-571e-49ce-a28d-f33fe87bc344" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.90968+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8e4fd867", + "title": "POST /api/admin/teams/{id}/members - mutation: userId null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.userId", + "rationale": "field \"userId\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: userId → null value", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "member", + "userId": null + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.909682+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b3beebbb", + "title": "POST /api/admin/teams/{id}/members - mutation: userId empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.userId", + "rationale": "field \"userId\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: userId → empty string", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "member", + "userId": "" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.909684+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d8212bc8", + "title": "POST /api/admin/teams/{id}/members - mutation: userId integer instead of string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.userId", + "rationale": "field \"userId\" mutated with integer instead of string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: userId → integer instead of string", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "member", + "userId": 12345 + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.909686+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5739a85b", + "title": "POST /api/admin/teams/{id}/members - mutation: userId oversized string (300 chars)", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.userId", + "rationale": "field \"userId\" mutated with oversized string (300 chars); API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: userId → oversized string (300 chars)", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "member", + "userId": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.909688+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a2c2e196", + "title": "POST /api/admin/teams/{id}/members - null injection: role", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.role", + "rationale": "field \"role\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: role", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": null, + "userId": "b6f51cc4-2389-42c5-a864-35545c08cda9" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.910109+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1b45482b", + "title": "POST /api/admin/teams/{id}/members - null injection: userId", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.userId", + "rationale": "field \"userId\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: userId", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "owner", + "userId": null + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.910111+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-0f904569", + "title": "POST /api/admin/teams/{id}/members - wrong content-type (text/plain)", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/admin/teams/{id}/members requestBody", + "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", + "scenario": "WRONG_CONTENT_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "wrong content-type (text/plain)", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "text/plain" + }, + "body": { + "role": "owner", + "userId": "b6f51cc4-2389-42c5-a864-35545c08cda9" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 415 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.910113+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-95fd239a", + "title": "POST /api/admin/teams/{id}/members - [type_coercion] role wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.role", + "rationale": "field \"role\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] role wrong_type_integer", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": 123, + "userId": "8aa00d9d-7b81-42a4-830e-092302d2f2c4" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.910267+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2a4f0269", + "title": "POST /api/admin/teams/{id}/members - [type_coercion] role wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.role", + "rationale": "field \"role\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] role wrong_type_boolean", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": true, + "userId": "8aa00d9d-7b81-42a4-830e-092302d2f2c4" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.910269+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-76bfddd4", + "title": "POST /api/admin/teams/{id}/members - [type_coercion] userId wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.userId", + "rationale": "field \"userId\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] userId wrong_type_integer", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "member", + "userId": 123 + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.910271+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8aeef740", + "title": "POST /api/admin/teams/{id}/members - [type_coercion] userId wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.userId", + "rationale": "field \"userId\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] userId wrong_type_boolean", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "member", + "userId": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.910274+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-39e9a695", + "title": "POST /api/admin/teams/{id}/members - [unicode_fuzzing] role control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.role", + "rationale": "field \"role\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] role control_char", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "hello\u0000world", + "userId": "00287abb-135c-4e57-a40f-6a5a00caf19e" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.91049+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-241bc1b4", + "title": "POST /api/admin/teams/{id}/members - [unicode_fuzzing] role zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.role", + "rationale": "field \"role\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] role zero_width", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "​hello", + "userId": "00287abb-135c-4e57-a40f-6a5a00caf19e" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.910492+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-aa47e2dd", + "title": "POST /api/admin/teams/{id}/members - [unicode_fuzzing] role bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.role", + "rationale": "field \"role\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] role bidi_override", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "‮hello", + "userId": "00287abb-135c-4e57-a40f-6a5a00caf19e" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.910494+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7473f431", + "title": "POST /api/admin/teams/{id}/members - [unicode_fuzzing] role overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.role", + "rationale": "field \"role\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] role overlong", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "userId": "00287abb-135c-4e57-a40f-6a5a00caf19e" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.910497+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-83be4bd5", + "title": "POST /api/admin/teams/{id}/members - [unicode_fuzzing] role zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.role", + "rationale": "field \"role\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] role zalgo", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "z̀́̂̃̄̅̆̇a", + "userId": "00287abb-135c-4e57-a40f-6a5a00caf19e" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.910498+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-382c05ef", + "title": "POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.userId", + "rationale": "field \"userId\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] userId control_char", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "owner", + "userId": "hello\u0000world" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.910501+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-bdeeed04", + "title": "POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.userId", + "rationale": "field \"userId\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] userId zero_width", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "owner", + "userId": "​hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.910503+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e839caab", + "title": "POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.userId", + "rationale": "field \"userId\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] userId bidi_override", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "owner", + "userId": "‮hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.910505+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-cbe2af65", + "title": "POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.userId", + "rationale": "field \"userId\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] userId overlong", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "owner", + "userId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.910506+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-9cd03a11", + "title": "POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.userId", + "rationale": "field \"userId\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] userId zalgo", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "owner", + "userId": "z̀́̂̃̄̅̆̇a" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.910509+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-850dd902", + "title": "POST /api/admin/teams/{id}/members - [mass_assignment] privilege probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/admin/teams/{id}/members requestBody", + "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_PRIVILEGE" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] privilege probe", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "admin": true, + "isAdmin": true, + "is_admin": true, + "role": "__probe__", + "userId": "b21cab01-ede4-49da-9080-18aced242f70" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.911028+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-edb444ec", + "title": "POST /api/admin/teams/{id}/members - [mass_assignment] status probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/admin/teams/{id}/members requestBody", + "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_STATUS" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] status probe", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "approved": true, + "banned": false, + "disabled": false, + "role": "member", + "userId": "b21cab01-ede4-49da-9080-18aced242f70", + "verified": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.91103+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-31f44a55", + "title": "POST /api/admin/teams/{id}/members - [mass_assignment] financial probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/admin/teams/{id}/members requestBody", + "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_FINANCIAL" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] financial probe", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "balance": 1, + "credits": 1, + "discount": 0, + "price": 1, + "role": "member", + "userId": "b21cab01-ede4-49da-9080-18aced242f70" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.911032+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-09f9b8eb", + "title": "POST /api/admin/teams/{id}/members - [mass_assignment] identity probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/admin/teams/{id}/members requestBody", + "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_IDENTITY" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] identity probe", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "createdBy": "__probe__", + "ownerId": "__probe__", + "role": "member", + "userId": "__probe__", + "user_id": "__probe__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.911034+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d1a0e9c6", + "title": "POST /api/admin/teams/{id}/members - IDOR id=99999 (alt_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "POST /api/admin/teams/{id}/members parameters.id", + "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=99999 (alt_id)", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/99999/members", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.911244+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-07948765", + "title": "POST /api/admin/teams/{id}/members - IDOR id=0 (zero_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "POST /api/admin/teams/{id}/members parameters.id", + "rationale": "IDOR probe: substituting id=0 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=0 (zero_id)", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/0/members", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.911246+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1da7a2c3", + "title": "POST /api/admin/teams/{id}/members - [required_omission] userId absent", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "required_omission", + "spec_path": "POST /api/admin/teams/{id}/members requestBody.userId", + "rationale": "required field \"userId\" omitted entirely (not null) — server must reject with 4xx", + "scenario": "REQUIRED_OMISSION" + }, + "steps": [ + { + "id": "step-main", + "title": "[required_omission] userId absent", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "owner" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.911346+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e159fefe", + "title": "GET /api/specs/{service}/{branch}/openapi.json - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Specs" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "GET /api/specs/{service}/{branch}/openapi.json", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "GET", + "path": "/api/specs/{service}/{branch}/openapi.json", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.911516+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5b840153", + "title": "[OWASP-API2] GET /api/specs/{service}/{branch}/openapi.json — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/specs/{service}/{branch}/openapi.json", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "GET", + "path": "/api/specs/{service}/{branch}/openapi.json", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.91157+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-69cf35a6", + "title": "[OWASP-API7] GET /api/specs/{service}/{branch}/openapi.json — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/specs/{service}/{branch}/openapi.json", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "GET", + "path": "/api/specs/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/{branch}/openapi.json", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.911572+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3e62652b", + "title": "[OWASP-API7] GET /api/specs/{service}/{branch}/openapi.json — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/specs/{service}/{branch}/openapi.json", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "GET", + "path": "/api/specs/%27%20OR%201=1--/{branch}/openapi.json", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.911574+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-217a31ae", + "title": "[OWASP-API7] GET /api/specs/{service}/{branch}/openapi.json — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/specs/{service}/{branch}/openapi.json", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "GET", + "path": "/api/specs/..%2F..%2F..%2Fetc%2Fpasswd/{branch}/openapi.json", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.911576+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-14b52fbb", + "title": "GET /api/specs/{service}/{branch}/openapi.json - missing required param \"service\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Specs" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "GET /api/specs/{service}/{branch}/openapi.json parameters.service", + "rationale": "isolated failure: required param \"service\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"service\"", + "type": "test", + "method": "GET", + "path": "/api/specs/1/1/openapi.json", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.911778+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-dd4faa6a", + "title": "GET /api/specs/{service}/{branch}/openapi.json - missing required param \"branch\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Specs" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "GET /api/specs/{service}/{branch}/openapi.json parameters.branch", + "rationale": "isolated failure: required param \"branch\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"branch\"", + "type": "test", + "method": "GET", + "path": "/api/specs/1/1/openapi.json", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.911781+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-787a33be", + "title": "POST /auth/register - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Auth" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /auth/register", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "alessandravaldez@daniel.net", + "password": "who" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.userId", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.911971+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-445d8b1f", + "title": "POST /auth/register - missing required field \"email\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Auth" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /auth/register requestBody.properties.email", + "rationale": "invalid equivalence class: required field \"email\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"email\"", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "password": "still" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.911976+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-31707ae5", + "title": "POST /auth/register - missing required field \"password\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Auth" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /auth/register requestBody.properties.password", + "rationale": "invalid equivalence class: required field \"password\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"password\"", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "leahawkins@white.io" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.91198+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-0f0b429e", + "title": "POST /auth/register - password at min_valid boundary", + "kind": "single", + "priority": "P1", + "tags": [ + "Auth" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /auth/register requestBody.properties.password", + "rationale": "boundary value analysis: password at min_valid", + "scenario": "STRING_MIN_LENGTH" + }, + "steps": [ + { + "id": "step-main", + "title": "password at min_valid boundary", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "kasandravelazquez@willis.org", + "password": "htnnilAG" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.912148+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-15e47d10", + "title": "POST /auth/register - password at min_minus_one_invalid boundary", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /auth/register requestBody.properties.password", + "rationale": "boundary value analysis: password at min_minus_one_invalid", + "scenario": "STRING_BELOW_MIN" + }, + "steps": [ + { + "id": "step-main", + "title": "password at min_minus_one_invalid boundary", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "kasandravelazquez@willis.org", + "password": "qnWvUIn" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.91215+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b381fdb9", + "title": "POST /auth/register - password at max_valid boundary", + "kind": "single", + "priority": "P1", + "tags": [ + "Auth" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /auth/register requestBody.properties.password", + "rationale": "boundary value analysis: password at max_valid", + "scenario": "STRING_MAX_LENGTH" + }, + "steps": [ + { + "id": "step-main", + "title": "password at max_valid boundary", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "kasandravelazquez@willis.org", + "password": "zBlKzdHplyIohqMEAqvZSLUwRAAjdZKfbpkfEhUcSKoTKSlgMvwBEjoRpxXhryTaTAoTzCYyWaXpUkIgpumlAMpSEYEqFYHvmPDdtFumNUpHtbSoyugqaeiVyRdgqNwJsZzlXPJtrDBniDFcfYhHvlLEZBOqZCOoAPKPXTaHVHlRPRLPdCiRYyBYiVNGQIfRCXVbfVAECwwZbjBrGaKIfctBAjeidCzjvfjsjckVQIlqUrEHxrxTFDKxXvgrcFS" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.912159+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-0de23fb9", + "title": "POST /auth/register - password at max_plus_one_invalid boundary", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /auth/register requestBody.properties.password", + "rationale": "boundary value analysis: password at max_plus_one_invalid", + "scenario": "STRING_ABOVE_MAX" + }, + "steps": [ + { + "id": "step-main", + "title": "password at max_plus_one_invalid boundary", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "kasandravelazquez@willis.org", + "password": "rPNlcdUMPwImsPdHFstXXMFIWbajRRdQloozwcKtoDbGhjiVVjHhIxcPpxMVGqqKfZycxZGoowdemLuYWOaEvFeerqBahGZywYIkuGXZrJdCNLryEunbqPYCHWypnUwNviWToCVJFisKyZtCteizZYgpdPlJDBzSucWfdtYFBAzmlDrKirFlAXDxVwWdZscUXFIAryQbydibyCuTJuKPjVPFBgydzlVHJwlOmkfnmyWhxdOnhlOMZdXVRggOpqya" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.912167+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d4349959", + "title": "POST /auth/register - idempotent: second call must be safe", + "kind": "chain", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "idempotency", + "spec_path": "POST /auth/register", + "rationale": "POST is a write operation; test that repeat calls are safe" + }, + "steps": [ + { + "id": "step-setup", + "title": "POST /auth/register — first call", + "type": "setup", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "selenagarza@ross.name", + "password": "break" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + }, + { + "id": "step-test", + "title": "POST /auth/register — identical second call must be safe", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "selenagarza@ross.name", + "password": "break" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "labels": { + "type": "idempotency" + }, + "generated_at": "2026-05-06T21:30:41.912366+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e8a47f18", + "title": "[OWASP-API2] POST /auth/register — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /auth/register", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "POST", + "path": "/auth/register", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.912416+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-900b6a9f", + "title": "[OWASP-API6] POST /auth/register — mass assignment", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api6-mass-assignment" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /auth/register", + "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" + }, + "steps": [ + { + "id": "step-1", + "title": "inject read-only fields in body", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "createdAt": "2000-01-01T00:00:00Z", + "email": "gennarogislason@newton.io", + "id": 99999, + "password": "did", + "updatedAt": "2000-01-01T00:00:00Z" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 201 + }, + { + "target": "jsonpath $.createdAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + }, + { + "target": "jsonpath $.updatedAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + }, + { + "target": "jsonpath $.id", + "operator": "ne", + "expected": 99999 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.912422+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-368fd7b5", + "title": "[OWASP-API7] POST /auth/register — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /auth/register", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.912424+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ff6e6a6b", + "title": "[OWASP-API7] POST /auth/register — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /auth/register", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "' OR 1=1--" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.912425+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2f3c6761", + "title": "[OWASP-API7] POST /auth/register — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /auth/register", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "../../../etc/passwd" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.912426+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-cae39bb3", + "title": "POST /auth/register - missing required field \"email\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Auth" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /auth/register requestBody.properties.email", + "rationale": "isolated failure: only \"email\" is absent; all other fields valid", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"email\"", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "password": "this" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.912695+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-72f7ecb7", + "title": "POST /auth/register - missing required field \"password\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Auth" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /auth/register requestBody.properties.password", + "rationale": "isolated failure: only \"password\" is absent; all other fields valid", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"password\"", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "mayragrant@nichols.name" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.912696+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8449b518", + "title": "POST /auth/register - invalid email: invalid email format", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /auth/register requestBody.properties.email", + "rationale": "isolated failure: only \"email\" is invalid (invalid email format); all other fields valid", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "invalid email: invalid email format", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "not-an-email", + "password": "this" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.912698+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-cf64a6d3", + "title": "POST /auth/register - invalid password: empty string violates minLength 8", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /auth/register requestBody.properties.password", + "rationale": "isolated failure: only \"password\" is invalid (empty string violates minLength 8); all other fields valid", + "scenario": "STRING_BELOW_MIN" + }, + "steps": [ + { + "id": "step-main", + "title": "invalid password: empty string violates minLength 8", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "mayragrant@nichols.name", + "password": "" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.912701+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-95b20a12", + "title": "POST /auth/register - [schema_violation] email_missing_required", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /auth/register requestBody.properties.email", + "rationale": "required field \"email\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] email_missing_required", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "password": "these" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.912906+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-88fb391a", + "title": "POST /auth/register - [schema_violation] password_missing_required", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /auth/register requestBody.properties.password", + "rationale": "required field \"password\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] password_missing_required", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "jadonrobertson@wu.org" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.912908+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-75e2908b", + "title": "POST /auth/register - [schema_violation] email_invalid_format_email", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /auth/register requestBody.properties.email", + "rationale": "email=\"not-an-email\" violates format \"email\"" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] email_invalid_format_email", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "not-an-email", + "password": "these" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.912909+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-225366e2", + "title": "POST /auth/register - [schema_violation] password_too_short", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /auth/register requestBody.properties.password", + "rationale": "password is empty, violates minLength 8" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] password_too_short", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "jadonrobertson@wu.org", + "password": "" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.912911+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6da4f717", + "title": "POST /auth/register - mutation: email null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /auth/register requestBody.email", + "rationale": "field \"email\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: email → null value", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": null, + "password": "where" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.913116+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b9e7832e", + "title": "POST /auth/register - mutation: email empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /auth/register requestBody.email", + "rationale": "field \"email\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: email → empty string", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "", + "password": "where" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.913119+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-00b95383", + "title": "POST /auth/register - mutation: email integer instead of string", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /auth/register requestBody.email", + "rationale": "field \"email\" mutated with integer instead of string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: email → integer instead of string", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": 12345, + "password": "where" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.913124+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3dfbbb02", + "title": "POST /auth/register - mutation: email oversized string (300 chars)", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /auth/register requestBody.email", + "rationale": "field \"email\" mutated with oversized string (300 chars); API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: email → oversized string (300 chars)", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "password": "where" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.913126+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7c859b9c", + "title": "POST /auth/register - mutation: email invalid email format", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /auth/register requestBody.email", + "rationale": "field \"email\" mutated with invalid email format; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: email → invalid email format", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "not-an-email", + "password": "where" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.913131+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8df134ff", + "title": "POST /auth/register - mutation: password null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /auth/register requestBody.password", + "rationale": "field \"password\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: password → null value", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "marjoriecole@donnelly.org", + "password": null + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.913133+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f66d6ba8", + "title": "POST /auth/register - mutation: password empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /auth/register requestBody.password", + "rationale": "field \"password\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: password → empty string", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "marjoriecole@donnelly.org", + "password": "" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.913135+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-85af6488", + "title": "POST /auth/register - mutation: password integer instead of string", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /auth/register requestBody.password", + "rationale": "field \"password\" mutated with integer instead of string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: password → integer instead of string", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "marjoriecole@donnelly.org", + "password": 12345 + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.913136+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ffcd46cb", + "title": "POST /auth/register - mutation: password oversized string (300 chars)", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /auth/register requestBody.password", + "rationale": "field \"password\" mutated with oversized string (300 chars); API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: password → oversized string (300 chars)", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "marjoriecole@donnelly.org", + "password": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.913138+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-031620b5", + "title": "POST /auth/register - null injection: email", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /auth/register requestBody.properties.email", + "rationale": "field \"email\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: email", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": null, + "password": "mouth" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.913607+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-dc0c76f3", + "title": "POST /auth/register - null injection: password", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /auth/register requestBody.properties.password", + "rationale": "field \"password\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: password", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "audreygarrett@morris.info", + "password": null + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.913608+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-9cf203de", + "title": "POST /auth/register - wrong content-type (text/plain)", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /auth/register requestBody", + "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", + "scenario": "WRONG_CONTENT_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "wrong content-type (text/plain)", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "text/plain" + }, + "body": { + "email": "audreygarrett@morris.info", + "password": "mouth" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 415 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.91361+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c40fa64f", + "title": "POST /auth/register - [type_coercion] email wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /auth/register requestBody.properties.email", + "rationale": "field \"email\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] email wrong_type_integer", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": 123, + "password": "it" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.913763+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-cff3b5ee", + "title": "POST /auth/register - [type_coercion] email wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /auth/register requestBody.properties.email", + "rationale": "field \"email\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] email wrong_type_boolean", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": true, + "password": "it" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.913765+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4a32c12b", + "title": "POST /auth/register - [type_coercion] password wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /auth/register requestBody.properties.password", + "rationale": "field \"password\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] password wrong_type_integer", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "bentonwoods@marsh.net", + "password": 123 + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.913767+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4af1b36a", + "title": "POST /auth/register - [type_coercion] password wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /auth/register requestBody.properties.password", + "rationale": "field \"password\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] password wrong_type_boolean", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "bentonwoods@marsh.net", + "password": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.91377+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-619e4131", + "title": "POST /auth/register - [unicode_fuzzing] email control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Auth" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /auth/register requestBody.properties.email", + "rationale": "field \"email\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] email control_char", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "hello\u0000world", + "password": "every" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.913979+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c30816fe", + "title": "POST /auth/register - [unicode_fuzzing] email zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Auth" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /auth/register requestBody.properties.email", + "rationale": "field \"email\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] email zero_width", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "​hello", + "password": "every" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.913981+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-cd50c303", + "title": "POST /auth/register - [unicode_fuzzing] email bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Auth" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /auth/register requestBody.properties.email", + "rationale": "field \"email\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] email bidi_override", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "‮hello", + "password": "every" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.913983+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-aea85ac5", + "title": "POST /auth/register - [unicode_fuzzing] email overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Auth" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /auth/register requestBody.properties.email", + "rationale": "field \"email\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] email overlong", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "password": "every" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.913985+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-67eec10b", + "title": "POST /auth/register - [unicode_fuzzing] email zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Auth" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /auth/register requestBody.properties.email", + "rationale": "field \"email\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] email zalgo", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "z̀́̂̃̄̅̆̇a", + "password": "every" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.913986+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-cd54b4b0", + "title": "POST /auth/register - [unicode_fuzzing] password control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Auth" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /auth/register requestBody.properties.password", + "rationale": "field \"password\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] password control_char", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "charityross@barber.biz", + "password": "hello\u0000world" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.913993+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e4e8966c", + "title": "POST /auth/register - [unicode_fuzzing] password zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Auth" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /auth/register requestBody.properties.password", + "rationale": "field \"password\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] password zero_width", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "charityross@barber.biz", + "password": "​hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.913995+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-28ca4955", + "title": "POST /auth/register - [unicode_fuzzing] password bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Auth" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /auth/register requestBody.properties.password", + "rationale": "field \"password\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] password bidi_override", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "charityross@barber.biz", + "password": "‮hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.913998+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3ac12861", + "title": "POST /auth/register - [unicode_fuzzing] password overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Auth" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /auth/register requestBody.properties.password", + "rationale": "field \"password\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] password overlong", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "charityross@barber.biz", + "password": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.913999+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ab0475dc", + "title": "POST /auth/register - [unicode_fuzzing] password zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Auth" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /auth/register requestBody.properties.password", + "rationale": "field \"password\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] password zalgo", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "charityross@barber.biz", + "password": "z̀́̂̃̄̅̆̇a" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.914002+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-065d2087", + "title": "POST /auth/register - [mass_assignment] privilege probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /auth/register requestBody", + "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_PRIVILEGE" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] privilege probe", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "admin": true, + "email": "waynedaniels@farrell.io", + "isAdmin": true, + "is_admin": true, + "password": "instead", + "role": "__probe__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.914519+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-cabe7291", + "title": "POST /auth/register - [mass_assignment] status probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /auth/register requestBody", + "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_STATUS" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] status probe", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "approved": true, + "banned": false, + "disabled": false, + "email": "waynedaniels@farrell.io", + "password": "instead", + "verified": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.914521+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-9b577a9f", + "title": "POST /auth/register - [mass_assignment] financial probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /auth/register requestBody", + "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_FINANCIAL" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] financial probe", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "balance": 1, + "credits": 1, + "discount": 0, + "email": "waynedaniels@farrell.io", + "password": "instead", + "price": 1 + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.914523+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-be5d4ca2", + "title": "POST /auth/register - [mass_assignment] identity probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /auth/register requestBody", + "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_IDENTITY" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] identity probe", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "createdBy": "__probe__", + "email": "waynedaniels@farrell.io", + "ownerId": "__probe__", + "password": "instead", + "userId": "__probe__", + "user_id": "__probe__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.914525+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-31e0ac94", + "title": "POST /auth/register - [field_boundary] password valid_min", + "kind": "single", + "priority": "P1", + "tags": [ + "Auth" + ], + "source": { + "technique": "field_boundary", + "spec_path": "POST /auth/register requestBody.password", + "rationale": "field \"password\" boundary test: valid_min", + "scenario": "FIELD_BOUNDARY_VALID" + }, + "steps": [ + { + "id": "step-main", + "title": "[field_boundary] password valid_min", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "cedrickhermann@morales.org", + "password": "aaaaaaaa" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 200 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.914738+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-29d13f96", + "title": "POST /auth/register - [field_boundary] password invalid_below_min", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "field_boundary", + "spec_path": "POST /auth/register requestBody.password", + "rationale": "field \"password\" boundary test: invalid_below_min", + "scenario": "FIELD_BOUNDARY_INVALID" + }, + "steps": [ + { + "id": "step-main", + "title": "[field_boundary] password invalid_below_min", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "carmelmaldonado@schwartz.org", + "password": "aaaaaaa" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.914742+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b724df31", + "title": "POST /auth/register - [required_omission] email absent", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "required_omission", + "spec_path": "POST /auth/register requestBody.email", + "rationale": "required field \"email\" omitted entirely (not null) — server must reject with 4xx", + "scenario": "REQUIRED_OMISSION" + }, + "steps": [ + { + "id": "step-main", + "title": "[required_omission] email absent", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "password": "themselves" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.914845+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3d6d9a7d", + "title": "POST /auth/register - [required_omission] password absent", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "required_omission", + "spec_path": "POST /auth/register requestBody.password", + "rationale": "required field \"password\" omitted entirely (not null) — server must reject with 4xx", + "scenario": "REQUIRED_OMISSION" + }, + "steps": [ + { + "id": "step-main", + "title": "[required_omission] password absent", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "artperkins@smith.net" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.914849+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-cb06322f", + "title": "GET /api/me - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Auth" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "GET /api/me", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "GET", + "path": "/api/me", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.id", + "operator": "exists" + }, + { + "target": "body.role", + "operator": "exists" + }, + { + "target": "body.teams", + "operator": "exists" + }, + { + "target": "body.email", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.915053+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-16f4aef5", + "title": "[OWASP-API2] GET /api/me — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/me", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "GET", + "path": "/api/me", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.91512+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d5427a01", + "title": "GET /api/admin/teams/{id}/grants - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "GET /api/admin/teams/{id}/grants", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{id}/grants", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.outgoing", + "operator": "exists" + }, + { + "target": "body.incoming", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.915259+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-9c3bba1f", + "title": "[OWASP-API1] GET /api/admin/teams/{id}/grants — BOLA unauthorized access", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api1-bola" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/admin/teams/{id}/grants", + "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access other user's resource", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{{other_resource_id}}/grants", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.915325+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2dae98a0", + "title": "[OWASP-API2] GET /api/admin/teams/{id}/grants — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/admin/teams/{id}/grants", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{id}/grants", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.915327+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-269d7a97", + "title": "[OWASP-API7] GET /api/admin/teams/{id}/grants — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/admin/teams/{id}/grants", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/grants", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.915329+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a7917f13", + "title": "[OWASP-API7] GET /api/admin/teams/{id}/grants — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/admin/teams/{id}/grants", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/%27%20OR%201=1--/grants", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.915331+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b5400171", + "title": "[OWASP-API7] GET /api/admin/teams/{id}/grants — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/admin/teams/{id}/grants", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/grants", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.915334+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-aa4a85d2", + "title": "GET /api/admin/teams/{id}/grants - missing required param \"id\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "GET /api/admin/teams/{id}/grants parameters.id", + "rationale": "isolated failure: required param \"id\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"id\"", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/1/grants", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.915584+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1e7138b3", + "title": "GET /api/admin/teams/{id}/grants - IDOR id=99999 (alt_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "GET /api/admin/teams/{id}/grants parameters.id", + "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=99999 (alt_id)", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/99999/grants", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.915636+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-625bb61d", + "title": "GET /api/admin/teams/{id}/grants - IDOR id=0 (zero_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "GET /api/admin/teams/{id}/grants parameters.id", + "rationale": "IDOR probe: substituting id=0 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=0 (zero_id)", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/0/grants", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.915638+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-62bccfec", + "title": "POST /api/admin/teams/{id}/grants - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /api/admin/teams/{id}/grants", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "other" + ], + "expiresAt": "2020-03-12T16:50:23Z", + "granteeTeamId": "fcea5c7d-08df-4a6b-a40b-cc22936c70a6", + "granteeUserId": "4b66d87d-2a87-436a-9cba-cbd963fe3725", + "serviceId": "20931bd8-47ab-4a34-9161-aa0f41c54efd" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.id", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.915851+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-33636c2c", + "title": "POST /api/admin/teams/{id}/grants - missing required field \"serviceId\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.serviceId", + "rationale": "invalid equivalence class: required field \"serviceId\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"serviceId\"", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "lastly" + ], + "expiresAt": "2010-02-21T09:42:07Z", + "granteeTeamId": "54d614e8-78c4-4be4-8d58-6262bc0ed601", + "granteeUserId": "ebe6434a-7451-43df-a2a8-4ff4abc09840" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.915858+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-810053e8", + "title": "POST /api/admin/teams/{id}/grants - idempotent: second call must be safe", + "kind": "chain", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "idempotency", + "spec_path": "POST /api/admin/teams/{id}/grants", + "rationale": "POST is a write operation; test that repeat calls are safe" + }, + "steps": [ + { + "id": "step-setup", + "title": "POST /api/admin/teams/{id}/grants — first call", + "type": "setup", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "mercy" + ], + "expiresAt": "1999-12-17T23:28:47Z", + "granteeTeamId": "65e38a66-d932-4217-b7b6-b9d191c81aaf", + "granteeUserId": "41f62f9a-dcd8-4b25-86af-1c3d9ec30857", + "serviceId": "4926c858-e08e-4a3f-bf7b-0bb8e4309181" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + }, + { + "id": "step-test", + "title": "POST /api/admin/teams/{id}/grants — identical second call must be safe", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "mercy" + ], + "expiresAt": "1999-12-17T23:28:47Z", + "granteeTeamId": "65e38a66-d932-4217-b7b6-b9d191c81aaf", + "granteeUserId": "41f62f9a-dcd8-4b25-86af-1c3d9ec30857", + "serviceId": "4926c858-e08e-4a3f-bf7b-0bb8e4309181" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "labels": { + "type": "idempotency" + }, + "generated_at": "2026-05-06T21:30:41.916391+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-750fd5ab", + "title": "[OWASP-API1] POST /api/admin/teams/{id}/grants — BOLA unauthorized access", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api1-bola" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/teams/{id}/grants", + "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access other user's resource", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{{other_resource_id}}/grants", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.91642+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a5db835c", + "title": "[OWASP-API2] POST /api/admin/teams/{id}/grants — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/teams/{id}/grants", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.916425+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e74b3c2c", + "title": "[OWASP-API6] POST /api/admin/teams/{id}/grants — mass assignment", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api6-mass-assignment" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/teams/{id}/grants", + "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" + }, + "steps": [ + { + "id": "step-1", + "title": "inject read-only fields in body", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "might" + ], + "createdAt": "2000-01-01T00:00:00Z", + "expiresAt": "1904-11-16T00:21:56Z", + "granteeTeamId": "80cfeb39-de1f-4afc-b29b-dbf268b668eb", + "granteeUserId": "af0ce4e0-f8fb-4c7c-b929-9d7dfc463d99", + "id": 99999, + "serviceId": "3751ed85-6162-4db7-8287-4b7491018fb0", + "updatedAt": "2000-01-01T00:00:00Z" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 201 + }, + { + "target": "jsonpath $.id", + "operator": "ne", + "expected": 99999 + }, + { + "target": "jsonpath $.createdAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + }, + { + "target": "jsonpath $.updatedAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.916437+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c288f174", + "title": "[OWASP-API7] POST /api/admin/teams/{id}/grants — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/teams/{id}/grants", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/grants", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.91644+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ea6fd919", + "title": "[OWASP-API7] POST /api/admin/teams/{id}/grants — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/teams/{id}/grants", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/%27%20OR%201=1--/grants", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.916444+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-aa0b7128", + "title": "[OWASP-API7] POST /api/admin/teams/{id}/grants — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/teams/{id}/grants", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/grants", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.916447+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-62d899fa", + "title": "POST /api/admin/teams/{id}/grants - missing required field \"serviceId\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.serviceId", + "rationale": "isolated failure: only \"serviceId\" is absent; all other fields valid", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"serviceId\"", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "for" + ], + "expiresAt": "1953-03-29T14:02:05Z", + "granteeTeamId": "6d698330-9f66-45db-a309-61a79c0db5ba", + "granteeUserId": "8867a80d-0d36-4338-ae27-3e2177ebe961" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.91686+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-aee10eee", + "title": "POST /api/admin/teams/{id}/grants - missing required param \"id\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /api/admin/teams/{id}/grants parameters.id", + "rationale": "isolated failure: required param \"id\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"id\"", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/1/grants", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.916862+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4b79a206", + "title": "POST /api/admin/teams/{id}/grants - [schema_violation] serviceId_missing_required", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.serviceId", + "rationale": "required field \"serviceId\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] serviceId_missing_required", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "am" + ], + "expiresAt": "1970-08-02T20:53:06Z", + "granteeTeamId": "7a8e7c06-efab-4a89-8471-23bbf2a20eea", + "granteeUserId": "55b411ae-4ae9-4cf6-802a-a4a242203443" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.916955+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-9509a04a", + "title": "POST /api/admin/teams/{id}/grants - [schema_violation] expiresAt_invalid_format_date-time", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.expiresAt", + "rationale": "expiresAt=\"not-a-date\" violates format \"date-time\"" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] expiresAt_invalid_format_date-time", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "am" + ], + "expiresAt": "not-a-date", + "granteeTeamId": "7a8e7c06-efab-4a89-8471-23bbf2a20eea", + "granteeUserId": "55b411ae-4ae9-4cf6-802a-a4a242203443", + "serviceId": "435a1f1c-09a1-4465-b8ad-2053fa825257" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.916957+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3f1f0acd", + "title": "POST /api/admin/teams/{id}/grants - mutation: branches null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.branches", + "rationale": "field \"branches\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: branches → null value", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": null, + "expiresAt": "2008-02-06T15:08:34Z", + "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", + "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", + "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.917055+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-963f2d23", + "title": "POST /api/admin/teams/{id}/grants - mutation: branches string instead of array", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.branches", + "rationale": "field \"branches\" mutated with string instead of array; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: branches → string instead of array", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": "not-an-array", + "expiresAt": "2008-02-06T15:08:34Z", + "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", + "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", + "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.917057+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c0bd2a08", + "title": "POST /api/admin/teams/{id}/grants - mutation: branches object instead of array", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.branches", + "rationale": "field \"branches\" mutated with object instead of array; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: branches → object instead of array", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": {}, + "expiresAt": "2008-02-06T15:08:34Z", + "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", + "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", + "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.917058+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-759658e7", + "title": "POST /api/admin/teams/{id}/grants - mutation: expiresAt null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.expiresAt", + "rationale": "field \"expiresAt\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: expiresAt → null value", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "himself" + ], + "expiresAt": null, + "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", + "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", + "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.917061+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2894700e", + "title": "POST /api/admin/teams/{id}/grants - mutation: expiresAt empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.expiresAt", + "rationale": "field \"expiresAt\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: expiresAt → empty string", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "himself" + ], + "expiresAt": "", + "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", + "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", + "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.917063+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c03df9f9", + "title": "POST /api/admin/teams/{id}/grants - mutation: expiresAt integer instead of string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.expiresAt", + "rationale": "field \"expiresAt\" mutated with integer instead of string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: expiresAt → integer instead of string", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "himself" + ], + "expiresAt": 12345, + "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", + "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", + "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.917064+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-0ee96c4d", + "title": "POST /api/admin/teams/{id}/grants - mutation: expiresAt oversized string (300 chars)", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.expiresAt", + "rationale": "field \"expiresAt\" mutated with oversized string (300 chars); API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: expiresAt → oversized string (300 chars)", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "himself" + ], + "expiresAt": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", + "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", + "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.917067+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6260c870", + "title": "POST /api/admin/teams/{id}/grants - mutation: expiresAt invalid date format", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.expiresAt", + "rationale": "field \"expiresAt\" mutated with invalid date format; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: expiresAt → invalid date format", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "himself" + ], + "expiresAt": "not-a-date", + "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", + "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", + "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.917068+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-0064709a", + "title": "POST /api/admin/teams/{id}/grants - mutation: granteeTeamId null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.granteeTeamId", + "rationale": "field \"granteeTeamId\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: granteeTeamId → null value", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "himself" + ], + "expiresAt": "2008-02-06T15:08:34Z", + "granteeTeamId": null, + "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", + "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.91707+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7d06efc6", + "title": "POST /api/admin/teams/{id}/grants - mutation: granteeTeamId empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.granteeTeamId", + "rationale": "field \"granteeTeamId\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: granteeTeamId → empty string", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "himself" + ], + "expiresAt": "2008-02-06T15:08:34Z", + "granteeTeamId": "", + "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", + "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.917072+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2571eb1b", + "title": "POST /api/admin/teams/{id}/grants - null injection: serviceId", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.serviceId", + "rationale": "field \"serviceId\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: serviceId", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "sari" + ], + "expiresAt": "1914-05-11T22:00:14Z", + "granteeTeamId": "bcaeb7d9-6d53-4be0-8f2e-d1beacfc2fa1", + "granteeUserId": "44099659-ceca-4310-b565-88e5257ae6f0", + "serviceId": null + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.917535+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e32391c6", + "title": "POST /api/admin/teams/{id}/grants - null injection: branches", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.branches", + "rationale": "field \"branches\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: branches", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": null, + "expiresAt": "1914-05-11T22:00:14Z", + "granteeTeamId": "bcaeb7d9-6d53-4be0-8f2e-d1beacfc2fa1", + "granteeUserId": "44099659-ceca-4310-b565-88e5257ae6f0", + "serviceId": "4e8d3cff-ce68-4019-af70-67a1bb961ec8" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.917537+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-df39db3e", + "title": "POST /api/admin/teams/{id}/grants - null injection: expiresAt", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.expiresAt", + "rationale": "field \"expiresAt\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: expiresAt", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "sari" + ], + "expiresAt": null, + "granteeTeamId": "bcaeb7d9-6d53-4be0-8f2e-d1beacfc2fa1", + "granteeUserId": "44099659-ceca-4310-b565-88e5257ae6f0", + "serviceId": "4e8d3cff-ce68-4019-af70-67a1bb961ec8" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.917539+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-63fd31b7", + "title": "POST /api/admin/teams/{id}/grants - null injection: granteeTeamId", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeTeamId", + "rationale": "field \"granteeTeamId\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: granteeTeamId", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "sari" + ], + "expiresAt": "1914-05-11T22:00:14Z", + "granteeTeamId": null, + "granteeUserId": "44099659-ceca-4310-b565-88e5257ae6f0", + "serviceId": "4e8d3cff-ce68-4019-af70-67a1bb961ec8" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.917541+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-593b0773", + "title": "POST /api/admin/teams/{id}/grants - null injection: granteeUserId", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeUserId", + "rationale": "field \"granteeUserId\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: granteeUserId", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "sari" + ], + "expiresAt": "1914-05-11T22:00:14Z", + "granteeTeamId": "bcaeb7d9-6d53-4be0-8f2e-d1beacfc2fa1", + "granteeUserId": null, + "serviceId": "4e8d3cff-ce68-4019-af70-67a1bb961ec8" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.917543+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a9ed456f", + "title": "POST /api/admin/teams/{id}/grants - wrong content-type (text/plain)", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody", + "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", + "scenario": "WRONG_CONTENT_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "wrong content-type (text/plain)", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "text/plain" + }, + "body": { + "branches": [ + "sari" + ], + "expiresAt": "1914-05-11T22:00:14Z", + "granteeTeamId": "bcaeb7d9-6d53-4be0-8f2e-d1beacfc2fa1", + "granteeUserId": "44099659-ceca-4310-b565-88e5257ae6f0", + "serviceId": "4e8d3cff-ce68-4019-af70-67a1bb961ec8" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 415 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.917544+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-291b984a", + "title": "POST /api/admin/teams/{id}/grants - [type_coercion] branches wrong_type_string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.branches", + "rationale": "field \"branches\" is array but receives wrong_type_string — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] branches wrong_type_string", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": "not_an_array", + "expiresAt": "2013-09-12T21:41:49Z", + "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", + "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", + "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.917829+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4440c404", + "title": "POST /api/admin/teams/{id}/grants - [type_coercion] expiresAt wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.expiresAt", + "rationale": "field \"expiresAt\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] expiresAt wrong_type_integer", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "bad" + ], + "expiresAt": 123, + "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", + "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", + "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.917831+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d73bcfa6", + "title": "POST /api/admin/teams/{id}/grants - [type_coercion] expiresAt wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.expiresAt", + "rationale": "field \"expiresAt\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] expiresAt wrong_type_boolean", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "bad" + ], + "expiresAt": true, + "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", + "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", + "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.917833+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-50132b05", + "title": "POST /api/admin/teams/{id}/grants - [type_coercion] granteeTeamId wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeTeamId", + "rationale": "field \"granteeTeamId\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] granteeTeamId wrong_type_integer", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "bad" + ], + "expiresAt": "2013-09-12T21:41:49Z", + "granteeTeamId": 123, + "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", + "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.917835+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8920e31f", + "title": "POST /api/admin/teams/{id}/grants - [type_coercion] granteeTeamId wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeTeamId", + "rationale": "field \"granteeTeamId\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] granteeTeamId wrong_type_boolean", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "bad" + ], + "expiresAt": "2013-09-12T21:41:49Z", + "granteeTeamId": true, + "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", + "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.917836+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3f9db72b", + "title": "POST /api/admin/teams/{id}/grants - [type_coercion] granteeUserId wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeUserId", + "rationale": "field \"granteeUserId\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] granteeUserId wrong_type_integer", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "bad" + ], + "expiresAt": "2013-09-12T21:41:49Z", + "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", + "granteeUserId": 123, + "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.917839+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1566fad3", + "title": "POST /api/admin/teams/{id}/grants - [type_coercion] granteeUserId wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeUserId", + "rationale": "field \"granteeUserId\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] granteeUserId wrong_type_boolean", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "bad" + ], + "expiresAt": "2013-09-12T21:41:49Z", + "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", + "granteeUserId": true, + "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.91784+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e98b7c31", + "title": "POST /api/admin/teams/{id}/grants - [type_coercion] serviceId wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.serviceId", + "rationale": "field \"serviceId\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] serviceId wrong_type_integer", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "bad" + ], + "expiresAt": "2013-09-12T21:41:49Z", + "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", + "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", + "serviceId": 123 + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.917842+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f4852904", + "title": "POST /api/admin/teams/{id}/grants - [type_coercion] serviceId wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.serviceId", + "rationale": "field \"serviceId\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] serviceId wrong_type_boolean", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "bad" + ], + "expiresAt": "2013-09-12T21:41:49Z", + "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", + "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", + "serviceId": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.917846+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ed7d403f", + "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.expiresAt", + "rationale": "field \"expiresAt\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] expiresAt control_char", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "eye" + ], + "expiresAt": "hello\u0000world", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.918268+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c67b22d4", + "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.expiresAt", + "rationale": "field \"expiresAt\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] expiresAt zero_width", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "eye" + ], + "expiresAt": "​hello", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.91827+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-691f2024", + "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.expiresAt", + "rationale": "field \"expiresAt\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] expiresAt bidi_override", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "eye" + ], + "expiresAt": "‮hello", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.918272+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e80f6e77", + "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.expiresAt", + "rationale": "field \"expiresAt\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] expiresAt overlong", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "eye" + ], + "expiresAt": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.918273+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e8fa18b3", + "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.expiresAt", + "rationale": "field \"expiresAt\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] expiresAt zalgo", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "eye" + ], + "expiresAt": "z̀́̂̃̄̅̆̇a", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.918275+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d5595214", + "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeTeamId", + "rationale": "field \"granteeTeamId\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] granteeTeamId control_char", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "hello\u0000world", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.918278+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-28a0c8b4", + "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeTeamId", + "rationale": "field \"granteeTeamId\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] granteeTeamId zero_width", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "​hello", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.91828+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d197e84d", + "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeTeamId", + "rationale": "field \"granteeTeamId\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] granteeTeamId bidi_override", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "‮hello", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.918282+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4df41e59", + "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeTeamId", + "rationale": "field \"granteeTeamId\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] granteeTeamId overlong", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.918283+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-603eeaa8", + "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeTeamId", + "rationale": "field \"granteeTeamId\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] granteeTeamId zalgo", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "z̀́̂̃̄̅̆̇a", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.918286+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-bb1058c5", + "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeUserId", + "rationale": "field \"granteeUserId\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] granteeUserId control_char", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "hello\u0000world", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.918288+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7f787ffd", + "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeUserId", + "rationale": "field \"granteeUserId\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] granteeUserId zero_width", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "​hello", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.91829+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-57831769", + "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeUserId", + "rationale": "field \"granteeUserId\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] granteeUserId bidi_override", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "‮hello", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.918292+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-81f35d0c", + "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeUserId", + "rationale": "field \"granteeUserId\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] granteeUserId overlong", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.918294+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7682a2d7", + "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeUserId", + "rationale": "field \"granteeUserId\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] granteeUserId zalgo", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "z̀́̂̃̄̅̆̇a", + "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.918295+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-aea6968a", + "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.serviceId", + "rationale": "field \"serviceId\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] serviceId control_char", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "hello\u0000world" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.918298+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c9798ccb", + "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.serviceId", + "rationale": "field \"serviceId\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] serviceId zero_width", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "​hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.9183+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-894450de", + "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.serviceId", + "rationale": "field \"serviceId\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] serviceId bidi_override", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "‮hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.918302+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ae4ea893", + "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.serviceId", + "rationale": "field \"serviceId\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] serviceId overlong", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.918304+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3b372657", + "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.serviceId", + "rationale": "field \"serviceId\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] serviceId zalgo", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "eye" + ], + "expiresAt": "1910-02-22T19:02:33Z", + "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", + "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", + "serviceId": "z̀́̂̃̄̅̆̇a" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.918306+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-eaaad8f0", + "title": "POST /api/admin/teams/{id}/grants - [mass_assignment] privilege probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody", + "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_PRIVILEGE" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] privilege probe", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "admin": true, + "branches": [ + "these" + ], + "expiresAt": "1935-06-17T15:07:26Z", + "granteeTeamId": "02c4dc55-7e2a-4090-a2d0-b4fed5e1277e", + "granteeUserId": "85fb4919-bc0a-470e-9fae-9fa164ef5b88", + "isAdmin": true, + "is_admin": true, + "role": "__probe__", + "serviceId": "b5371d8e-203f-403f-bbb6-ab0e4e8f8466" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.919269+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-54b93b94", + "title": "POST /api/admin/teams/{id}/grants - [mass_assignment] status probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody", + "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_STATUS" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] status probe", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "approved": true, + "banned": false, + "branches": [ + "these" + ], + "disabled": false, + "expiresAt": "1935-06-17T15:07:26Z", + "granteeTeamId": "02c4dc55-7e2a-4090-a2d0-b4fed5e1277e", + "granteeUserId": "85fb4919-bc0a-470e-9fae-9fa164ef5b88", + "serviceId": "b5371d8e-203f-403f-bbb6-ab0e4e8f8466", + "verified": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.919272+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8b55910b", + "title": "POST /api/admin/teams/{id}/grants - [mass_assignment] financial probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody", + "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_FINANCIAL" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] financial probe", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "balance": 1, + "branches": [ + "these" + ], + "credits": 1, + "discount": 0, + "expiresAt": "1935-06-17T15:07:26Z", + "granteeTeamId": "02c4dc55-7e2a-4090-a2d0-b4fed5e1277e", + "granteeUserId": "85fb4919-bc0a-470e-9fae-9fa164ef5b88", + "price": 1, + "serviceId": "b5371d8e-203f-403f-bbb6-ab0e4e8f8466" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.919275+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-74060ffe", + "title": "POST /api/admin/teams/{id}/grants - [mass_assignment] identity probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody", + "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_IDENTITY" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] identity probe", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "these" + ], + "createdBy": "__probe__", + "expiresAt": "1935-06-17T15:07:26Z", + "granteeTeamId": "02c4dc55-7e2a-4090-a2d0-b4fed5e1277e", + "granteeUserId": "85fb4919-bc0a-470e-9fae-9fa164ef5b88", + "ownerId": "__probe__", + "serviceId": "b5371d8e-203f-403f-bbb6-ab0e4e8f8466", + "userId": "__probe__", + "user_id": "__probe__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.919279+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-14f8c7cc", + "title": "POST /api/admin/teams/{id}/grants - IDOR id=99999 (alt_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "POST /api/admin/teams/{id}/grants parameters.id", + "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=99999 (alt_id)", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/99999/grants", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.919451+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-82f1376b", + "title": "POST /api/admin/teams/{id}/grants - IDOR id=0 (zero_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "POST /api/admin/teams/{id}/grants parameters.id", + "rationale": "IDOR probe: substituting id=0 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=0 (zero_id)", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/0/grants", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.919453+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-eb992221", + "title": "POST /api/admin/teams/{id}/grants - [required_omission] serviceId absent", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "required_omission", + "spec_path": "POST /api/admin/teams/{id}/grants requestBody.serviceId", + "rationale": "required field \"serviceId\" omitted entirely (not null) — server must reject with 4xx", + "scenario": "REQUIRED_OMISSION" + }, + "steps": [ + { + "id": "step-main", + "title": "[required_omission] serviceId absent", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "several" + ], + "expiresAt": "1989-03-13T15:48:36Z", + "granteeTeamId": "849dc625-c140-49ac-bf25-8a047cafbb78", + "granteeUserId": "f936f656-e5c6-4646-85ad-e56be5d8778e" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.919557+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f8bdece6", + "title": "GET /api/specs/:service/versions - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Specs" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "GET /api/specs/:service/versions", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "GET", + "path": "/api/specs/:service/versions", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.versions", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.91971+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-9b5eb037", + "title": "[OWASP-API2] GET /api/specs/:service/versions — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/specs/:service/versions", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "GET", + "path": "/api/specs/:service/versions", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.919779+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-cf42e9f4", + "title": "[OWASP-API7] GET /api/specs/:service/versions — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/specs/:service/versions", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "GET", + "path": "/api/specs/:service/versions", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.919781+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ffc707f5", + "title": "[OWASP-API7] GET /api/specs/:service/versions — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/specs/:service/versions", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "GET", + "path": "/api/specs/:service/versions", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.919783+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-106c80c0", + "title": "[OWASP-API7] GET /api/specs/:service/versions — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/specs/:service/versions", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "GET", + "path": "/api/specs/:service/versions", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.919785+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-95c1cee7", + "title": "GET /api/specs/:service/versions - missing required param \"service\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Specs" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "GET /api/specs/:service/versions parameters.service", + "rationale": "isolated failure: required param \"service\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"service\"", + "type": "test", + "method": "GET", + "path": "/api/specs/:service/versions?branch=valid", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.919968+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e71dd727", + "title": "GET /api/specs/:service/versions - missing required param \"branch\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Specs" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "GET /api/specs/:service/versions parameters.branch", + "rationale": "isolated failure: required param \"branch\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"branch\"", + "type": "test", + "method": "GET", + "path": "/api/specs/:service/versions", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.919971+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ae0a2dc3", + "title": "POST /api/admin/webhooks/:id/test - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /api/admin/webhooks/:id/test", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks/:id/test", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.ok", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.920147+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ff996bd3", + "title": "POST /api/admin/webhooks/:id/test - idempotent: second call must be safe", + "kind": "chain", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "idempotency", + "spec_path": "POST /api/admin/webhooks/:id/test", + "rationale": "POST is a write operation; test that repeat calls are safe" + }, + "steps": [ + { + "id": "step-setup", + "title": "POST /api/admin/webhooks/:id/test — first call", + "type": "setup", + "method": "POST", + "path": "/api/admin/webhooks/:id/test", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + }, + { + "id": "step-test", + "title": "POST /api/admin/webhooks/:id/test — identical second call must be safe", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks/:id/test", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "labels": { + "type": "idempotency" + }, + "generated_at": "2026-05-06T21:30:41.920214+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7054030e", + "title": "[OWASP-API2] POST /api/admin/webhooks/:id/test — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/webhooks/:id/test", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks/:id/test", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.920262+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e8743ba7", + "title": "[OWASP-API7] POST /api/admin/webhooks/:id/test — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/webhooks/:id/test", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks/:id/test", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.920264+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7a0227b0", + "title": "[OWASP-API7] POST /api/admin/webhooks/:id/test — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/webhooks/:id/test", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks/:id/test", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.920266+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6c16c87b", + "title": "[OWASP-API7] POST /api/admin/webhooks/:id/test — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/webhooks/:id/test", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks/:id/test", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.920267+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8f3b353e", + "title": "POST /api/admin/webhooks/:id/test - missing required param \"id\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /api/admin/webhooks/:id/test parameters.id", + "rationale": "isolated failure: required param \"id\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"id\"", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks/:id/test", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.920457+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-eb0b8c82", + "title": "POST /api/admin/webhooks/:id/test - IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "POST /api/admin/webhooks/:id/test parameters.id", + "rationale": "IDOR probe: substituting id=00000000-0000-0000-0000-000000000001 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid)", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks/:id/test", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.920504+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-33f46434", + "title": "POST /api/admin/webhooks/:id/test - IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "POST /api/admin/webhooks/:id/test parameters.id", + "rationale": "IDOR probe: substituting id=00000000-0000-0000-0000-000000000000 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid)", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks/:id/test", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.920506+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-03c20c58", + "title": "DELETE /api/admin/grants/{id} - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "DELETE /api/admin/grants/{id}", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "DELETE", + "path": "/api/admin/grants/{id}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.ok", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.920681+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1f6fc417", + "title": "DELETE /api/admin/grants/{id} - idempotent: second call must be safe", + "kind": "chain", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "idempotency", + "spec_path": "DELETE /api/admin/grants/{id}", + "rationale": "DELETE is a write operation; test that repeat calls are safe" + }, + "steps": [ + { + "id": "step-setup", + "title": "DELETE /api/admin/grants/{id} — first call", + "type": "setup", + "method": "DELETE", + "path": "/api/admin/grants/{id}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + }, + { + "id": "step-test", + "title": "DELETE /api/admin/grants/{id} — identical second call must be safe", + "type": "test", + "method": "DELETE", + "path": "/api/admin/grants/{id}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "labels": { + "type": "idempotency" + }, + "generated_at": "2026-05-06T21:30:41.920742+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d8d75c69", + "title": "[OWASP-API1] DELETE /api/admin/grants/{id} — BOLA unauthorized access", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api1-bola" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/grants/{id}", + "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access other user's resource", + "type": "test", + "method": "DELETE", + "path": "/api/admin/grants/{{other_resource_id}}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.920791+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2b26b1b2", + "title": "[OWASP-API2] DELETE /api/admin/grants/{id} — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/grants/{id}", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "DELETE", + "path": "/api/admin/grants/{id}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.920792+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7e26f4e3", + "title": "[OWASP-API7] DELETE /api/admin/grants/{id} — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/grants/{id}", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "DELETE", + "path": "/api/admin/grants/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.920794+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3883f876", + "title": "[OWASP-API7] DELETE /api/admin/grants/{id} — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/grants/{id}", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "DELETE", + "path": "/api/admin/grants/%27%20OR%201=1--", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.920798+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5cfaf557", + "title": "[OWASP-API7] DELETE /api/admin/grants/{id} — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/grants/{id}", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "DELETE", + "path": "/api/admin/grants/..%2F..%2F..%2Fetc%2Fpasswd", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.9208+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-57e2f5d8", + "title": "DELETE /api/admin/grants/{id} - missing required param \"id\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "DELETE /api/admin/grants/{id} parameters.id", + "rationale": "isolated failure: required param \"id\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"id\"", + "type": "test", + "method": "DELETE", + "path": "/api/admin/grants/1", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.921031+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b20f3be6", + "title": "DELETE /api/admin/grants/{id} - IDOR id=99999 (alt_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "DELETE /api/admin/grants/{id} parameters.id", + "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=99999 (alt_id)", + "type": "test", + "method": "DELETE", + "path": "/api/admin/grants/99999", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.92108+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c0c54349", + "title": "DELETE /api/admin/grants/{id} - IDOR id=0 (zero_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "DELETE /api/admin/grants/{id} parameters.id", + "rationale": "IDOR probe: substituting id=0 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=0 (zero_id)", + "type": "test", + "method": "DELETE", + "path": "/api/admin/grants/0", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.921081+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-138640de", + "title": "DELETE /api/tokens/{id} - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "DELETE /api/tokens/{id}", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "DELETE", + "path": "/api/tokens/{id}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.ok", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.921253+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ea338ec1", + "title": "DELETE /api/tokens/{id} - idempotent: second call must be safe", + "kind": "chain", + "priority": "P2", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "idempotency", + "spec_path": "DELETE /api/tokens/{id}", + "rationale": "DELETE is a write operation; test that repeat calls are safe" + }, + "steps": [ + { + "id": "step-setup", + "title": "DELETE /api/tokens/{id} — first call", + "type": "setup", + "method": "DELETE", + "path": "/api/tokens/{id}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + }, + { + "id": "step-test", + "title": "DELETE /api/tokens/{id} — identical second call must be safe", + "type": "test", + "method": "DELETE", + "path": "/api/tokens/{id}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "labels": { + "type": "idempotency" + }, + "generated_at": "2026-05-06T21:30:41.921314+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2d207a0d", + "title": "[OWASP-API1] DELETE /api/tokens/{id} — BOLA unauthorized access", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api1-bola" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/tokens/{id}", + "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access other user's resource", + "type": "test", + "method": "DELETE", + "path": "/api/tokens/{{other_resource_id}}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.921361+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-599ddef6", + "title": "[OWASP-API2] DELETE /api/tokens/{id} — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/tokens/{id}", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "DELETE", + "path": "/api/tokens/{id}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.921362+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ebab5e69", + "title": "[OWASP-API7] DELETE /api/tokens/{id} — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/tokens/{id}", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "DELETE", + "path": "/api/tokens/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.921364+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e54ea4ce", + "title": "[OWASP-API7] DELETE /api/tokens/{id} — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/tokens/{id}", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "DELETE", + "path": "/api/tokens/%27%20OR%201=1--", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.921366+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-85b86fe3", + "title": "[OWASP-API7] DELETE /api/tokens/{id} — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/tokens/{id}", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "DELETE", + "path": "/api/tokens/..%2F..%2F..%2Fetc%2Fpasswd", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.921367+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c2abfd5e", + "title": "DELETE /api/tokens/{id} - missing required param \"id\"", + "kind": "single", + "priority": "P1", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "DELETE /api/tokens/{id} parameters.id", + "rationale": "isolated failure: required param \"id\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"id\"", + "type": "test", + "method": "DELETE", + "path": "/api/tokens/1", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.921606+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-502920f7", + "title": "DELETE /api/tokens/{id} - IDOR id=99999 (alt_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "idor", + "spec_path": "DELETE /api/tokens/{id} parameters.id", + "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=99999 (alt_id)", + "type": "test", + "method": "DELETE", + "path": "/api/tokens/99999", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.921653+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d0e0481e", + "title": "DELETE /api/tokens/{id} - IDOR id=0 (zero_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "idor", + "spec_path": "DELETE /api/tokens/{id} parameters.id", + "rationale": "IDOR probe: substituting id=0 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=0 (zero_id)", + "type": "test", + "method": "DELETE", + "path": "/api/tokens/0", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.921655+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c3e5fa48", + "title": "GET /api/admin/webhooks - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "GET /api/admin/webhooks", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "GET", + "path": "/api/admin/webhooks", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.webhooks", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.921831+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ec46e5a8", + "title": "[OWASP-API2] GET /api/admin/webhooks — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/admin/webhooks", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "GET", + "path": "/api/admin/webhooks", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.921889+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-42a4fab4", + "title": "POST /api/admin/webhooks - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /api/admin/webhooks", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "set" + ], + "name": "Fletcher Mendez", + "providerType": "these", + "teamId": "7b7e7d08-a4c7-4b59-a185-b2a7b8576f2e", + "url": "http://www.nationalcross-platform.org/infomediaries/killer/technologies/frictionless" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.createdBy", + "operator": "exists" + }, + { + "target": "body.isActive", + "operator": "exists" + }, + { + "target": "body.providerType", + "operator": "exists" + }, + { + "target": "body.teamId", + "operator": "exists" + }, + { + "target": "body.name", + "operator": "exists" + }, + { + "target": "body.url", + "operator": "exists" + }, + { + "target": "body.createdAt", + "operator": "exists" + }, + { + "target": "body.id", + "operator": "exists" + }, + { + "target": "body.events", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.922029+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-45423b82", + "title": "POST /api/admin/webhooks - missing required field \"name\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /api/admin/webhooks requestBody.properties.name", + "rationale": "invalid equivalence class: required field \"name\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"name\"", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "Plutonian" + ], + "providerType": "choir", + "teamId": "5289bf89-a443-44f7-a319-2a66891988ac", + "url": "https://www.humandeploy.io/magnetic/roi/maximize/embrace" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.922044+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6ed0d9f4", + "title": "POST /api/admin/webhooks - missing required field \"url\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /api/admin/webhooks requestBody.properties.url", + "rationale": "invalid equivalence class: required field \"url\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"url\"", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "the" + ], + "name": "Carey Jimenez", + "providerType": "hourly", + "teamId": "68326c3d-2def-4030-9c4f-dfcb153eda58" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.92205+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d6a5b0c7", + "title": "POST /api/admin/webhooks - missing required field \"events\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /api/admin/webhooks requestBody.properties.events", + "rationale": "invalid equivalence class: required field \"events\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"events\"", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Rebecca Mann", + "providerType": "painter", + "teamId": "1485872f-38ec-4ac0-88b9-3d10f551b3a4", + "url": "https://www.chiefsyndicate.biz/utilize/deliverables/innovate/transition" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.922056+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-72f21135", + "title": "POST /api/admin/webhooks - name at min_valid boundary", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/admin/webhooks requestBody.properties.name", + "rationale": "boundary value analysis: name at min_valid", + "scenario": "STRING_MIN_LENGTH" + }, + "steps": [ + { + "id": "step-main", + "title": "name at min_valid boundary", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "these" + ], + "name": "u", + "providerType": "infrequently", + "teamId": "4a6f39f6-5059-431c-b5eb-9711769c6023", + "url": "http://www.juniorexpedite.com/partnerships" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.922238+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5b4327aa", + "title": "POST /api/admin/webhooks - name at min_minus_one_invalid boundary", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/admin/webhooks requestBody.properties.name", + "rationale": "boundary value analysis: name at min_minus_one_invalid", + "scenario": "STRING_BELOW_MIN" + }, + "steps": [ + { + "id": "step-main", + "title": "name at min_minus_one_invalid boundary", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "these" + ], + "name": "b", + "providerType": "infrequently", + "teamId": "4a6f39f6-5059-431c-b5eb-9711769c6023", + "url": "http://www.juniorexpedite.com/partnerships" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.922241+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d8fb6781", + "title": "POST /api/admin/webhooks - name at max_valid boundary", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/admin/webhooks requestBody.properties.name", + "rationale": "boundary value analysis: name at max_valid", + "scenario": "STRING_MAX_LENGTH" + }, + "steps": [ + { + "id": "step-main", + "title": "name at max_valid boundary", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "these" + ], + "name": "SncWFCUvZpQFNFdrRgNJvYbFANxRmLnQRwBDZqHrTHNxToOSzvIyMmzYXYNlTmqxqecveYPPJkHsbPGoaolHtERzLSSWSCxHgCRyXtiMrbXGLHWZPsGbytTNsOuzeJeHwrLudLzbVBdbBDdVDJAEXLewLKAlJsnbYaiuzbPulctRaehbdWqhpaxcUFmpSCgDEsQEUPqkVaYFLwaCaeKPlKLmHypHEUNlnmuYwzseXfFSYIVfMKOFtwTgnGGRbhK", + "providerType": "infrequently", + "teamId": "4a6f39f6-5059-431c-b5eb-9711769c6023", + "url": "http://www.juniorexpedite.com/partnerships" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.922249+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-94214268", + "title": "POST /api/admin/webhooks - name at max_plus_one_invalid boundary", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/admin/webhooks requestBody.properties.name", + "rationale": "boundary value analysis: name at max_plus_one_invalid", + "scenario": "STRING_ABOVE_MAX" + }, + "steps": [ + { + "id": "step-main", + "title": "name at max_plus_one_invalid boundary", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "these" + ], + "name": "IOYvYIBkAQYqFIqDJMZycrqRFIVCjZIMbSjDHSMaqySSJJGZbEevnwNUYIPXWkWwHWoWMoAdnxnBkAPWCFrpnBgxDdlsucOVjhDdRObECkUodPRyLJNwwstZUaRwXafrnWjLfrJjRGEeTNKnkRrBzcspeyWjjpHjsLvGfcgxXrgoqgfZptELkyLFdklDpBUEtlqfaHPyFoMWMGjhbPWSrFIuUhQHvQOZmItpXjLrWGQNFNXHxaZDTmDNLFhUJSOO", + "providerType": "infrequently", + "teamId": "4a6f39f6-5059-431c-b5eb-9711769c6023", + "url": "http://www.juniorexpedite.com/partnerships" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.922257+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-06e188f6", + "title": "POST /api/admin/webhooks - idempotent: second call must be safe", + "kind": "chain", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "idempotency", + "spec_path": "POST /api/admin/webhooks", + "rationale": "POST is a write operation; test that repeat calls are safe" + }, + "steps": [ + { + "id": "step-setup", + "title": "POST /api/admin/webhooks — first call", + "type": "setup", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "now" + ], + "name": "Anya Wright", + "providerType": "yesterday", + "teamId": "cd7a7947-5e97-4e0c-bd41-40373e8f332b", + "url": "http://www.primaryaction-items.org/enhance/deploy/interfaces" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + }, + { + "id": "step-test", + "title": "POST /api/admin/webhooks — identical second call must be safe", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "now" + ], + "name": "Anya Wright", + "providerType": "yesterday", + "teamId": "cd7a7947-5e97-4e0c-bd41-40373e8f332b", + "url": "http://www.primaryaction-items.org/enhance/deploy/interfaces" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "labels": { + "type": "idempotency" + }, + "generated_at": "2026-05-06T21:30:41.922434+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f690ca7e", + "title": "[OWASP-API2] POST /api/admin/webhooks — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/webhooks", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.922476+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1b59ba48", + "title": "[OWASP-API6] POST /api/admin/webhooks — mass assignment", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api6-mass-assignment" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/webhooks", + "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" + }, + "steps": [ + { + "id": "step-1", + "title": "inject read-only fields in body", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "createdAt": "2000-01-01T00:00:00Z", + "events": [ + "Lebanese" + ], + "id": 99999, + "name": "Rowan Bartell", + "providerType": "Polish", + "teamId": "5bfa6b50-a743-4866-b2b2-f649decc8c37", + "updatedAt": "2000-01-01T00:00:00Z", + "url": "https://www.regionalfacilitate.com/users/intuitive" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 201 + }, + { + "target": "jsonpath $.createdAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + }, + { + "target": "jsonpath $.updatedAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + }, + { + "target": "jsonpath $.id", + "operator": "ne", + "expected": 99999 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.922482+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a1a1e257", + "title": "[OWASP-API7] POST /api/admin/webhooks — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/webhooks", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "providerType": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.922484+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-03accab7", + "title": "[OWASP-API7] POST /api/admin/webhooks — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/webhooks", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "providerType": "' OR 1=1--" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.922485+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a39cab42", + "title": "[OWASP-API7] POST /api/admin/webhooks — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/webhooks", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "providerType": "../../../etc/passwd" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.922487+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-fa3b21f3", + "title": "[OWASP-API10] POST /api/admin/webhooks — SSRF", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api10-ssrf" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/admin/webhooks", + "rationale": "Inject internal URL http://127.0.0.1; server must validate and reject (400)" + }, + "steps": [ + { + "id": "step-1", + "title": "inject internal URL for SSRF", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "url": "http://127.0.0.1" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.922489+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6c83435b", + "title": "POST /api/admin/webhooks - missing required field \"name\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /api/admin/webhooks requestBody.properties.name", + "rationale": "isolated failure: only \"name\" is absent; all other fields valid", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"name\"", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "as" + ], + "providerType": "his", + "teamId": "4c031d9f-941f-4af7-bf94-9bb5b7ae85a3", + "url": "https://www.investormethodologies.net/maximize" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.922774+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f322285b", + "title": "POST /api/admin/webhooks - missing required field \"url\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /api/admin/webhooks requestBody.properties.url", + "rationale": "isolated failure: only \"url\" is absent; all other fields valid", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"url\"", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "as" + ], + "name": "Beulah Douglas", + "providerType": "his", + "teamId": "4c031d9f-941f-4af7-bf94-9bb5b7ae85a3" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.922776+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-dfcc1c56", + "title": "POST /api/admin/webhooks - missing required field \"events\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /api/admin/webhooks requestBody.properties.events", + "rationale": "isolated failure: only \"events\" is absent; all other fields valid", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"events\"", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Beulah Douglas", + "providerType": "his", + "teamId": "4c031d9f-941f-4af7-bf94-9bb5b7ae85a3", + "url": "https://www.investormethodologies.net/maximize" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.922777+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-41ef09da", + "title": "POST /api/admin/webhooks - invalid events: empty array violates minItems 1", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /api/admin/webhooks requestBody.properties.events", + "rationale": "isolated failure: only \"events\" is invalid (empty array violates minItems 1); all other fields valid", + "scenario": "ARRAY_MIN_ITEMS" + }, + "steps": [ + { + "id": "step-main", + "title": "invalid events: empty array violates minItems 1", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [], + "name": "Beulah Douglas", + "providerType": "his", + "teamId": "4c031d9f-941f-4af7-bf94-9bb5b7ae85a3", + "url": "https://www.investormethodologies.net/maximize" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.92278+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-86292ddb", + "title": "POST /api/admin/webhooks - invalid name: empty string violates minLength 1", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /api/admin/webhooks requestBody.properties.name", + "rationale": "isolated failure: only \"name\" is invalid (empty string violates minLength 1); all other fields valid", + "scenario": "STRING_BELOW_MIN" + }, + "steps": [ + { + "id": "step-main", + "title": "invalid name: empty string violates minLength 1", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "as" + ], + "name": "", + "providerType": "his", + "teamId": "4c031d9f-941f-4af7-bf94-9bb5b7ae85a3", + "url": "https://www.investormethodologies.net/maximize" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.922782+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7b8cab12", + "title": "POST /api/admin/webhooks - [schema_violation] name_missing_required", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /api/admin/webhooks requestBody.properties.name", + "rationale": "required field \"name\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] name_missing_required", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "hundred" + ], + "providerType": "me", + "teamId": "8afc12a7-a242-4e1f-b05b-4ade3fb01c0f", + "url": "https://www.legacyincubate.io/seize" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.92302+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4d32f3c3", + "title": "POST /api/admin/webhooks - [schema_violation] url_missing_required", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /api/admin/webhooks requestBody.properties.url", + "rationale": "required field \"url\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] url_missing_required", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "hundred" + ], + "name": "Raphael Davies", + "providerType": "me", + "teamId": "8afc12a7-a242-4e1f-b05b-4ade3fb01c0f" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.923021+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e4df148d", + "title": "POST /api/admin/webhooks - [schema_violation] events_missing_required", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /api/admin/webhooks requestBody.properties.events", + "rationale": "required field \"events\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] events_missing_required", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Raphael Davies", + "providerType": "me", + "teamId": "8afc12a7-a242-4e1f-b05b-4ade3fb01c0f", + "url": "https://www.legacyincubate.io/seize" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.923023+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b49ea6fa", + "title": "POST /api/admin/webhooks - [schema_violation] name_too_short", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /api/admin/webhooks requestBody.properties.name", + "rationale": "name is empty, violates minLength 1" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] name_too_short", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "hundred" + ], + "name": "", + "providerType": "me", + "teamId": "8afc12a7-a242-4e1f-b05b-4ade3fb01c0f", + "url": "https://www.legacyincubate.io/seize" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.923024+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a0bdf58b", + "title": "POST /api/admin/webhooks - [schema_violation] events_too_few_items", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /api/admin/webhooks requestBody.properties.events", + "rationale": "events=[] violates minItems 1" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] events_too_few_items", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [], + "name": "Raphael Davies", + "providerType": "me", + "teamId": "8afc12a7-a242-4e1f-b05b-4ade3fb01c0f", + "url": "https://www.legacyincubate.io/seize" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.923026+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2c34fbf1", + "title": "POST /api/admin/webhooks - mutation: events null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/webhooks requestBody.events", + "rationale": "field \"events\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: events → null value", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": null, + "name": "Javier Bogan", + "providerType": "regiment", + "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", + "url": "http://www.groupembrace.net/engage/best-of-breed/scale" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.923262+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-19783d1d", + "title": "POST /api/admin/webhooks - mutation: events string instead of array", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/webhooks requestBody.events", + "rationale": "field \"events\" mutated with string instead of array; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: events → string instead of array", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": "not-an-array", + "name": "Javier Bogan", + "providerType": "regiment", + "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", + "url": "http://www.groupembrace.net/engage/best-of-breed/scale" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.923264+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4a653004", + "title": "POST /api/admin/webhooks - mutation: events object instead of array", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/webhooks requestBody.events", + "rationale": "field \"events\" mutated with object instead of array; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: events → object instead of array", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": {}, + "name": "Javier Bogan", + "providerType": "regiment", + "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", + "url": "http://www.groupembrace.net/engage/best-of-breed/scale" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.923265+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b75000cd", + "title": "POST /api/admin/webhooks - mutation: name null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/webhooks requestBody.name", + "rationale": "field \"name\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: name → null value", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "this" + ], + "name": null, + "providerType": "regiment", + "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", + "url": "http://www.groupembrace.net/engage/best-of-breed/scale" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.923267+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f615d2a9", + "title": "POST /api/admin/webhooks - mutation: name empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/webhooks requestBody.name", + "rationale": "field \"name\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: name → empty string", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "this" + ], + "name": "", + "providerType": "regiment", + "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", + "url": "http://www.groupembrace.net/engage/best-of-breed/scale" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.923269+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-cf6c122c", + "title": "POST /api/admin/webhooks - mutation: name integer instead of string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/webhooks requestBody.name", + "rationale": "field \"name\" mutated with integer instead of string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: name → integer instead of string", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "this" + ], + "name": 12345, + "providerType": "regiment", + "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", + "url": "http://www.groupembrace.net/engage/best-of-breed/scale" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.923271+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5be879ce", + "title": "POST /api/admin/webhooks - mutation: name oversized string (300 chars)", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/webhooks requestBody.name", + "rationale": "field \"name\" mutated with oversized string (300 chars); API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: name → oversized string (300 chars)", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "this" + ], + "name": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "providerType": "regiment", + "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", + "url": "http://www.groupembrace.net/engage/best-of-breed/scale" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.923272+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-595d67fc", + "title": "POST /api/admin/webhooks - mutation: providerType null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/webhooks requestBody.providerType", + "rationale": "field \"providerType\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: providerType → null value", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "this" + ], + "name": "Javier Bogan", + "providerType": null, + "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", + "url": "http://www.groupembrace.net/engage/best-of-breed/scale" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.923274+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-9b991c26", + "title": "POST /api/admin/webhooks - mutation: providerType empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/webhooks requestBody.providerType", + "rationale": "field \"providerType\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: providerType → empty string", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "this" + ], + "name": "Javier Bogan", + "providerType": "", + "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", + "url": "http://www.groupembrace.net/engage/best-of-breed/scale" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.923275+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-83e13d1b", + "title": "POST /api/admin/webhooks - mutation: providerType integer instead of string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/admin/webhooks requestBody.providerType", + "rationale": "field \"providerType\" mutated with integer instead of string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: providerType → integer instead of string", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "this" + ], + "name": "Javier Bogan", + "providerType": 12345, + "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", + "url": "http://www.groupembrace.net/engage/best-of-breed/scale" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.923277+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-52359f32", + "title": "POST /api/admin/webhooks - null injection: url", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/admin/webhooks requestBody.properties.url", + "rationale": "field \"url\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: url", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "from" + ], + "name": "Tanner Gardner", + "providerType": "patiently", + "teamId": "19ccbd87-5161-4a81-beda-3e6a1d5aa25e", + "url": null + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.923754+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-35254559", + "title": "POST /api/admin/webhooks - null injection: events", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/admin/webhooks requestBody.properties.events", + "rationale": "field \"events\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: events", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": null, + "name": "Tanner Gardner", + "providerType": "patiently", + "teamId": "19ccbd87-5161-4a81-beda-3e6a1d5aa25e", + "url": "https://www.seniorsynergies.info/one-to-one" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.923756+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-169dbf8c", + "title": "POST /api/admin/webhooks - null injection: name", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/admin/webhooks requestBody.properties.name", + "rationale": "field \"name\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: name", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "from" + ], + "name": null, + "providerType": "patiently", + "teamId": "19ccbd87-5161-4a81-beda-3e6a1d5aa25e", + "url": "https://www.seniorsynergies.info/one-to-one" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.923758+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d40094c4", + "title": "POST /api/admin/webhooks - null injection: providerType", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/admin/webhooks requestBody.properties.providerType", + "rationale": "field \"providerType\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: providerType", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "from" + ], + "name": "Tanner Gardner", + "providerType": null, + "teamId": "19ccbd87-5161-4a81-beda-3e6a1d5aa25e", + "url": "https://www.seniorsynergies.info/one-to-one" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.92376+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4f42ea82", + "title": "POST /api/admin/webhooks - null injection: teamId", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/admin/webhooks requestBody.properties.teamId", + "rationale": "field \"teamId\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: teamId", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "from" + ], + "name": "Tanner Gardner", + "providerType": "patiently", + "teamId": null, + "url": "https://www.seniorsynergies.info/one-to-one" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.923761+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7a40055b", + "title": "POST /api/admin/webhooks - wrong content-type (text/plain)", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/admin/webhooks requestBody", + "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", + "scenario": "WRONG_CONTENT_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "wrong content-type (text/plain)", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "text/plain" + }, + "body": { + "events": [ + "from" + ], + "name": "Tanner Gardner", + "providerType": "patiently", + "teamId": "19ccbd87-5161-4a81-beda-3e6a1d5aa25e", + "url": "https://www.seniorsynergies.info/one-to-one" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 415 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.923763+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-07b6f191", + "title": "POST /api/admin/webhooks - [type_coercion] events wrong_type_string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/webhooks requestBody.properties.events", + "rationale": "field \"events\" is array but receives wrong_type_string — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] events wrong_type_string", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": "not_an_array", + "name": "Horace Evans", + "providerType": "impress", + "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", + "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924044+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-39c60504", + "title": "POST /api/admin/webhooks - [type_coercion] name wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/webhooks requestBody.properties.name", + "rationale": "field \"name\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] name wrong_type_integer", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "improvised" + ], + "name": 123, + "providerType": "impress", + "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", + "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924046+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-49b71fc3", + "title": "POST /api/admin/webhooks - [type_coercion] name wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/webhooks requestBody.properties.name", + "rationale": "field \"name\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] name wrong_type_boolean", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "improvised" + ], + "name": true, + "providerType": "impress", + "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", + "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924048+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e227c019", + "title": "POST /api/admin/webhooks - [type_coercion] providerType wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/webhooks requestBody.properties.providerType", + "rationale": "field \"providerType\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] providerType wrong_type_integer", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "improvised" + ], + "name": "Horace Evans", + "providerType": 123, + "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", + "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.92405+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2f2c0975", + "title": "POST /api/admin/webhooks - [type_coercion] providerType wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/webhooks requestBody.properties.providerType", + "rationale": "field \"providerType\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] providerType wrong_type_boolean", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "improvised" + ], + "name": "Horace Evans", + "providerType": true, + "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", + "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924052+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5db01d88", + "title": "POST /api/admin/webhooks - [type_coercion] teamId wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/webhooks requestBody.properties.teamId", + "rationale": "field \"teamId\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] teamId wrong_type_integer", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "improvised" + ], + "name": "Horace Evans", + "providerType": "impress", + "teamId": 123, + "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924057+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b27447cc", + "title": "POST /api/admin/webhooks - [type_coercion] teamId wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/webhooks requestBody.properties.teamId", + "rationale": "field \"teamId\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] teamId wrong_type_boolean", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "improvised" + ], + "name": "Horace Evans", + "providerType": "impress", + "teamId": true, + "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924059+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ea2aab8e", + "title": "POST /api/admin/webhooks - [type_coercion] url wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/webhooks requestBody.properties.url", + "rationale": "field \"url\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] url wrong_type_integer", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "improvised" + ], + "name": "Horace Evans", + "providerType": "impress", + "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", + "url": 123 + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924061+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2d482d43", + "title": "POST /api/admin/webhooks - [type_coercion] url wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/admin/webhooks requestBody.properties.url", + "rationale": "field \"url\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] url wrong_type_boolean", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "improvised" + ], + "name": "Horace Evans", + "providerType": "impress", + "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", + "url": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924062+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5943393b", + "title": "POST /api/admin/webhooks - [unicode_fuzzing] name control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/webhooks requestBody.properties.name", + "rationale": "field \"name\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] name control_char", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "you" + ], + "name": "hello\u0000world", + "providerType": "anyway", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924493+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2a6bf0cb", + "title": "POST /api/admin/webhooks - [unicode_fuzzing] name zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/webhooks requestBody.properties.name", + "rationale": "field \"name\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] name zero_width", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "you" + ], + "name": "​hello", + "providerType": "anyway", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924495+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-07e9eae2", + "title": "POST /api/admin/webhooks - [unicode_fuzzing] name bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/webhooks requestBody.properties.name", + "rationale": "field \"name\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] name bidi_override", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "you" + ], + "name": "‮hello", + "providerType": "anyway", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924498+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-bee28f66", + "title": "POST /api/admin/webhooks - [unicode_fuzzing] name overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/webhooks requestBody.properties.name", + "rationale": "field \"name\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] name overlong", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "you" + ], + "name": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "providerType": "anyway", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924499+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a7f8f480", + "title": "POST /api/admin/webhooks - [unicode_fuzzing] name zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/webhooks requestBody.properties.name", + "rationale": "field \"name\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] name zalgo", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "you" + ], + "name": "z̀́̂̃̄̅̆̇a", + "providerType": "anyway", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924501+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-dc945e0e", + "title": "POST /api/admin/webhooks - [unicode_fuzzing] providerType control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/webhooks requestBody.properties.providerType", + "rationale": "field \"providerType\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] providerType control_char", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "hello\u0000world", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924504+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e32282d7", + "title": "POST /api/admin/webhooks - [unicode_fuzzing] providerType zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/webhooks requestBody.properties.providerType", + "rationale": "field \"providerType\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] providerType zero_width", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "​hello", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924506+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8724a676", + "title": "POST /api/admin/webhooks - [unicode_fuzzing] providerType bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/webhooks requestBody.properties.providerType", + "rationale": "field \"providerType\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] providerType bidi_override", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "‮hello", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924507+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2cc3a01a", + "title": "POST /api/admin/webhooks - [unicode_fuzzing] providerType overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/webhooks requestBody.properties.providerType", + "rationale": "field \"providerType\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] providerType overlong", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924509+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-07152569", + "title": "POST /api/admin/webhooks - [unicode_fuzzing] providerType zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/webhooks requestBody.properties.providerType", + "rationale": "field \"providerType\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] providerType zalgo", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "z̀́̂̃̄̅̆̇a", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924511+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f031554f", + "title": "POST /api/admin/webhooks - [unicode_fuzzing] teamId control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/webhooks requestBody.properties.teamId", + "rationale": "field \"teamId\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] teamId control_char", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "anyway", + "teamId": "hello\u0000world", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924513+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3128deb0", + "title": "POST /api/admin/webhooks - [unicode_fuzzing] teamId zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/webhooks requestBody.properties.teamId", + "rationale": "field \"teamId\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] teamId zero_width", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "anyway", + "teamId": "​hello", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924515+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-0c229c2d", + "title": "POST /api/admin/webhooks - [unicode_fuzzing] teamId bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/webhooks requestBody.properties.teamId", + "rationale": "field \"teamId\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] teamId bidi_override", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "anyway", + "teamId": "‮hello", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924516+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7de8af57", + "title": "POST /api/admin/webhooks - [unicode_fuzzing] teamId overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/webhooks requestBody.properties.teamId", + "rationale": "field \"teamId\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] teamId overlong", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "anyway", + "teamId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924518+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-bba333a6", + "title": "POST /api/admin/webhooks - [unicode_fuzzing] teamId zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/webhooks requestBody.properties.teamId", + "rationale": "field \"teamId\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] teamId zalgo", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "anyway", + "teamId": "z̀́̂̃̄̅̆̇a", + "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924519+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c4479bd1", + "title": "POST /api/admin/webhooks - [unicode_fuzzing] url control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/webhooks requestBody.properties.url", + "rationale": "field \"url\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] url control_char", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "anyway", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "hello\u0000world" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924521+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d101973c", + "title": "POST /api/admin/webhooks - [unicode_fuzzing] url zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/webhooks requestBody.properties.url", + "rationale": "field \"url\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] url zero_width", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "anyway", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "​hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924523+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-caf839d6", + "title": "POST /api/admin/webhooks - [unicode_fuzzing] url bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/webhooks requestBody.properties.url", + "rationale": "field \"url\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] url bidi_override", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "anyway", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "‮hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924525+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-132333e4", + "title": "POST /api/admin/webhooks - [unicode_fuzzing] url overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/webhooks requestBody.properties.url", + "rationale": "field \"url\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] url overlong", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "anyway", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924527+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6343c227", + "title": "POST /api/admin/webhooks - [unicode_fuzzing] url zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/admin/webhooks requestBody.properties.url", + "rationale": "field \"url\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] url zalgo", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "you" + ], + "name": "Anika Lane", + "providerType": "anyway", + "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", + "url": "z̀́̂̃̄̅̆̇a" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.924529+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f5c743f7", + "title": "POST /api/admin/webhooks - [mass_assignment] privilege probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/admin/webhooks requestBody", + "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_PRIVILEGE" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] privilege probe", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "admin": true, + "events": [ + "actor" + ], + "isAdmin": true, + "is_admin": true, + "name": "Agustina McKenzie", + "providerType": "eye", + "role": "__probe__", + "teamId": "304932c0-8102-4bb0-bd20-eb20fbf9ab2f", + "url": "http://www.vicemethodologies.com/virtual/metrics" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.925489+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-33b56375", + "title": "POST /api/admin/webhooks - [mass_assignment] status probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/admin/webhooks requestBody", + "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_STATUS" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] status probe", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "approved": true, + "banned": false, + "disabled": false, + "events": [ + "actor" + ], + "name": "Agustina McKenzie", + "providerType": "eye", + "teamId": "304932c0-8102-4bb0-bd20-eb20fbf9ab2f", + "url": "http://www.vicemethodologies.com/virtual/metrics", + "verified": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.925492+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-241955ee", + "title": "POST /api/admin/webhooks - [mass_assignment] financial probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/admin/webhooks requestBody", + "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_FINANCIAL" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] financial probe", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "balance": 1, + "credits": 1, + "discount": 0, + "events": [ + "actor" + ], + "name": "Agustina McKenzie", + "price": 1, + "providerType": "eye", + "teamId": "304932c0-8102-4bb0-bd20-eb20fbf9ab2f", + "url": "http://www.vicemethodologies.com/virtual/metrics" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.925494+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-30b18c5f", + "title": "POST /api/admin/webhooks - [mass_assignment] identity probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/admin/webhooks requestBody", + "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_IDENTITY" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] identity probe", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "createdBy": "__probe__", + "events": [ + "actor" + ], + "name": "Agustina McKenzie", + "ownerId": "__probe__", + "providerType": "eye", + "teamId": "304932c0-8102-4bb0-bd20-eb20fbf9ab2f", + "url": "http://www.vicemethodologies.com/virtual/metrics", + "userId": "__probe__", + "user_id": "__probe__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.925496+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-85b28596", + "title": "POST /api/admin/webhooks - [field_boundary] name valid_min", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "field_boundary", + "spec_path": "POST /api/admin/webhooks requestBody.name", + "rationale": "field \"name\" boundary test: valid_min", + "scenario": "FIELD_BOUNDARY_VALID" + }, + "steps": [ + { + "id": "step-main", + "title": "[field_boundary] name valid_min", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "that" + ], + "name": "a", + "providerType": "year", + "teamId": "2078e75e-ac88-4a37-93b9-0aad2a57623c", + "url": "http://www.principalinteractive.net/turn-key/redefine" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 200 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.925669+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7b9e5b4d", + "title": "POST /api/admin/webhooks - [field_boundary] name invalid_below_min", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "field_boundary", + "spec_path": "POST /api/admin/webhooks requestBody.name", + "rationale": "field \"name\" boundary test: invalid_below_min", + "scenario": "FIELD_BOUNDARY_INVALID" + }, + "steps": [ + { + "id": "step-main", + "title": "[field_boundary] name invalid_below_min", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "regularly" + ], + "name": "", + "providerType": "pen", + "teamId": "8e786d80-b9b5-471b-8643-4dea8db9db45", + "url": "http://www.seniorb2b.io/webservices/repurpose/mindshare" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.925677+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-09946d4c", + "title": "POST /api/admin/webhooks - [required_omission] events absent", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "required_omission", + "spec_path": "POST /api/admin/webhooks requestBody.events", + "rationale": "required field \"events\" omitted entirely (not null) — server must reject with 4xx", + "scenario": "REQUIRED_OMISSION" + }, + "steps": [ + { + "id": "step-main", + "title": "[required_omission] events absent", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Molly Hudson", + "providerType": "next", + "teamId": "6c927896-300a-4cc9-a530-93b2a15d5633", + "url": "http://www.humanusers.name/engage" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.925763+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d0373487", + "title": "POST /api/admin/webhooks - [required_omission] name absent", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "required_omission", + "spec_path": "POST /api/admin/webhooks requestBody.name", + "rationale": "required field \"name\" omitted entirely (not null) — server must reject with 4xx", + "scenario": "REQUIRED_OMISSION" + }, + "steps": [ + { + "id": "step-main", + "title": "[required_omission] name absent", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "it" + ], + "providerType": "few", + "teamId": "949cf797-62f1-45ef-9b37-71379d7223ec", + "url": "http://www.regionalproactive.io/scalable" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.925769+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6d3bc221", + "title": "POST /api/admin/webhooks - [required_omission] url absent", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "required_omission", + "spec_path": "POST /api/admin/webhooks requestBody.url", + "rationale": "required field \"url\" omitted entirely (not null) — server must reject with 4xx", + "scenario": "REQUIRED_OMISSION" + }, + "steps": [ + { + "id": "step-main", + "title": "[required_omission] url absent", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "last" + ], + "name": "Alvina Powell", + "providerType": "itself", + "teamId": "3652daaf-fcaf-461d-97f6-ccc7da39f569" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.925774+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f98b2b82", + "title": "GET /api/diff - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Specs" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "GET /api/diff", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "GET", + "path": "/api/diff", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.added", + "operator": "exists" + }, + { + "target": "body.modified", + "operator": "exists" + }, + { + "target": "body.removed", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.926235+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f6e6d81e", + "title": "[OWASP-API2] GET /api/diff — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/diff", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "GET", + "path": "/api/diff", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.926255+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1fb05370", + "title": "[OWASP-API7] GET /api/diff — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/diff", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "GET", + "path": "/api/diff?from=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.92626+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2add12cf", + "title": "[OWASP-API7] GET /api/diff — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/diff", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "GET", + "path": "/api/diff?from=%27+OR+1%3D1--", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.926263+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d2e88748", + "title": "[OWASP-API7] GET /api/diff — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/diff", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "GET", + "path": "/api/diff?from=..%2F..%2F..%2Fetc%2Fpasswd", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.926269+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-436315da", + "title": "GET /api/diff - missing required param \"from\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Specs" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "GET /api/diff parameters.from", + "rationale": "isolated failure: required param \"from\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"from\"", + "type": "test", + "method": "GET", + "path": "/api/diff?to=valid", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.926713+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-592a212d", + "title": "GET /api/diff - missing required param \"to\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Specs" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "GET /api/diff parameters.to", + "rationale": "isolated failure: required param \"to\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"to\"", + "type": "test", + "method": "GET", + "path": "/api/diff?from=valid", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.926717+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-486e8c2a", + "title": "POST /auth/login - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Auth" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /auth/login", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "ezrahowell@franklin.biz", + "password": "work" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.role", + "operator": "exists" + }, + { + "target": "body.token", + "operator": "exists" + }, + { + "target": "body.userId", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.926917+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4cc99b0c", + "title": "POST /auth/login - missing required field \"email\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Auth" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /auth/login requestBody.properties.email", + "rationale": "invalid equivalence class: required field \"email\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"email\"", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "password": "fuel" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.926924+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-70187e79", + "title": "POST /auth/login - missing required field \"password\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Auth" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /auth/login requestBody.properties.password", + "rationale": "invalid equivalence class: required field \"password\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"password\"", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "montemendez@campbell.name" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.926928+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-dc706f80", + "title": "POST /auth/login - idempotent: second call must be safe", + "kind": "chain", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "idempotency", + "spec_path": "POST /auth/login", + "rationale": "POST is a write operation; test that repeat calls are safe" + }, + "steps": [ + { + "id": "step-setup", + "title": "POST /auth/login — first call", + "type": "setup", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "arvidhanson@deckow.com", + "password": "thoughtful" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + }, + { + "id": "step-test", + "title": "POST /auth/login — identical second call must be safe", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "arvidhanson@deckow.com", + "password": "thoughtful" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "labels": { + "type": "idempotency" + }, + "generated_at": "2026-05-06T21:30:41.92709+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-09c747ae", + "title": "[OWASP-API6] POST /auth/login — mass assignment", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api6-mass-assignment" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /auth/login", + "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" + }, + "steps": [ + { + "id": "step-1", + "title": "inject read-only fields in body", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "createdAt": "2000-01-01T00:00:00Z", + "email": "eddhanson@thomas.net", + "id": 99999, + "password": "we", + "updatedAt": "2000-01-01T00:00:00Z" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 201 + }, + { + "target": "jsonpath $.id", + "operator": "ne", + "expected": 99999 + }, + { + "target": "jsonpath $.createdAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + }, + { + "target": "jsonpath $.updatedAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.927143+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d41b3855", + "title": "[OWASP-API7] POST /auth/login — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /auth/login", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.927145+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-504b6c9e", + "title": "[OWASP-API7] POST /auth/login — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /auth/login", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "' OR 1=1--" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.927146+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c3fc26dc", + "title": "[OWASP-API7] POST /auth/login — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /auth/login", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "../../../etc/passwd" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.927152+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-9b253ab6", + "title": "POST /auth/login - missing required field \"email\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Auth" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /auth/login requestBody.properties.email", + "rationale": "isolated failure: only \"email\" is absent; all other fields valid", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"email\"", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "password": "sigh" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.927335+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a6bbbeb7", + "title": "POST /auth/login - missing required field \"password\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Auth" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /auth/login requestBody.properties.password", + "rationale": "isolated failure: only \"password\" is absent; all other fields valid", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"password\"", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "ebonysilva@mendez.info" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.927337+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2286db52", + "title": "POST /auth/login - invalid email: invalid email format", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /auth/login requestBody.properties.email", + "rationale": "isolated failure: only \"email\" is invalid (invalid email format); all other fields valid", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "invalid email: invalid email format", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "not-an-email", + "password": "sigh" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.927339+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-46bb3d69", + "title": "POST /auth/login - [schema_violation] email_missing_required", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /auth/login requestBody.properties.email", + "rationale": "required field \"email\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] email_missing_required", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "password": "eye" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.927481+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5bddd51c", + "title": "POST /auth/login - [schema_violation] password_missing_required", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /auth/login requestBody.properties.password", + "rationale": "required field \"password\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] password_missing_required", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "clovissoto@clay.io" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.927483+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-891b32a4", + "title": "POST /auth/login - [schema_violation] email_invalid_format_email", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /auth/login requestBody.properties.email", + "rationale": "email=\"not-an-email\" violates format \"email\"" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] email_invalid_format_email", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "not-an-email", + "password": "eye" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.927484+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b5693707", + "title": "POST /auth/login - mutation: email null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /auth/login requestBody.email", + "rationale": "field \"email\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: email → null value", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": null, + "password": "staff" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.927616+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-81062c2f", + "title": "POST /auth/login - mutation: email empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /auth/login requestBody.email", + "rationale": "field \"email\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: email → empty string", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "", + "password": "staff" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.927618+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d7ccf79e", + "title": "POST /auth/login - mutation: email integer instead of string", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /auth/login requestBody.email", + "rationale": "field \"email\" mutated with integer instead of string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: email → integer instead of string", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": 12345, + "password": "staff" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.92762+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7f53df98", + "title": "POST /auth/login - mutation: email oversized string (300 chars)", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /auth/login requestBody.email", + "rationale": "field \"email\" mutated with oversized string (300 chars); API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: email → oversized string (300 chars)", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "password": "staff" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.927622+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6926df81", + "title": "POST /auth/login - mutation: email invalid email format", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /auth/login requestBody.email", + "rationale": "field \"email\" mutated with invalid email format; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: email → invalid email format", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "not-an-email", + "password": "staff" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.927624+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b531d0ea", + "title": "POST /auth/login - mutation: password null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /auth/login requestBody.password", + "rationale": "field \"password\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: password → null value", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "naomipierce@lewis.biz", + "password": null + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.927626+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a0ca01b6", + "title": "POST /auth/login - mutation: password empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /auth/login requestBody.password", + "rationale": "field \"password\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: password → empty string", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "naomipierce@lewis.biz", + "password": "" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.927627+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f16c5d8d", + "title": "POST /auth/login - mutation: password integer instead of string", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /auth/login requestBody.password", + "rationale": "field \"password\" mutated with integer instead of string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: password → integer instead of string", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "naomipierce@lewis.biz", + "password": 12345 + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.927629+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-acbb9354", + "title": "POST /auth/login - mutation: password oversized string (300 chars)", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /auth/login requestBody.password", + "rationale": "field \"password\" mutated with oversized string (300 chars); API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: password → oversized string (300 chars)", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "naomipierce@lewis.biz", + "password": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.92763+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a1de0446", + "title": "POST /auth/login - null injection: email", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /auth/login requestBody.properties.email", + "rationale": "field \"email\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: email", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": null, + "password": "float" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.928014+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-191c3a5b", + "title": "POST /auth/login - null injection: password", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /auth/login requestBody.properties.password", + "rationale": "field \"password\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: password", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "ottonorris@sullivan.com", + "password": null + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.928016+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ea0be7b9", + "title": "POST /auth/login - wrong content-type (text/plain)", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /auth/login requestBody", + "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", + "scenario": "WRONG_CONTENT_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "wrong content-type (text/plain)", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "text/plain" + }, + "body": { + "email": "ottonorris@sullivan.com", + "password": "float" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 415 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.928018+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2e0174b6", + "title": "POST /auth/login - [type_coercion] email wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /auth/login requestBody.properties.email", + "rationale": "field \"email\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] email wrong_type_integer", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": 123, + "password": "whole" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.928153+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-91a4d98b", + "title": "POST /auth/login - [type_coercion] email wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /auth/login requestBody.properties.email", + "rationale": "field \"email\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] email wrong_type_boolean", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": true, + "password": "whole" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.928155+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-28167496", + "title": "POST /auth/login - [type_coercion] password wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /auth/login requestBody.properties.password", + "rationale": "field \"password\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] password wrong_type_integer", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "lunasaunders@greene.net", + "password": 123 + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.928157+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5c25d6d2", + "title": "POST /auth/login - [type_coercion] password wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /auth/login requestBody.properties.password", + "rationale": "field \"password\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] password wrong_type_boolean", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "lunasaunders@greene.net", + "password": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.928159+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ce646cde", + "title": "POST /auth/login - [unicode_fuzzing] email control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Auth" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /auth/login requestBody.properties.email", + "rationale": "field \"email\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] email control_char", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "hello\u0000world", + "password": "themselves" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.928344+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e4c515d2", + "title": "POST /auth/login - [unicode_fuzzing] email zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Auth" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /auth/login requestBody.properties.email", + "rationale": "field \"email\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] email zero_width", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "​hello", + "password": "themselves" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.928346+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-08bd8265", + "title": "POST /auth/login - [unicode_fuzzing] email bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Auth" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /auth/login requestBody.properties.email", + "rationale": "field \"email\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] email bidi_override", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "‮hello", + "password": "themselves" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.928348+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1951562a", + "title": "POST /auth/login - [unicode_fuzzing] email overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Auth" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /auth/login requestBody.properties.email", + "rationale": "field \"email\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] email overlong", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "password": "themselves" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.928352+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1091cce6", + "title": "POST /auth/login - [unicode_fuzzing] email zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Auth" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /auth/login requestBody.properties.email", + "rationale": "field \"email\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] email zalgo", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "z̀́̂̃̄̅̆̇a", + "password": "themselves" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.928354+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3fbdbf7e", + "title": "POST /auth/login - [unicode_fuzzing] password control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Auth" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /auth/login requestBody.properties.password", + "rationale": "field \"password\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] password control_char", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "lilyperez@allen.io", + "password": "hello\u0000world" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.928357+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4e879dad", + "title": "POST /auth/login - [unicode_fuzzing] password zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Auth" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /auth/login requestBody.properties.password", + "rationale": "field \"password\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] password zero_width", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "lilyperez@allen.io", + "password": "​hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.928358+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-dc3d45d4", + "title": "POST /auth/login - [unicode_fuzzing] password bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Auth" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /auth/login requestBody.properties.password", + "rationale": "field \"password\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] password bidi_override", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "lilyperez@allen.io", + "password": "‮hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.92836+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b2225a4c", + "title": "POST /auth/login - [unicode_fuzzing] password overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Auth" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /auth/login requestBody.properties.password", + "rationale": "field \"password\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] password overlong", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "lilyperez@allen.io", + "password": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.928362+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7329e86c", + "title": "POST /auth/login - [unicode_fuzzing] password zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Auth" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /auth/login requestBody.properties.password", + "rationale": "field \"password\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] password zalgo", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "lilyperez@allen.io", + "password": "z̀́̂̃̄̅̆̇a" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.928364+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f4f54666", + "title": "POST /auth/login - [mass_assignment] privilege probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /auth/login requestBody", + "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_PRIVILEGE" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] privilege probe", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "admin": true, + "email": "kriswong@koch.io", + "isAdmin": true, + "is_admin": true, + "password": "us", + "role": "__probe__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.928801+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f197447f", + "title": "POST /auth/login - [mass_assignment] status probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /auth/login requestBody", + "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_STATUS" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] status probe", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "approved": true, + "banned": false, + "disabled": false, + "email": "kriswong@koch.io", + "password": "us", + "verified": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.928803+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5bcafac5", + "title": "POST /auth/login - [mass_assignment] financial probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /auth/login requestBody", + "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_FINANCIAL" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] financial probe", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "balance": 1, + "credits": 1, + "discount": 0, + "email": "kriswong@koch.io", + "password": "us", + "price": 1 + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.928804+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4c0c3203", + "title": "POST /auth/login - [mass_assignment] identity probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /auth/login requestBody", + "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_IDENTITY" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] identity probe", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "createdBy": "__probe__", + "email": "kriswong@koch.io", + "ownerId": "__probe__", + "password": "us", + "userId": "__probe__", + "user_id": "__probe__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.928806+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3eaacfef", + "title": "POST /auth/login - [required_omission] email absent", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "required_omission", + "spec_path": "POST /auth/login requestBody.email", + "rationale": "required field \"email\" omitted entirely (not null) — server must reject with 4xx", + "scenario": "REQUIRED_OMISSION" + }, + "steps": [ + { + "id": "step-main", + "title": "[required_omission] email absent", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "password": "abroad" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.92898+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-0a64a19d", + "title": "POST /auth/login - [required_omission] password absent", + "kind": "single", + "priority": "P2", + "tags": [ + "Auth" + ], + "source": { + "technique": "required_omission", + "spec_path": "POST /auth/login requestBody.password", + "rationale": "required field \"password\" omitted entirely (not null) — server must reject with 4xx", + "scenario": "REQUIRED_OMISSION" + }, + "steps": [ + { + "id": "step-main", + "title": "[required_omission] password absent", + "type": "test", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "darylfarrell@santiago.org" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.928983+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c8662867", + "title": "PUT /api/admin/services/{serviceId}/team - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "PUT /api/admin/services/{serviceId}/team", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "teamId": "8439a10e-558d-4569-b260-f0f36a116d83" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.ok", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.929153+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8397ba83", + "title": "PUT /api/admin/services/{serviceId}/team - missing required field \"teamId\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.properties.teamId", + "rationale": "invalid equivalence class: required field \"teamId\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"teamId\"", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": {}, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.929158+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-dc1513dd", + "title": "PUT /api/admin/services/{serviceId}/team - idempotent: second call must be safe", + "kind": "chain", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "idempotency", + "spec_path": "PUT /api/admin/services/{serviceId}/team", + "rationale": "PUT is a write operation; test that repeat calls are safe" + }, + "steps": [ + { + "id": "step-setup", + "title": "PUT /api/admin/services/{serviceId}/team — first call", + "type": "setup", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "teamId": "b954d030-15a4-4bc5-a0ad-c5e46e96e0a7" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + }, + { + "id": "step-test", + "title": "PUT /api/admin/services/{serviceId}/team — identical second call must be safe", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "teamId": "b954d030-15a4-4bc5-a0ad-c5e46e96e0a7" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "labels": { + "type": "idempotency" + }, + "generated_at": "2026-05-06T21:30:41.929262+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b7125bf5", + "title": "[OWASP-API1] PUT /api/admin/services/{serviceId}/team — BOLA unauthorized access", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api1-bola" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/services/{serviceId}/team", + "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access other user's resource", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{{other_resource_id}}/team", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.92931+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6bc9b636", + "title": "[OWASP-API2] PUT /api/admin/services/{serviceId}/team — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/services/{serviceId}/team", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.929311+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-26712b87", + "title": "[OWASP-API3] PUT /api/admin/services/{serviceId}/team — BOPLA property-level access", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api3-bopla" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/services/{serviceId}/team", + "rationale": "PATCH/PUT with injected privileged fields; those fields must not be modified or reflected in the response" + }, + "steps": [ + { + "id": "step-1", + "title": "inject privileged fields in body", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "is_admin": true, + "role": "admin", + "teamId": "da2ce66b-ccba-4bc0-b582-c8fa43a6926f" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "jsonpath $.is_admin", + "operator": "ne", + "expected": true + }, + { + "target": "jsonpath $.role", + "operator": "ne", + "expected": "admin" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.929314+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-29a92605", + "title": "[OWASP-API6] PUT /api/admin/services/{serviceId}/team — mass assignment", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api6-mass-assignment" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/services/{serviceId}/team", + "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" + }, + "steps": [ + { + "id": "step-1", + "title": "inject read-only fields in body", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "createdAt": "2000-01-01T00:00:00Z", + "id": 99999, + "teamId": "d9bf3e10-6529-49aa-b714-03fd1a939f04", + "updatedAt": "2000-01-01T00:00:00Z" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "jsonpath $.id", + "operator": "ne", + "expected": 99999 + }, + { + "target": "jsonpath $.createdAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + }, + { + "target": "jsonpath $.updatedAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.929316+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3ad867af", + "title": "[OWASP-API7] PUT /api/admin/services/{serviceId}/team — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/services/{serviceId}/team", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/team", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.929319+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-53f0e55f", + "title": "[OWASP-API7] PUT /api/admin/services/{serviceId}/team — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/services/{serviceId}/team", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/%27%20OR%201=1--/team", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.92932+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b621722f", + "title": "[OWASP-API7] PUT /api/admin/services/{serviceId}/team — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/services/{serviceId}/team", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/..%2F..%2F..%2Fetc%2Fpasswd/team", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.929321+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-bc585ae5", + "title": "PUT /api/admin/services/{serviceId}/team - missing required field \"teamId\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.properties.teamId", + "rationale": "isolated failure: only \"teamId\" is absent; all other fields valid", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"teamId\"", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": {}, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.929633+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3dc3ff8a", + "title": "PUT /api/admin/services/{serviceId}/team - missing required param \"serviceId\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "PUT /api/admin/services/{serviceId}/team parameters.serviceId", + "rationale": "isolated failure: required param \"serviceId\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"serviceId\"", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/1/team", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.929634+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c8b11e1e", + "title": "PUT /api/admin/services/{serviceId}/team - [schema_violation] teamId_missing_required", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "schema_violation", + "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.properties.teamId", + "rationale": "required field \"teamId\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] teamId_missing_required", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": {}, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.929726+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3c6b4929", + "title": "PUT /api/admin/services/{serviceId}/team - mutation: teamId null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.teamId", + "rationale": "field \"teamId\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: teamId → null value", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "teamId": null + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.92977+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-717311a7", + "title": "PUT /api/admin/services/{serviceId}/team - mutation: teamId empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.teamId", + "rationale": "field \"teamId\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: teamId → empty string", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "teamId": "" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.929771+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-cea11786", + "title": "PUT /api/admin/services/{serviceId}/team - mutation: teamId integer instead of string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.teamId", + "rationale": "field \"teamId\" mutated with integer instead of string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: teamId → integer instead of string", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "teamId": 12345 + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.929773+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-452218de", + "title": "PUT /api/admin/services/{serviceId}/team - mutation: teamId oversized string (300 chars)", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.teamId", + "rationale": "field \"teamId\" mutated with oversized string (300 chars); API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: teamId → oversized string (300 chars)", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "teamId": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.929774+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-16d39238", + "title": "PUT /api/admin/services/{serviceId}/team - wrong content-type (text/plain)", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody", + "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", + "scenario": "WRONG_CONTENT_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "wrong content-type (text/plain)", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "text/plain" + }, + "body": { + "teamId": "bc1c5a2f-34be-4a46-bc1a-a3abfe061eb1" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 415 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.929959+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-87eccc15", + "title": "PUT /api/admin/services/{serviceId}/team - [type_coercion] teamId wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.properties.teamId", + "rationale": "field \"teamId\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] teamId wrong_type_integer", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "teamId": 123 + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.930009+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5b55ebea", + "title": "PUT /api/admin/services/{serviceId}/team - [type_coercion] teamId wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.properties.teamId", + "rationale": "field \"teamId\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] teamId wrong_type_boolean", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "teamId": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.930011+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-00caba6f", + "title": "PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.properties.teamId", + "rationale": "field \"teamId\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] teamId control_char", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "teamId": "hello\u0000world" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.930097+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1c0a1d4a", + "title": "PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.properties.teamId", + "rationale": "field \"teamId\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] teamId zero_width", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "teamId": "​hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.930099+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e30f1b9e", + "title": "PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.properties.teamId", + "rationale": "field \"teamId\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] teamId bidi_override", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "teamId": "‮hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.930101+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5dc313b9", + "title": "PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.properties.teamId", + "rationale": "field \"teamId\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] teamId overlong", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "teamId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.930103+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c1fa3472", + "title": "PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.properties.teamId", + "rationale": "field \"teamId\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] teamId zalgo", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "teamId": "z̀́̂̃̄̅̆̇a" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.930104+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c8fb1c8e", + "title": "PUT /api/admin/services/{serviceId}/team - [mass_assignment] privilege probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody", + "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_PRIVILEGE" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] privilege probe", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "admin": true, + "isAdmin": true, + "is_admin": true, + "role": "__probe__", + "teamId": "205575fc-05ed-461e-8bb1-47206ee3fe2a" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.930333+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6072976c", + "title": "PUT /api/admin/services/{serviceId}/team - [mass_assignment] status probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody", + "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_STATUS" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] status probe", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "approved": true, + "banned": false, + "disabled": false, + "teamId": "205575fc-05ed-461e-8bb1-47206ee3fe2a", + "verified": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.930334+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-297a0e33", + "title": "PUT /api/admin/services/{serviceId}/team - [mass_assignment] financial probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody", + "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_FINANCIAL" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] financial probe", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "balance": 1, + "credits": 1, + "discount": 0, + "price": 1, + "teamId": "205575fc-05ed-461e-8bb1-47206ee3fe2a" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.930336+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c9fe2f6f", + "title": "PUT /api/admin/services/{serviceId}/team - [mass_assignment] identity probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody", + "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_IDENTITY" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] identity probe", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "createdBy": "__probe__", + "ownerId": "__probe__", + "teamId": "205575fc-05ed-461e-8bb1-47206ee3fe2a", + "userId": "__probe__", + "user_id": "__probe__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.93034+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f06bfa27", + "title": "PUT /api/admin/services/{serviceId}/team - [semantic_annotation] nullable field \"teamId\" accepts null", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "semantic_annotation", + "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.teamId", + "rationale": "field \"teamId\" is nullable; server MUST accept null value", + "scenario": "NULLABLE_ACCEPTANCE" + }, + "steps": [ + { + "id": "step-main", + "title": "[semantic_annotation] nullable field \"teamId\" accepts null", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "teamId": null + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 200 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.930513+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d24b98db", + "title": "PUT /api/admin/services/{serviceId}/team - [required_omission] teamId absent", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "required_omission", + "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.teamId", + "rationale": "required field \"teamId\" omitted entirely (not null) — server must reject with 4xx", + "scenario": "REQUIRED_OMISSION" + }, + "steps": [ + { + "id": "step-main", + "title": "[required_omission] teamId absent", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": {}, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.930559+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e7fb82c9", + "title": "GET /api/admin/users - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "GET /api/admin/users", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "GET", + "path": "/api/admin/users", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.users", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.930674+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-aaffe36c", + "title": "[OWASP-API2] GET /api/admin/users — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/admin/users", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "GET", + "path": "/api/admin/users", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.930737+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e3da0de9", + "title": "POST /api/upload - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Upload" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /api/upload", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "my", + "commitSha": "where", + "service": "Asian", + "specContent": "soon" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.endpointCount", + "operator": "exists" + }, + { + "target": "body.service", + "operator": "exists" + }, + { + "target": "body.unchanged", + "operator": "exists" + }, + { + "target": "body.warnings", + "operator": "exists" + }, + { + "target": "body.wasConverted", + "operator": "exists" + }, + { + "target": "body.branch", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.930877+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-89850cfa", + "title": "POST /api/upload - missing required field \"service\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Upload" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /api/upload requestBody.properties.service", + "rationale": "invalid equivalence class: required field \"service\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"service\"", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "occasionally", + "commitSha": "lastly", + "specContent": "eat" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.930884+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d756c10c", + "title": "POST /api/upload - missing required field \"branch\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Upload" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /api/upload requestBody.properties.branch", + "rationale": "invalid equivalence class: required field \"branch\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"branch\"", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "commitSha": "news", + "service": "seldom", + "specContent": "who" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.930887+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1de0eefc", + "title": "POST /api/upload - missing required field \"specContent\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Upload" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "POST /api/upload requestBody.properties.specContent", + "rationale": "invalid equivalence class: required field \"specContent\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"specContent\"", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "can", + "commitSha": "why", + "service": "forest" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.930891+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-fa5f2879", + "title": "POST /api/upload - service at min_valid boundary", + "kind": "single", + "priority": "P1", + "tags": [ + "Upload" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/upload requestBody.properties.service", + "rationale": "boundary value analysis: service at min_valid", + "scenario": "STRING_MIN_LENGTH" + }, + "steps": [ + { + "id": "step-main", + "title": "service at min_valid boundary", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "annoying", + "commitSha": "horde", + "service": "v", + "specContent": "early" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.931072+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c9639729", + "title": "POST /api/upload - service at min_minus_one_invalid boundary", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/upload requestBody.properties.service", + "rationale": "boundary value analysis: service at min_minus_one_invalid", + "scenario": "STRING_BELOW_MIN" + }, + "steps": [ + { + "id": "step-main", + "title": "service at min_minus_one_invalid boundary", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "annoying", + "commitSha": "horde", + "service": "P", + "specContent": "early" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.931074+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3cd9de74", + "title": "POST /api/upload - service at max_valid boundary", + "kind": "single", + "priority": "P1", + "tags": [ + "Upload" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/upload requestBody.properties.service", + "rationale": "boundary value analysis: service at max_valid", + "scenario": "STRING_MAX_LENGTH" + }, + "steps": [ + { + "id": "step-main", + "title": "service at max_valid boundary", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "annoying", + "commitSha": "horde", + "service": "atLOmtVVmlQhFvFrwuMTJjhgqzDQgMAKdxkeUnYswKYRxCFECDdRtuhENDYOeachFgpnTjKElKhbRGMNBMqtQcJeLmJEdXosWDnsTCROKgowmZMFmjZPjXeSVkrLtqyrTdhcTIoNWdfwRXnmvZQoROrQlafSbnQScDRKBvbCIsqPEGzseScyClXaqHCuhtwbNgwbAjmxZkPvBMGOxVbdVVDWFWdnUugVnZaDTXdkaRzAOYonKbCYZPlwlDZDKdT", + "specContent": "early" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.931083+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ad5debd5", + "title": "POST /api/upload - service at max_plus_one_invalid boundary", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/upload requestBody.properties.service", + "rationale": "boundary value analysis: service at max_plus_one_invalid", + "scenario": "STRING_ABOVE_MAX" + }, + "steps": [ + { + "id": "step-main", + "title": "service at max_plus_one_invalid boundary", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "annoying", + "commitSha": "horde", + "service": "UqQKQdxIBaEEFIOlbucPEjkejpJhtGCnYytkTfHBnTHmoeamHxyFTtNkqceSxPhYjEZfVjxnkUrCXnzCRdtVbcomgJaqcHidTZbQHOJgFusDCcCXqQuHRTajulzyqxxOFgJZTIrWbrgvHDgjlzyuuBztsMwepFaVmllpLTRwhONiNNZZDMtJFSySHEyRBmGBvFwEkoyGZJSFbcrJaJVmftRoXuHFuUwcKLaJFIIGOYYgsNiAMNTBUcmdjtEEKcrT", + "specContent": "early" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.93109+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-edc8ded2", + "title": "POST /api/upload - specContent at min_valid boundary", + "kind": "single", + "priority": "P1", + "tags": [ + "Upload" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/upload requestBody.properties.specContent", + "rationale": "boundary value analysis: specContent at min_valid", + "scenario": "STRING_MIN_LENGTH" + }, + "steps": [ + { + "id": "step-main", + "title": "specContent at min_valid boundary", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "annoying", + "commitSha": "horde", + "service": "patrol", + "specContent": "s" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.931092+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b6f8003e", + "title": "POST /api/upload - specContent at min_minus_one_invalid boundary", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/upload requestBody.properties.specContent", + "rationale": "boundary value analysis: specContent at min_minus_one_invalid", + "scenario": "STRING_BELOW_MIN" + }, + "steps": [ + { + "id": "step-main", + "title": "specContent at min_minus_one_invalid boundary", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "annoying", + "commitSha": "horde", + "service": "patrol", + "specContent": "E" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.931095+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-201ba23b", + "title": "POST /api/upload - specContent at max_valid boundary", + "kind": "single", + "priority": "P1", + "tags": [ + "Upload" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/upload requestBody.properties.specContent", + "rationale": "boundary value analysis: specContent at max_valid", + "scenario": "STRING_MAX_LENGTH" + }, + "steps": [ + { + "id": "step-main", + "title": "specContent at max_valid boundary", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "annoying", + "commitSha": "horde", + "service": "patrol", + "specContent": "MvxueBBOuEUznvCnujHEfhfJEmIkMiFxMUaMDQYopjbpdETOJXbhaSibxhItFKowWSgvVTsEKoRBvRboGZCrpNFYbErOCedxMcVAnLzDekWtkEvgLpSZAGaDLsFRvNWihavpvGqXfpluZjqXgXkvQZEpaaHgrFeEHQhhHsZqkGppwxBdpFmjShygsygoqyopydhyLxSwTwouvqLXCFkgNFkmEiZKFOzPodlBbQdZyQXKtqOjjyxMqTwcyXFgxoI" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.931102+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-dbbfdc22", + "title": "POST /api/upload - specContent at max_plus_one_invalid boundary", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/upload requestBody.properties.specContent", + "rationale": "boundary value analysis: specContent at max_plus_one_invalid", + "scenario": "STRING_ABOVE_MAX" + }, + "steps": [ + { + "id": "step-main", + "title": "specContent at max_plus_one_invalid boundary", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "annoying", + "commitSha": "horde", + "service": "patrol", + "specContent": "XYmkqdAEnhShAWMWevPjaEMcXFnlEMIZdgvjHxCMmpYIjgEHzJtlzMbGailVdFqZrzsWsGjpkSIhqCvAYsNhMiEWeEQWONGHrvWYvfPFzZHeBPoEohTATwAWyNcNwDNUwxVeqZxdAsktxHReoFPVnXfhBUWjzySqMmVghKlODAqkgFPTiJazKylKgHzgmDXbLnPQAKRyAscyAKlFZnpEkpnjoXxDbJnVmagvmQfbszLtHuyUTPLDrWNwJGJvuHBn" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.931109+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4ca9c46c", + "title": "POST /api/upload - branch at min_valid boundary", + "kind": "single", + "priority": "P1", + "tags": [ + "Upload" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/upload requestBody.properties.branch", + "rationale": "boundary value analysis: branch at min_valid", + "scenario": "STRING_MIN_LENGTH" + }, + "steps": [ + { + "id": "step-main", + "title": "branch at min_valid boundary", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "b", + "commitSha": "horde", + "service": "patrol", + "specContent": "early" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.931111+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-fa914b29", + "title": "POST /api/upload - branch at min_minus_one_invalid boundary", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/upload requestBody.properties.branch", + "rationale": "boundary value analysis: branch at min_minus_one_invalid", + "scenario": "STRING_BELOW_MIN" + }, + "steps": [ + { + "id": "step-main", + "title": "branch at min_minus_one_invalid boundary", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "x", + "commitSha": "horde", + "service": "patrol", + "specContent": "early" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.931115+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-97d88ce9", + "title": "POST /api/upload - branch at max_valid boundary", + "kind": "single", + "priority": "P1", + "tags": [ + "Upload" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/upload requestBody.properties.branch", + "rationale": "boundary value analysis: branch at max_valid", + "scenario": "STRING_MAX_LENGTH" + }, + "steps": [ + { + "id": "step-main", + "title": "branch at max_valid boundary", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "shlwKqFxRFaVTdGNnBXhsNxUFKQKzOqqCpWDSXqaghfbdFJIOYfkDfFCtbwSekckstHPRyDaMVWZVWRBkbIgtUJDXhFeMmsQbiKempTLkISShAcAmWyGwOABgtbYCVEFRMDgKJWLKPmhAtLhMCfQaicCaLcxzIlibqzCyRCDxwtHNNlvPLxMHtmKcmYUtqMBHkdEiCZvhHNvCBGgJjhsNpbEGSpHxdHKXjeFulMWOPsstdqgeeJDWdLgyWSEFNF", + "commitSha": "horde", + "service": "patrol", + "specContent": "early" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.931123+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-62157365", + "title": "POST /api/upload - branch at max_plus_one_invalid boundary", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "boundary_value", + "spec_path": "POST /api/upload requestBody.properties.branch", + "rationale": "boundary value analysis: branch at max_plus_one_invalid", + "scenario": "STRING_ABOVE_MAX" + }, + "steps": [ + { + "id": "step-main", + "title": "branch at max_plus_one_invalid boundary", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "ILYUfOPfVxuZMfnbVgKKBKcmaHThDumvYBgtnVGhjnPVGeBmGSnwjXFjeojgBxBSehvkPJScHCBTFcjyIabzfzFvTWtmmGsJXlmNIlpLkzqrlyuqKvGoAAOUUwFEBGeoceVrjAMgTmCbeUmYnHVgBpOXAuFUnLPQYGspPdbHIuiUDYqbBJXQtGKAcDLSaGJJLeGIsLZXfWSCbcUflmCylZeRTVGmuNyUFZmpAoeWuylCdFZLpbneeLqzpzLaIKmE", + "commitSha": "horde", + "service": "patrol", + "specContent": "early" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.931129+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-dd638159", + "title": "POST /api/upload - idempotent: second call must be safe", + "kind": "chain", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "idempotency", + "spec_path": "POST /api/upload", + "rationale": "POST is a write operation; test that repeat calls are safe" + }, + "steps": [ + { + "id": "step-setup", + "title": "POST /api/upload — first call", + "type": "setup", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "relieved", + "commitSha": "frequently", + "service": "inside", + "specContent": "east" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + }, + { + "id": "step-test", + "title": "POST /api/upload — identical second call must be safe", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "relieved", + "commitSha": "frequently", + "service": "inside", + "specContent": "east" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "labels": { + "type": "idempotency" + }, + "generated_at": "2026-05-06T21:30:41.931663+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4c9fd28e", + "title": "[OWASP-API2] POST /api/upload — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/upload", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "POST", + "path": "/api/upload", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.931706+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-bcf8922c", + "title": "[OWASP-API6] POST /api/upload — mass assignment", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api6-mass-assignment" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/upload", + "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" + }, + "steps": [ + { + "id": "step-1", + "title": "inject read-only fields in body", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "second", + "commitSha": "he", + "createdAt": "2000-01-01T00:00:00Z", + "id": 99999, + "service": "his", + "specContent": "of", + "updatedAt": "2000-01-01T00:00:00Z" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 201 + }, + { + "target": "jsonpath $.id", + "operator": "ne", + "expected": 99999 + }, + { + "target": "jsonpath $.createdAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + }, + { + "target": "jsonpath $.updatedAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.931711+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-81a2a747", + "title": "[OWASP-API7] POST /api/upload — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/upload", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.931712+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b528a6e6", + "title": "[OWASP-API7] POST /api/upload — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/upload", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "' OR 1=1--" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.931714+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-553f4f51", + "title": "[OWASP-API7] POST /api/upload — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "POST /api/upload", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "../../../etc/passwd" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.931715+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8f85caae", + "title": "POST /api/upload - missing required field \"service\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Upload" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /api/upload requestBody.properties.service", + "rationale": "isolated failure: only \"service\" is absent; all other fields valid", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"service\"", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "recline", + "commitSha": "pack", + "specContent": "now" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.931938+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-33947120", + "title": "POST /api/upload - missing required field \"branch\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Upload" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /api/upload requestBody.properties.branch", + "rationale": "isolated failure: only \"branch\" is absent; all other fields valid", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"branch\"", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "commitSha": "pack", + "service": "ears", + "specContent": "now" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.93194+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-fccdadb2", + "title": "POST /api/upload - missing required field \"specContent\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Upload" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /api/upload requestBody.properties.specContent", + "rationale": "isolated failure: only \"specContent\" is absent; all other fields valid", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"specContent\"", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "recline", + "commitSha": "pack", + "service": "ears" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.931942+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-86ff6bd8", + "title": "POST /api/upload - invalid specContent: empty string violates minLength 1", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /api/upload requestBody.properties.specContent", + "rationale": "isolated failure: only \"specContent\" is invalid (empty string violates minLength 1); all other fields valid", + "scenario": "STRING_BELOW_MIN" + }, + "steps": [ + { + "id": "step-main", + "title": "invalid specContent: empty string violates minLength 1", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "recline", + "commitSha": "pack", + "service": "ears", + "specContent": "" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.931944+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5eb7446c", + "title": "POST /api/upload - invalid branch: empty string violates minLength 1", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /api/upload requestBody.properties.branch", + "rationale": "isolated failure: only \"branch\" is invalid (empty string violates minLength 1); all other fields valid", + "scenario": "STRING_BELOW_MIN" + }, + "steps": [ + { + "id": "step-main", + "title": "invalid branch: empty string violates minLength 1", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "", + "commitSha": "pack", + "service": "ears", + "specContent": "now" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.931945+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8389dd21", + "title": "POST /api/upload - invalid service: empty string violates minLength 1", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "POST /api/upload requestBody.properties.service", + "rationale": "isolated failure: only \"service\" is invalid (empty string violates minLength 1); all other fields valid", + "scenario": "STRING_BELOW_MIN" + }, + "steps": [ + { + "id": "step-main", + "title": "invalid service: empty string violates minLength 1", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "recline", + "commitSha": "pack", + "service": "", + "specContent": "now" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.931947+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-72938c30", + "title": "POST /api/upload - [schema_violation] service_missing_required", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /api/upload requestBody.properties.service", + "rationale": "required field \"service\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] service_missing_required", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "to", + "commitSha": "Brazilian", + "specContent": "tonight" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.932226+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-381d4381", + "title": "POST /api/upload - [schema_violation] branch_missing_required", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /api/upload requestBody.properties.branch", + "rationale": "required field \"branch\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] branch_missing_required", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "commitSha": "Brazilian", + "service": "intimidate", + "specContent": "tonight" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.932227+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-555257e2", + "title": "POST /api/upload - [schema_violation] specContent_missing_required", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /api/upload requestBody.properties.specContent", + "rationale": "required field \"specContent\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] specContent_missing_required", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "to", + "commitSha": "Brazilian", + "service": "intimidate" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.932228+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-40be94ec", + "title": "POST /api/upload - [schema_violation] service_too_short", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /api/upload requestBody.properties.service", + "rationale": "service is empty, violates minLength 1" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] service_too_short", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "to", + "commitSha": "Brazilian", + "service": "", + "specContent": "tonight" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.93223+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-af512611", + "title": "POST /api/upload - [schema_violation] specContent_too_short", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /api/upload requestBody.properties.specContent", + "rationale": "specContent is empty, violates minLength 1" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] specContent_too_short", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "to", + "commitSha": "Brazilian", + "service": "intimidate", + "specContent": "" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.932231+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-76d8b912", + "title": "POST /api/upload - [schema_violation] branch_too_short", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "schema_violation", + "spec_path": "POST /api/upload requestBody.properties.branch", + "rationale": "branch is empty, violates minLength 1" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] branch_too_short", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "", + "commitSha": "Brazilian", + "service": "intimidate", + "specContent": "tonight" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.932233+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-9f510ed7", + "title": "POST /api/upload - mutation: branch null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/upload requestBody.branch", + "rationale": "field \"branch\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: branch → null value", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": null, + "commitSha": "heavily", + "service": "sufficient", + "specContent": "ours" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.932492+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-cac690c1", + "title": "POST /api/upload - mutation: branch empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/upload requestBody.branch", + "rationale": "field \"branch\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: branch → empty string", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "", + "commitSha": "heavily", + "service": "sufficient", + "specContent": "ours" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.932494+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-416a96c1", + "title": "POST /api/upload - mutation: branch integer instead of string", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/upload requestBody.branch", + "rationale": "field \"branch\" mutated with integer instead of string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: branch → integer instead of string", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": 12345, + "commitSha": "heavily", + "service": "sufficient", + "specContent": "ours" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.932495+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-75d60dab", + "title": "POST /api/upload - mutation: branch oversized string (300 chars)", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/upload requestBody.branch", + "rationale": "field \"branch\" mutated with oversized string (300 chars); API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: branch → oversized string (300 chars)", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "commitSha": "heavily", + "service": "sufficient", + "specContent": "ours" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.932498+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-0c1c92bd", + "title": "POST /api/upload - mutation: commitSha null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/upload requestBody.commitSha", + "rationale": "field \"commitSha\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: commitSha → null value", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "instance", + "commitSha": null, + "service": "sufficient", + "specContent": "ours" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.932504+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f30e852c", + "title": "POST /api/upload - mutation: commitSha empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/upload requestBody.commitSha", + "rationale": "field \"commitSha\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: commitSha → empty string", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "instance", + "commitSha": "", + "service": "sufficient", + "specContent": "ours" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.932506+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b1212f34", + "title": "POST /api/upload - mutation: commitSha integer instead of string", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/upload requestBody.commitSha", + "rationale": "field \"commitSha\" mutated with integer instead of string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: commitSha → integer instead of string", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "instance", + "commitSha": 12345, + "service": "sufficient", + "specContent": "ours" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.932508+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-fdaf954a", + "title": "POST /api/upload - mutation: commitSha oversized string (300 chars)", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/upload requestBody.commitSha", + "rationale": "field \"commitSha\" mutated with oversized string (300 chars); API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: commitSha → oversized string (300 chars)", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "instance", + "commitSha": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "service": "sufficient", + "specContent": "ours" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.932509+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7805eead", + "title": "POST /api/upload - mutation: service null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/upload requestBody.service", + "rationale": "field \"service\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: service → null value", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "instance", + "commitSha": "heavily", + "service": null, + "specContent": "ours" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.932511+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6f0a4261", + "title": "POST /api/upload - mutation: service empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "mutation", + "spec_path": "POST /api/upload requestBody.service", + "rationale": "field \"service\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: service → empty string", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "instance", + "commitSha": "heavily", + "service": "", + "specContent": "ours" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.932512+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-fef2ed50", + "title": "POST /api/upload - null injection: specContent", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/upload requestBody.properties.specContent", + "rationale": "field \"specContent\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: specContent", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "rather", + "commitSha": "troop", + "service": "we", + "specContent": null + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.932957+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5151a7d3", + "title": "POST /api/upload - null injection: branch", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/upload requestBody.properties.branch", + "rationale": "field \"branch\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: branch", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": null, + "commitSha": "troop", + "service": "we", + "specContent": "usually" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.932959+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e9eaa8fd", + "title": "POST /api/upload - null injection: commitSha", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/upload requestBody.properties.commitSha", + "rationale": "field \"commitSha\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: commitSha", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "rather", + "commitSha": null, + "service": "we", + "specContent": "usually" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.932961+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b8cf0920", + "title": "POST /api/upload - null injection: service", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/upload requestBody.properties.service", + "rationale": "field \"service\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: service", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "rather", + "commitSha": "troop", + "service": null, + "specContent": "usually" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.932963+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-863dd501", + "title": "POST /api/upload - wrong content-type (text/plain)", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "POST /api/upload requestBody", + "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", + "scenario": "WRONG_CONTENT_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "wrong content-type (text/plain)", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "text/plain" + }, + "body": { + "branch": "rather", + "commitSha": "troop", + "service": "we", + "specContent": "usually" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 415 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.932964+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6a08feec", + "title": "POST /api/upload - [type_coercion] branch wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/upload requestBody.properties.branch", + "rationale": "field \"branch\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] branch wrong_type_integer", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": 123, + "commitSha": "throw", + "service": "the", + "specContent": "you" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933184+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e00401a8", + "title": "POST /api/upload - [type_coercion] branch wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/upload requestBody.properties.branch", + "rationale": "field \"branch\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] branch wrong_type_boolean", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": true, + "commitSha": "throw", + "service": "the", + "specContent": "you" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933186+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b806224f", + "title": "POST /api/upload - [type_coercion] commitSha wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/upload requestBody.properties.commitSha", + "rationale": "field \"commitSha\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] commitSha wrong_type_integer", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "point", + "commitSha": 123, + "service": "the", + "specContent": "you" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933187+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-16cf9e5b", + "title": "POST /api/upload - [type_coercion] commitSha wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/upload requestBody.properties.commitSha", + "rationale": "field \"commitSha\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] commitSha wrong_type_boolean", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "point", + "commitSha": true, + "service": "the", + "specContent": "you" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933189+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-07462c7f", + "title": "POST /api/upload - [type_coercion] service wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/upload requestBody.properties.service", + "rationale": "field \"service\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] service wrong_type_integer", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "point", + "commitSha": "throw", + "service": 123, + "specContent": "you" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.93319+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-240bdc53", + "title": "POST /api/upload - [type_coercion] service wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/upload requestBody.properties.service", + "rationale": "field \"service\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] service wrong_type_boolean", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "point", + "commitSha": "throw", + "service": true, + "specContent": "you" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933192+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-bbde20a6", + "title": "POST /api/upload - [type_coercion] specContent wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/upload requestBody.properties.specContent", + "rationale": "field \"specContent\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] specContent wrong_type_integer", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "point", + "commitSha": "throw", + "service": "the", + "specContent": 123 + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933194+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4a28e8ae", + "title": "POST /api/upload - [type_coercion] specContent wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "type_coercion", + "spec_path": "POST /api/upload requestBody.properties.specContent", + "rationale": "field \"specContent\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] specContent wrong_type_boolean", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "point", + "commitSha": "throw", + "service": "the", + "specContent": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933195+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-eb8a46bc", + "title": "POST /api/upload - [unicode_fuzzing] branch control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Upload" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/upload requestBody.properties.branch", + "rationale": "field \"branch\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] branch control_char", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "hello\u0000world", + "commitSha": "herself", + "service": "consequently", + "specContent": "neither" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933552+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d4d96d5e", + "title": "POST /api/upload - [unicode_fuzzing] branch zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Upload" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/upload requestBody.properties.branch", + "rationale": "field \"branch\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] branch zero_width", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "​hello", + "commitSha": "herself", + "service": "consequently", + "specContent": "neither" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933554+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-09b46ba6", + "title": "POST /api/upload - [unicode_fuzzing] branch bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Upload" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/upload requestBody.properties.branch", + "rationale": "field \"branch\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] branch bidi_override", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "‮hello", + "commitSha": "herself", + "service": "consequently", + "specContent": "neither" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933556+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8ecf3f52", + "title": "POST /api/upload - [unicode_fuzzing] branch overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Upload" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/upload requestBody.properties.branch", + "rationale": "field \"branch\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] branch overlong", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "commitSha": "herself", + "service": "consequently", + "specContent": "neither" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933557+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3c16d4b3", + "title": "POST /api/upload - [unicode_fuzzing] branch zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Upload" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/upload requestBody.properties.branch", + "rationale": "field \"branch\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] branch zalgo", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "z̀́̂̃̄̅̆̇a", + "commitSha": "herself", + "service": "consequently", + "specContent": "neither" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933559+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1e3b28af", + "title": "POST /api/upload - [unicode_fuzzing] commitSha control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Upload" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/upload requestBody.properties.commitSha", + "rationale": "field \"commitSha\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] commitSha control_char", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "honestly", + "commitSha": "hello\u0000world", + "service": "consequently", + "specContent": "neither" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933566+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e4c96b76", + "title": "POST /api/upload - [unicode_fuzzing] commitSha zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Upload" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/upload requestBody.properties.commitSha", + "rationale": "field \"commitSha\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] commitSha zero_width", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "honestly", + "commitSha": "​hello", + "service": "consequently", + "specContent": "neither" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933568+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-471fcaef", + "title": "POST /api/upload - [unicode_fuzzing] commitSha bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Upload" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/upload requestBody.properties.commitSha", + "rationale": "field \"commitSha\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] commitSha bidi_override", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "honestly", + "commitSha": "‮hello", + "service": "consequently", + "specContent": "neither" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.93357+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d3d69da1", + "title": "POST /api/upload - [unicode_fuzzing] commitSha overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Upload" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/upload requestBody.properties.commitSha", + "rationale": "field \"commitSha\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] commitSha overlong", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "honestly", + "commitSha": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "service": "consequently", + "specContent": "neither" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933572+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f298d13c", + "title": "POST /api/upload - [unicode_fuzzing] commitSha zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Upload" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/upload requestBody.properties.commitSha", + "rationale": "field \"commitSha\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] commitSha zalgo", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "honestly", + "commitSha": "z̀́̂̃̄̅̆̇a", + "service": "consequently", + "specContent": "neither" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933574+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-76fd376c", + "title": "POST /api/upload - [unicode_fuzzing] service control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Upload" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/upload requestBody.properties.service", + "rationale": "field \"service\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] service control_char", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "honestly", + "commitSha": "herself", + "service": "hello\u0000world", + "specContent": "neither" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933577+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f8f99bf7", + "title": "POST /api/upload - [unicode_fuzzing] service zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Upload" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/upload requestBody.properties.service", + "rationale": "field \"service\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] service zero_width", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "honestly", + "commitSha": "herself", + "service": "​hello", + "specContent": "neither" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933578+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-71d03103", + "title": "POST /api/upload - [unicode_fuzzing] service bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Upload" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/upload requestBody.properties.service", + "rationale": "field \"service\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] service bidi_override", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "honestly", + "commitSha": "herself", + "service": "‮hello", + "specContent": "neither" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.93358+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4e0cc0d2", + "title": "POST /api/upload - [unicode_fuzzing] service overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Upload" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/upload requestBody.properties.service", + "rationale": "field \"service\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] service overlong", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "honestly", + "commitSha": "herself", + "service": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "specContent": "neither" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933582+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7d8cc30e", + "title": "POST /api/upload - [unicode_fuzzing] service zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Upload" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/upload requestBody.properties.service", + "rationale": "field \"service\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] service zalgo", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "honestly", + "commitSha": "herself", + "service": "z̀́̂̃̄̅̆̇a", + "specContent": "neither" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933583+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7ff8ca85", + "title": "POST /api/upload - [unicode_fuzzing] specContent control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Upload" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/upload requestBody.properties.specContent", + "rationale": "field \"specContent\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] specContent control_char", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "honestly", + "commitSha": "herself", + "service": "consequently", + "specContent": "hello\u0000world" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933585+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7ac120c3", + "title": "POST /api/upload - [unicode_fuzzing] specContent zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Upload" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/upload requestBody.properties.specContent", + "rationale": "field \"specContent\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] specContent zero_width", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "honestly", + "commitSha": "herself", + "service": "consequently", + "specContent": "​hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933587+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-131ad5f4", + "title": "POST /api/upload - [unicode_fuzzing] specContent bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Upload" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/upload requestBody.properties.specContent", + "rationale": "field \"specContent\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] specContent bidi_override", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "honestly", + "commitSha": "herself", + "service": "consequently", + "specContent": "‮hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933588+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-40f1423f", + "title": "POST /api/upload - [unicode_fuzzing] specContent overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Upload" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/upload requestBody.properties.specContent", + "rationale": "field \"specContent\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] specContent overlong", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "honestly", + "commitSha": "herself", + "service": "consequently", + "specContent": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.93359+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6b2db722", + "title": "POST /api/upload - [unicode_fuzzing] specContent zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Upload" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "POST /api/upload requestBody.properties.specContent", + "rationale": "field \"specContent\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] specContent zalgo", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "honestly", + "commitSha": "herself", + "service": "consequently", + "specContent": "z̀́̂̃̄̅̆̇a" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.933592+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-eb8249c9", + "title": "POST /api/upload - [mass_assignment] privilege probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/upload requestBody", + "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_PRIVILEGE" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] privilege probe", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "admin": true, + "branch": "oops", + "commitSha": "mustering", + "isAdmin": true, + "is_admin": true, + "role": "__probe__", + "service": "I", + "specContent": "cut" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.934495+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-0310fa1a", + "title": "POST /api/upload - [mass_assignment] status probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/upload requestBody", + "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_STATUS" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] status probe", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "approved": true, + "banned": false, + "branch": "oops", + "commitSha": "mustering", + "disabled": false, + "service": "I", + "specContent": "cut", + "verified": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.934497+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-9794cdb0", + "title": "POST /api/upload - [mass_assignment] financial probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/upload requestBody", + "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_FINANCIAL" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] financial probe", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "balance": 1, + "branch": "oops", + "commitSha": "mustering", + "credits": 1, + "discount": 0, + "price": 1, + "service": "I", + "specContent": "cut" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.934498+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-398f4294", + "title": "POST /api/upload - [mass_assignment] identity probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "POST /api/upload requestBody", + "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_IDENTITY" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] identity probe", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "oops", + "commitSha": "mustering", + "createdBy": "__probe__", + "ownerId": "__probe__", + "service": "I", + "specContent": "cut", + "userId": "__probe__", + "user_id": "__probe__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.9345+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b8ed4386", + "title": "POST /api/upload - [field_boundary] branch valid_min", + "kind": "single", + "priority": "P1", + "tags": [ + "Upload" + ], + "source": { + "technique": "field_boundary", + "spec_path": "POST /api/upload requestBody.branch", + "rationale": "field \"branch\" boundary test: valid_min", + "scenario": "FIELD_BOUNDARY_VALID" + }, + "steps": [ + { + "id": "step-main", + "title": "[field_boundary] branch valid_min", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "a", + "commitSha": "girl", + "service": "those", + "specContent": "many" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 200 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.934674+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e5764a68", + "title": "POST /api/upload - [field_boundary] branch invalid_below_min", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "field_boundary", + "spec_path": "POST /api/upload requestBody.branch", + "rationale": "field \"branch\" boundary test: invalid_below_min", + "scenario": "FIELD_BOUNDARY_INVALID" + }, + "steps": [ + { + "id": "step-main", + "title": "[field_boundary] branch invalid_below_min", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "", + "commitSha": "about", + "service": "scold", + "specContent": "muster" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.934678+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-db5c5368", + "title": "POST /api/upload - [field_boundary] service valid_min", + "kind": "single", + "priority": "P1", + "tags": [ + "Upload" + ], + "source": { + "technique": "field_boundary", + "spec_path": "POST /api/upload requestBody.service", + "rationale": "field \"service\" boundary test: valid_min", + "scenario": "FIELD_BOUNDARY_VALID" + }, + "steps": [ + { + "id": "step-main", + "title": "[field_boundary] service valid_min", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "it", + "commitSha": "why", + "service": "a", + "specContent": "all" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 200 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.934682+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a957f4b8", + "title": "POST /api/upload - [field_boundary] service invalid_below_min", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "field_boundary", + "spec_path": "POST /api/upload requestBody.service", + "rationale": "field \"service\" boundary test: invalid_below_min", + "scenario": "FIELD_BOUNDARY_INVALID" + }, + "steps": [ + { + "id": "step-main", + "title": "[field_boundary] service invalid_below_min", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "next", + "commitSha": "none", + "service": "", + "specContent": "through" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.934685+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-82713518", + "title": "POST /api/upload - [field_boundary] specContent valid_min", + "kind": "single", + "priority": "P1", + "tags": [ + "Upload" + ], + "source": { + "technique": "field_boundary", + "spec_path": "POST /api/upload requestBody.specContent", + "rationale": "field \"specContent\" boundary test: valid_min", + "scenario": "FIELD_BOUNDARY_VALID" + }, + "steps": [ + { + "id": "step-main", + "title": "[field_boundary] specContent valid_min", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "drink", + "commitSha": "his", + "service": "few", + "specContent": "a" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 200 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.934691+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ac1b6e26", + "title": "POST /api/upload - [field_boundary] specContent invalid_below_min", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "field_boundary", + "spec_path": "POST /api/upload requestBody.specContent", + "rationale": "field \"specContent\" boundary test: invalid_below_min", + "scenario": "FIELD_BOUNDARY_INVALID" + }, + "steps": [ + { + "id": "step-main", + "title": "[field_boundary] specContent invalid_below_min", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "whom", + "commitSha": "to", + "service": "constantly", + "specContent": "" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.934695+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-893f33e4", + "title": "POST /api/upload - [required_omission] branch absent", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "required_omission", + "spec_path": "POST /api/upload requestBody.branch", + "rationale": "required field \"branch\" omitted entirely (not null) — server must reject with 4xx", + "scenario": "REQUIRED_OMISSION" + }, + "steps": [ + { + "id": "step-main", + "title": "[required_omission] branch absent", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "commitSha": "where", + "service": "though", + "specContent": "wisp" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.934942+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f4726c9d", + "title": "POST /api/upload - [required_omission] service absent", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "required_omission", + "spec_path": "POST /api/upload requestBody.service", + "rationale": "required field \"service\" omitted entirely (not null) — server must reject with 4xx", + "scenario": "REQUIRED_OMISSION" + }, + "steps": [ + { + "id": "step-main", + "title": "[required_omission] service absent", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "whenever", + "commitSha": "himself", + "specContent": "did" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.934947+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-196e600f", + "title": "POST /api/upload - [required_omission] specContent absent", + "kind": "single", + "priority": "P2", + "tags": [ + "Upload" + ], + "source": { + "technique": "required_omission", + "spec_path": "POST /api/upload requestBody.specContent", + "rationale": "required field \"specContent\" omitted entirely (not null) — server must reject with 4xx", + "scenario": "REQUIRED_OMISSION" + }, + "steps": [ + { + "id": "step-main", + "title": "[required_omission] specContent absent", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "now", + "commitSha": "occasionally", + "service": "might" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.934951+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8384ae85", + "title": "DELETE /api/admin/teams/{id}/members/{userId} - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "DELETE /api/admin/teams/{id}/members/{userId}", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "DELETE", + "path": "/api/admin/teams/{id}/members/{userId}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.ok", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.935163+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e8a5f757", + "title": "DELETE /api/admin/teams/{id}/members/{userId} - idempotent: second call must be safe", + "kind": "chain", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "idempotency", + "spec_path": "DELETE /api/admin/teams/{id}/members/{userId}", + "rationale": "DELETE is a write operation; test that repeat calls are safe" + }, + "steps": [ + { + "id": "step-setup", + "title": "DELETE /api/admin/teams/{id}/members/{userId} — first call", + "type": "setup", + "method": "DELETE", + "path": "/api/admin/teams/{id}/members/{userId}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + }, + { + "id": "step-test", + "title": "DELETE /api/admin/teams/{id}/members/{userId} — identical second call must be safe", + "type": "test", + "method": "DELETE", + "path": "/api/admin/teams/{id}/members/{userId}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "labels": { + "type": "idempotency" + }, + "generated_at": "2026-05-06T21:30:41.935217+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-042e8f38", + "title": "[OWASP-API1] DELETE /api/admin/teams/{id}/members/{userId} — BOLA unauthorized access", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api1-bola" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/teams/{id}/members/{userId}", + "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access other user's resource", + "type": "test", + "method": "DELETE", + "path": "/api/admin/teams/{{other_resource_id}}/members/{userId}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.935267+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-46113a78", + "title": "[OWASP-API2] DELETE /api/admin/teams/{id}/members/{userId} — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/teams/{id}/members/{userId}", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "DELETE", + "path": "/api/admin/teams/{id}/members/{userId}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.935268+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a4c3899a", + "title": "[OWASP-API7] DELETE /api/admin/teams/{id}/members/{userId} — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/teams/{id}/members/{userId}", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "DELETE", + "path": "/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/members/{userId}", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.935271+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-0cf3a030", + "title": "[OWASP-API7] DELETE /api/admin/teams/{id}/members/{userId} — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/teams/{id}/members/{userId}", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "DELETE", + "path": "/api/admin/teams/%27%20OR%201=1--/members/{userId}", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.935273+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-511147be", + "title": "[OWASP-API7] DELETE /api/admin/teams/{id}/members/{userId} — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/teams/{id}/members/{userId}", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "DELETE", + "path": "/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/members/{userId}", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.935275+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4661322e", + "title": "DELETE /api/admin/teams/{id}/members/{userId} - missing required param \"id\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "DELETE /api/admin/teams/{id}/members/{userId} parameters.id", + "rationale": "isolated failure: required param \"id\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"id\"", + "type": "test", + "method": "DELETE", + "path": "/api/admin/teams/1/members/1", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.935489+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-636a79c8", + "title": "DELETE /api/admin/teams/{id}/members/{userId} - missing required param \"userId\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "DELETE /api/admin/teams/{id}/members/{userId} parameters.userId", + "rationale": "isolated failure: required param \"userId\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"userId\"", + "type": "test", + "method": "DELETE", + "path": "/api/admin/teams/1/members/1", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.935492+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c4642225", + "title": "DELETE /api/admin/teams/{id}/members/{userId} - IDOR id=99999 (alt_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "DELETE /api/admin/teams/{id}/members/{userId} parameters.id", + "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=99999 (alt_id)", + "type": "test", + "method": "DELETE", + "path": "/api/admin/teams/99999/members/1", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.935579+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-eb538efa", + "title": "DELETE /api/admin/teams/{id}/members/{userId} - IDOR id=0 (zero_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "DELETE /api/admin/teams/{id}/members/{userId} parameters.id", + "rationale": "IDOR probe: substituting id=0 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=0 (zero_id)", + "type": "test", + "method": "DELETE", + "path": "/api/admin/teams/0/members/1", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.935581+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b950209e", + "title": "PUT /api/admin/teams/{id}/members/{userId} - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId}", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "member" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.ok", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.935774+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-02cdac38", + "title": "PUT /api/admin/teams/{id}/members/{userId} - missing required field \"role\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", + "rationale": "invalid equivalence class: required field \"role\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"role\"", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": {}, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.935779+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7fb55548", + "title": "PUT /api/admin/teams/{id}/members/{userId} - idempotent: second call must be safe", + "kind": "chain", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "idempotency", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId}", + "rationale": "PUT is a write operation; test that repeat calls are safe" + }, + "steps": [ + { + "id": "step-setup", + "title": "PUT /api/admin/teams/{id}/members/{userId} — first call", + "type": "setup", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "owner" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + }, + { + "id": "step-test", + "title": "PUT /api/admin/teams/{id}/members/{userId} — identical second call must be safe", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "owner" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "labels": { + "type": "idempotency" + }, + "generated_at": "2026-05-06T21:30:41.935883+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-37084d5c", + "title": "[OWASP-API1] PUT /api/admin/teams/{id}/members/{userId} — BOLA unauthorized access", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api1-bola" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId}", + "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access other user's resource", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{{other_resource_id}}/members/{userId}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.935928+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-19b34217", + "title": "[OWASP-API2] PUT /api/admin/teams/{id}/members/{userId} — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId}", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.935929+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4c06b345", + "title": "[OWASP-API3] PUT /api/admin/teams/{id}/members/{userId} — BOPLA property-level access", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api3-bopla" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId}", + "rationale": "PATCH/PUT with injected privileged fields; those fields must not be modified or reflected in the response" + }, + "steps": [ + { + "id": "step-1", + "title": "inject privileged fields in body", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "is_admin": true, + "role": "admin" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "jsonpath $.is_admin", + "operator": "ne", + "expected": true + }, + { + "target": "jsonpath $.role", + "operator": "ne", + "expected": "admin" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.935932+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ffe14e02", + "title": "[OWASP-API6] PUT /api/admin/teams/{id}/members/{userId} — mass assignment", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api6-mass-assignment" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId}", + "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" + }, + "steps": [ + { + "id": "step-1", + "title": "inject read-only fields in body", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "createdAt": "2000-01-01T00:00:00Z", + "id": 99999, + "role": "member", + "updatedAt": "2000-01-01T00:00:00Z" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "jsonpath $.id", + "operator": "ne", + "expected": 99999 + }, + { + "target": "jsonpath $.createdAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + }, + { + "target": "jsonpath $.updatedAt", + "operator": "ne", + "expected": "2000-01-01T00:00:00Z" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.935935+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d065e277", + "title": "[OWASP-API7] PUT /api/admin/teams/{id}/members/{userId} — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId}", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/members/{userId}", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.935936+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-16482ca3", + "title": "[OWASP-API7] PUT /api/admin/teams/{id}/members/{userId} — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId}", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/%27%20OR%201=1--/members/{userId}", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.935938+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-df6e5f44", + "title": "[OWASP-API7] PUT /api/admin/teams/{id}/members/{userId} — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId}", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/members/{userId}", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.93594+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7f67bdd2", + "title": "PUT /api/admin/teams/{id}/members/{userId} - missing required field \"role\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", + "rationale": "isolated failure: only \"role\" is absent; all other fields valid", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required field \"role\"", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": {}, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.936246+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1385a015", + "title": "PUT /api/admin/teams/{id}/members/{userId} - invalid role: value not in enum", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", + "rationale": "isolated failure: only \"role\" is invalid (value not in enum); all other fields valid", + "scenario": "ENUM_INVALID" + }, + "steps": [ + { + "id": "step-main", + "title": "invalid role: value not in enum", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "__invalid_enum__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.936248+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c90499c8", + "title": "PUT /api/admin/teams/{id}/members/{userId} - missing required param \"id\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} parameters.id", + "rationale": "isolated failure: required param \"id\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"id\"", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/1/members/1", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.93625+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a0b457a0", + "title": "PUT /api/admin/teams/{id}/members/{userId} - missing required param \"userId\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} parameters.userId", + "rationale": "isolated failure: required param \"userId\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"userId\"", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/1/members/1", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.936253+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e51f7c6d", + "title": "PUT /api/admin/teams/{id}/members/{userId} - [schema_violation] role_missing_required", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "schema_violation", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", + "rationale": "required field \"role\" is absent" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] role_missing_required", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": {}, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.936433+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-128b22a3", + "title": "PUT /api/admin/teams/{id}/members/{userId} - [schema_violation] role_invalid_enum", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "schema_violation", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", + "rationale": "role=\"__invalid__\" is not in enum [owner member]" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] role_invalid_enum", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "__invalid__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.936435+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8380cf38", + "title": "PUT /api/admin/teams/{id}/members/{userId} - mutation: role null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.role", + "rationale": "field \"role\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: role → null value", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": null + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.936516+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-9334c130", + "title": "PUT /api/admin/teams/{id}/members/{userId} - mutation: role empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.role", + "rationale": "field \"role\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: role → empty string", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.936518+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c930d5b2", + "title": "PUT /api/admin/teams/{id}/members/{userId} - mutation: role integer instead of string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.role", + "rationale": "field \"role\" mutated with integer instead of string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: role → integer instead of string", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": 12345 + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.936519+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c4c6cb7f", + "title": "PUT /api/admin/teams/{id}/members/{userId} - mutation: role oversized string (300 chars)", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.role", + "rationale": "field \"role\" mutated with oversized string (300 chars); API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: role → oversized string (300 chars)", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.936521+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-92d17333", + "title": "PUT /api/admin/teams/{id}/members/{userId} - null injection: role", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", + "rationale": "field \"role\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: role", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": null + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.936694+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-55f30d0f", + "title": "PUT /api/admin/teams/{id}/members/{userId} - wrong content-type (text/plain)", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody", + "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", + "scenario": "WRONG_CONTENT_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "wrong content-type (text/plain)", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "text/plain" + }, + "body": { + "role": "member" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 415 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.936699+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-23b49146", + "title": "PUT /api/admin/teams/{id}/members/{userId} - [type_coercion] role wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", + "rationale": "field \"role\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] role wrong_type_integer", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": 123 + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.936788+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c33ffd8f", + "title": "PUT /api/admin/teams/{id}/members/{userId} - [type_coercion] role wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", + "rationale": "field \"role\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] role wrong_type_boolean", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.936791+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a8d734a8", + "title": "PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", + "rationale": "field \"role\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] role control_char", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "hello\u0000world" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.936874+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2815807e", + "title": "PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", + "rationale": "field \"role\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] role zero_width", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "​hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.936876+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-0b0faf09", + "title": "PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", + "rationale": "field \"role\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] role bidi_override", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "‮hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.936878+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1e651ae0", + "title": "PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", + "rationale": "field \"role\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] role overlong", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.936879+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f7cf562e", + "title": "PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", + "rationale": "field \"role\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] role zalgo", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "z̀́̂̃̄̅̆̇a" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.936881+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-830ae193", + "title": "PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] privilege probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody", + "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_PRIVILEGE" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] privilege probe", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "admin": true, + "isAdmin": true, + "is_admin": true, + "role": "__probe__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.937097+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-08a1d397", + "title": "PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] status probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody", + "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_STATUS" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] status probe", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "approved": true, + "banned": false, + "disabled": false, + "role": "member", + "verified": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.937098+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e346a0c6", + "title": "PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] financial probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody", + "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_FINANCIAL" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] financial probe", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "balance": 1, + "credits": 1, + "discount": 0, + "price": 1, + "role": "member" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.9371+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c5b345ac", + "title": "PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] identity probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody", + "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_IDENTITY" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] identity probe", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "createdBy": "__probe__", + "ownerId": "__probe__", + "role": "member", + "userId": "__probe__", + "user_id": "__probe__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.937101+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5ee92e8d", + "title": "PUT /api/admin/teams/{id}/members/{userId} - IDOR id=99999 (alt_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} parameters.id", + "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=99999 (alt_id)", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/99999/members/1", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.937459+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3ecaa43f", + "title": "PUT /api/admin/teams/{id}/members/{userId} - IDOR id=0 (zero_id)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} parameters.id", + "rationale": "IDOR probe: substituting id=0 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=0 (zero_id)", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/0/members/1", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.937465+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b8039024", + "title": "PUT /api/admin/teams/{id}/members/{userId} - [required_omission] role absent", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "required_omission", + "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.role", + "rationale": "required field \"role\" omitted entirely (not null) — server must reject with 4xx", + "scenario": "REQUIRED_OMISSION" + }, + "steps": [ + { + "id": "step-main", + "title": "[required_omission] role absent", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Content-Type": "application/json" + }, + "body": {}, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.937606+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f50edea5", + "title": "DELETE /api/admin/webhooks/:id - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "DELETE /api/admin/webhooks/:id", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "DELETE", + "path": "/api/admin/webhooks/:id", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 204 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.937922+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-854a404a", + "title": "DELETE /api/admin/webhooks/:id - idempotent: second call must be safe", + "kind": "chain", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "idempotency", + "spec_path": "DELETE /api/admin/webhooks/:id", + "rationale": "DELETE is a write operation; test that repeat calls are safe" + }, + "steps": [ + { + "id": "step-setup", + "title": "DELETE /api/admin/webhooks/:id — first call", + "type": "setup", + "method": "DELETE", + "path": "/api/admin/webhooks/:id", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 204 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + }, + { + "id": "step-test", + "title": "DELETE /api/admin/webhooks/:id — identical second call must be safe", + "type": "test", + "method": "DELETE", + "path": "/api/admin/webhooks/:id", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 204 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "labels": { + "type": "idempotency" + }, + "generated_at": "2026-05-06T21:30:41.937995+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-23cf0c86", + "title": "[OWASP-API2] DELETE /api/admin/webhooks/:id — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/webhooks/:id", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "DELETE", + "path": "/api/admin/webhooks/:id", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938038+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-06da467b", + "title": "[OWASP-API7] DELETE /api/admin/webhooks/:id — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/webhooks/:id", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "DELETE", + "path": "/api/admin/webhooks/:id", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938041+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7e499729", + "title": "[OWASP-API7] DELETE /api/admin/webhooks/:id — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/webhooks/:id", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "DELETE", + "path": "/api/admin/webhooks/:id", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938042+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-bdc77229", + "title": "[OWASP-API7] DELETE /api/admin/webhooks/:id — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "DELETE /api/admin/webhooks/:id", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "DELETE", + "path": "/api/admin/webhooks/:id", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938044+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-25ba00ae", + "title": "DELETE /api/admin/webhooks/:id - missing required param \"id\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "DELETE /api/admin/webhooks/:id parameters.id", + "rationale": "isolated failure: required param \"id\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"id\"", + "type": "test", + "method": "DELETE", + "path": "/api/admin/webhooks/:id", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938222+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-101b67d9", + "title": "DELETE /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "DELETE /api/admin/webhooks/:id parameters.id", + "rationale": "IDOR probe: substituting id=00000000-0000-0000-0000-000000000001 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid)", + "type": "test", + "method": "DELETE", + "path": "/api/admin/webhooks/:id", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938266+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2c9e3616", + "title": "DELETE /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "DELETE /api/admin/webhooks/:id parameters.id", + "rationale": "IDOR probe: substituting id=00000000-0000-0000-0000-000000000000 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid)", + "type": "test", + "method": "DELETE", + "path": "/api/admin/webhooks/:id", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938267+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-415f32a9", + "title": "PATCH /api/admin/webhooks/:id - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "PATCH /api/admin/webhooks/:id", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "none" + ], + "isActive": true, + "name": "Dolly Richards", + "url": "http://www.futuredeliver.org/dynamic" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.createdAt", + "operator": "exists" + }, + { + "target": "body.providerType", + "operator": "exists" + }, + { + "target": "body.createdBy", + "operator": "exists" + }, + { + "target": "body.url", + "operator": "exists" + }, + { + "target": "body.name", + "operator": "exists" + }, + { + "target": "body.teamId", + "operator": "exists" + }, + { + "target": "body.id", + "operator": "exists" + }, + { + "target": "body.events", + "operator": "exists" + }, + { + "target": "body.isActive", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938438+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3a1afdb6", + "title": "[OWASP-API2] PATCH /api/admin/webhooks/:id — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PATCH /api/admin/webhooks/:id", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938493+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d7a97bb7", + "title": "[OWASP-API3] PATCH /api/admin/webhooks/:id — BOPLA property-level access", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api3-bopla" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PATCH /api/admin/webhooks/:id", + "rationale": "PATCH/PUT with injected privileged fields; those fields must not be modified or reflected in the response" + }, + "steps": [ + { + "id": "step-1", + "title": "inject privileged fields in body", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "leap" + ], + "isActive": true, + "is_admin": true, + "name": "Lacy Mccarthy", + "role": "admin", + "url": "http://www.mainrobust.net/user-centric/empower" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "jsonpath $.is_admin", + "operator": "ne", + "expected": true + }, + { + "target": "jsonpath $.role", + "operator": "ne", + "expected": "admin" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938498+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e86a894c", + "title": "[OWASP-API7] PATCH /api/admin/webhooks/:id — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PATCH /api/admin/webhooks/:id", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.9385+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e249a62c", + "title": "[OWASP-API7] PATCH /api/admin/webhooks/:id — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PATCH /api/admin/webhooks/:id", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938501+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b84f711a", + "title": "[OWASP-API7] PATCH /api/admin/webhooks/:id — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PATCH /api/admin/webhooks/:id", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938503+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-432c0bdd", + "title": "[OWASP-API10] PATCH /api/admin/webhooks/:id — SSRF", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api10-ssrf" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "PATCH /api/admin/webhooks/:id", + "rationale": "Inject internal URL http://127.0.0.1; server must validate and reject (400)" + }, + "steps": [ + { + "id": "step-1", + "title": "inject internal URL for SSRF", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "url": "http://127.0.0.1" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938505+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-fbeea8b1", + "title": "PATCH /api/admin/webhooks/:id - invalid isActive: wrong type (string for boolean)", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.isActive", + "rationale": "isolated failure: only \"isActive\" is invalid (wrong type (string for boolean)); all other fields valid", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "invalid isActive: wrong type (string for boolean)", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "regularly" + ], + "isActive": "not_a_boolean", + "name": "Halle Lewis", + "url": "http://www.technicalschemas.com/web-enabled" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938766+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8a80112e", + "title": "PATCH /api/admin/webhooks/:id - missing required param \"id\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "PATCH /api/admin/webhooks/:id parameters.id", + "rationale": "isolated failure: required param \"id\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"id\"", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938768+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a0047765", + "title": "PATCH /api/admin/webhooks/:id - [schema_violation] isActive_wrong_type", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "schema_violation", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.isActive", + "rationale": "isActive is boolean but received a string" + }, + "steps": [ + { + "id": "step-main", + "title": "[schema_violation] isActive_wrong_type", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "whatever" + ], + "isActive": "not_a_boolean", + "name": "Alexander Gordon", + "url": "https://www.grouptechnologies.net/deliverables/web-enabled/generate/e-enable" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.93885+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2d09c873", + "title": "PATCH /api/admin/webhooks/:id - mutation: events null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.events", + "rationale": "field \"events\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: events → null value", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": null, + "isActive": false, + "name": "Kristin Burton", + "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.93889+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-9439ce9e", + "title": "PATCH /api/admin/webhooks/:id - mutation: events string instead of array", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.events", + "rationale": "field \"events\" mutated with string instead of array; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: events → string instead of array", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": "not-an-array", + "isActive": false, + "name": "Kristin Burton", + "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938892+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-309789e7", + "title": "PATCH /api/admin/webhooks/:id - mutation: events object instead of array", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.events", + "rationale": "field \"events\" mutated with object instead of array; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: events → object instead of array", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": {}, + "isActive": false, + "name": "Kristin Burton", + "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938894+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c42eb537", + "title": "PATCH /api/admin/webhooks/:id - mutation: isActive null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.isActive", + "rationale": "field \"isActive\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: isActive → null value", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "might" + ], + "isActive": null, + "name": "Kristin Burton", + "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938896+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-be6cb74f", + "title": "PATCH /api/admin/webhooks/:id - mutation: isActive string instead of boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.isActive", + "rationale": "field \"isActive\" mutated with string instead of boolean; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: isActive → string instead of boolean", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "might" + ], + "isActive": "yes", + "name": "Kristin Burton", + "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938897+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-161755de", + "title": "PATCH /api/admin/webhooks/:id - mutation: isActive integer instead of boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.isActive", + "rationale": "field \"isActive\" mutated with integer instead of boolean; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: isActive → integer instead of boolean", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "might" + ], + "isActive": 1, + "name": "Kristin Burton", + "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938899+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-07005fc1", + "title": "PATCH /api/admin/webhooks/:id - mutation: name null value", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.name", + "rationale": "field \"name\" mutated with null value; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: name → null value", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "might" + ], + "isActive": false, + "name": null, + "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938901+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-48b3b8ee", + "title": "PATCH /api/admin/webhooks/:id - mutation: name empty string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.name", + "rationale": "field \"name\" mutated with empty string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: name → empty string", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "might" + ], + "isActive": false, + "name": "", + "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938903+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ec8ffbaa", + "title": "PATCH /api/admin/webhooks/:id - mutation: name integer instead of string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.name", + "rationale": "field \"name\" mutated with integer instead of string; API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: name → integer instead of string", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "might" + ], + "isActive": false, + "name": 12345, + "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938904+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-bc9e284b", + "title": "PATCH /api/admin/webhooks/:id - mutation: name oversized string (300 chars)", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mutation", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.name", + "rationale": "field \"name\" mutated with oversized string (300 chars); API must reject with 4xx" + }, + "steps": [ + { + "id": "step-main", + "title": "mutation: name → oversized string (300 chars)", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "might" + ], + "isActive": false, + "name": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", + "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" + }, + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.938906+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6597f138", + "title": "PATCH /api/admin/webhooks/:id - null injection: url", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.url", + "rationale": "field \"url\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: url", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "aloof" + ], + "isActive": true, + "name": "Opal Deckow", + "url": null + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.939344+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e5f0413f", + "title": "PATCH /api/admin/webhooks/:id - null injection: events", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.events", + "rationale": "field \"events\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: events", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": null, + "isActive": true, + "name": "Opal Deckow", + "url": "http://www.dynamicmarkets.net/vertical" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.939345+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f681cd0b", + "title": "PATCH /api/admin/webhooks/:id - null injection: isActive", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.isActive", + "rationale": "field \"isActive\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: isActive", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "aloof" + ], + "isActive": null, + "name": "Opal Deckow", + "url": "http://www.dynamicmarkets.net/vertical" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.939347+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-abff0001", + "title": "PATCH /api/admin/webhooks/:id - null injection: name", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.name", + "rationale": "field \"name\" is non-nullable but receives null — server must reject with 422", + "scenario": "NULL_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "null injection: name", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "aloof" + ], + "isActive": true, + "name": null, + "url": "http://www.dynamicmarkets.net/vertical" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.939349+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-94225ad6", + "title": "PATCH /api/admin/webhooks/:id - wrong content-type (text/plain)", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "constraint_mutation", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody", + "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", + "scenario": "WRONG_CONTENT_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "wrong content-type (text/plain)", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "text/plain" + }, + "body": { + "events": [ + "aloof" + ], + "isActive": true, + "name": "Opal Deckow", + "url": "http://www.dynamicmarkets.net/vertical" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 415 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.93935+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ce35cd41", + "title": "PATCH /api/admin/webhooks/:id - [type_coercion] events wrong_type_string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.events", + "rationale": "field \"events\" is array but receives wrong_type_string — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] events wrong_type_string", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": "not_an_array", + "isActive": false, + "name": "Emile Jones", + "url": "https://www.financeoptimize.com/transform/cross-media/technologies" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.939555+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-db8dd398", + "title": "PATCH /api/admin/webhooks/:id - [type_coercion] isActive wrong_type_string", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.isActive", + "rationale": "field \"isActive\" is boolean but receives wrong_type_string — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] isActive wrong_type_string", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "some" + ], + "isActive": "not_a_boolean", + "name": "Emile Jones", + "url": "https://www.financeoptimize.com/transform/cross-media/technologies" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.939556+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4c590e85", + "title": "PATCH /api/admin/webhooks/:id - [type_coercion] isActive wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.isActive", + "rationale": "field \"isActive\" is boolean but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] isActive wrong_type_integer", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "some" + ], + "isActive": 1, + "name": "Emile Jones", + "url": "https://www.financeoptimize.com/transform/cross-media/technologies" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.939558+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-849247d2", + "title": "PATCH /api/admin/webhooks/:id - [type_coercion] name wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.name", + "rationale": "field \"name\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] name wrong_type_integer", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "some" + ], + "isActive": false, + "name": 123, + "url": "https://www.financeoptimize.com/transform/cross-media/technologies" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.93956+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e2d843b1", + "title": "PATCH /api/admin/webhooks/:id - [type_coercion] name wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.name", + "rationale": "field \"name\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] name wrong_type_boolean", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "some" + ], + "isActive": false, + "name": true, + "url": "https://www.financeoptimize.com/transform/cross-media/technologies" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.939562+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5b388493", + "title": "PATCH /api/admin/webhooks/:id - [type_coercion] url wrong_type_integer", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.url", + "rationale": "field \"url\" is string but receives wrong_type_integer — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] url wrong_type_integer", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "some" + ], + "isActive": false, + "name": "Emile Jones", + "url": 123 + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.939564+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d9bfd2d8", + "title": "PATCH /api/admin/webhooks/:id - [type_coercion] url wrong_type_boolean", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "type_coercion", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.url", + "rationale": "field \"url\" is string but receives wrong_type_boolean — server must reject with 422", + "scenario": "WRONG_TYPE" + }, + "steps": [ + { + "id": "step-main", + "title": "[type_coercion] url wrong_type_boolean", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "some" + ], + "isActive": false, + "name": "Emile Jones", + "url": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.939565+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-9fed73af", + "title": "PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.name", + "rationale": "field \"name\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] name control_char", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "that" + ], + "isActive": true, + "name": "hello\u0000world", + "url": "https://www.productdrive.io/grow/world-class" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.939859+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6bdb26ba", + "title": "PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.name", + "rationale": "field \"name\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] name zero_width", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "that" + ], + "isActive": true, + "name": "​hello", + "url": "https://www.productdrive.io/grow/world-class" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.939861+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-61073126", + "title": "PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.name", + "rationale": "field \"name\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] name bidi_override", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "that" + ], + "isActive": true, + "name": "‮hello", + "url": "https://www.productdrive.io/grow/world-class" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.939863+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ff322daa", + "title": "PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.name", + "rationale": "field \"name\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] name overlong", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "that" + ], + "isActive": true, + "name": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", + "url": "https://www.productdrive.io/grow/world-class" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.939864+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a31d1299", + "title": "PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.name", + "rationale": "field \"name\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] name zalgo", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "that" + ], + "isActive": true, + "name": "z̀́̂̃̄̅̆̇a", + "url": "https://www.productdrive.io/grow/world-class" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.939866+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ed68863e", + "title": "PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url control_char", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.url", + "rationale": "field \"url\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] url control_char", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "that" + ], + "isActive": true, + "name": "Nicole Heller", + "url": "hello\u0000world" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.939869+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-61e8a563", + "title": "PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url zero_width", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.url", + "rationale": "field \"url\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] url zero_width", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "that" + ], + "isActive": true, + "name": "Nicole Heller", + "url": "​hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.939871+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-36430217", + "title": "PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url bidi_override", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.url", + "rationale": "field \"url\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] url bidi_override", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "that" + ], + "isActive": true, + "name": "Nicole Heller", + "url": "‮hello" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.939872+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d7318097", + "title": "PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url overlong", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.url", + "rationale": "field \"url\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] url overlong", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "that" + ], + "isActive": true, + "name": "Nicole Heller", + "url": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.939874+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-0a72a45e", + "title": "PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url zalgo", + "kind": "single", + "priority": "P3", + "tags": [ + "Admin" + ], + "source": { + "technique": "unicode_fuzzing", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.url", + "rationale": "field \"url\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", + "scenario": "UNICODE_INJECTION" + }, + "steps": [ + { + "id": "step-main", + "title": "[unicode_fuzzing] url zalgo", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "that" + ], + "isActive": true, + "name": "Nicole Heller", + "url": "z̀́̂̃̄̅̆̇a" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.939878+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d0ddffec", + "title": "PATCH /api/admin/webhooks/:id - [mass_assignment] privilege probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody", + "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_PRIVILEGE" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] privilege probe", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "admin": true, + "events": [ + "of" + ], + "isActive": false, + "isAdmin": true, + "is_admin": true, + "name": "Nathaniel Yang", + "role": "__probe__", + "url": "https://www.forwardinteractive.com/architect/reintermediate/user-centric" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.940302+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-16deab72", + "title": "PATCH /api/admin/webhooks/:id - [mass_assignment] status probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody", + "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_STATUS" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] status probe", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "approved": true, + "banned": false, + "disabled": false, + "events": [ + "of" + ], + "isActive": false, + "name": "Nathaniel Yang", + "url": "https://www.forwardinteractive.com/architect/reintermediate/user-centric", + "verified": true + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.940303+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ed85e04f", + "title": "PATCH /api/admin/webhooks/:id - [mass_assignment] financial probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody", + "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_FINANCIAL" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] financial probe", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "balance": 1, + "credits": 1, + "discount": 0, + "events": [ + "of" + ], + "isActive": false, + "name": "Nathaniel Yang", + "price": 1, + "url": "https://www.forwardinteractive.com/architect/reintermediate/user-centric" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.940304+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1274d148", + "title": "PATCH /api/admin/webhooks/:id - [mass_assignment] identity probe", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "mass_assignment", + "spec_path": "PATCH /api/admin/webhooks/:id requestBody", + "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", + "scenario": "MASS_ASSIGNMENT_IDENTITY" + }, + "steps": [ + { + "id": "step-main", + "title": "[mass_assignment] identity probe", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "createdBy": "__probe__", + "events": [ + "of" + ], + "isActive": false, + "name": "Nathaniel Yang", + "ownerId": "__probe__", + "url": "https://www.forwardinteractive.com/architect/reintermediate/user-centric", + "userId": "__probe__", + "user_id": "__probe__" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.940306+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e5555fc8", + "title": "PATCH /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "PATCH /api/admin/webhooks/:id parameters.id", + "rationale": "IDOR probe: substituting id=00000000-0000-0000-0000-000000000001 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid)", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.940477+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-93edf6a3", + "title": "PATCH /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid)", + "kind": "single", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "idor", + "spec_path": "PATCH /api/admin/webhooks/:id parameters.id", + "rationale": "IDOR probe: substituting id=00000000-0000-0000-0000-000000000000 to test authorization boundary", + "scenario": "IDOR_PARAM" + }, + "steps": [ + { + "id": "step-main", + "title": "IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid)", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "assertions": [ + { + "target": "status_code", + "operator": "gte", + "expected": 400 + }, + { + "target": "status_code", + "operator": "lt", + "expected": 500 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.940479+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-04940e9f", + "title": "GET /api/admin/audit-logs - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Admin" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "GET /api/admin/audit-logs", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "GET", + "path": "/api/admin/audit-logs", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.total", + "operator": "exists" + }, + { + "target": "body.logs", + "operator": "exists" + }, + { + "target": "body.page", + "operator": "exists" + }, + { + "target": "body.pageSize", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.940645+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-80f9a912", + "title": "GET /api/admin/audit-logs - classification tree row 1: [action=login]", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "classification_tree", + "spec_path": "GET /api/admin/audit-logs parameters", + "rationale": "ECT row 1 — each-choice coverage: [action=login]" + }, + "steps": [ + { + "id": "step-main", + "title": "classification tree row 1: [action=login]", + "type": "test", + "method": "GET", + "path": "/api/admin/audit-logs?action=login", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.940699+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ee7cf268", + "title": "GET /api/admin/audit-logs - classification tree row 2: [action=spec_uploaded]", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "classification_tree", + "spec_path": "GET /api/admin/audit-logs parameters", + "rationale": "ECT row 2 — each-choice coverage: [action=spec_uploaded]" + }, + "steps": [ + { + "id": "step-main", + "title": "classification tree row 2: [action=spec_uploaded]", + "type": "test", + "method": "GET", + "path": "/api/admin/audit-logs?action=spec_uploaded", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.940702+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-df4697d4", + "title": "GET /api/admin/audit-logs - classification tree row 3: [action=spec_updated]", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "classification_tree", + "spec_path": "GET /api/admin/audit-logs parameters", + "rationale": "ECT row 3 — each-choice coverage: [action=spec_updated]" + }, + "steps": [ + { + "id": "step-main", + "title": "classification tree row 3: [action=spec_updated]", + "type": "test", + "method": "GET", + "path": "/api/admin/audit-logs?action=spec_updated", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.940704+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ba4c28cb", + "title": "GET /api/admin/audit-logs - classification tree row 4: [action=service_deleted]", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "classification_tree", + "spec_path": "GET /api/admin/audit-logs parameters", + "rationale": "ECT row 4 — each-choice coverage: [action=service_deleted]" + }, + "steps": [ + { + "id": "step-main", + "title": "classification tree row 4: [action=service_deleted]", + "type": "test", + "method": "GET", + "path": "/api/admin/audit-logs?action=service_deleted", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.940705+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2874616a", + "title": "GET /api/admin/audit-logs - classification tree row 5: [action=grant_created]", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "classification_tree", + "spec_path": "GET /api/admin/audit-logs parameters", + "rationale": "ECT row 5 — each-choice coverage: [action=grant_created]" + }, + "steps": [ + { + "id": "step-main", + "title": "classification tree row 5: [action=grant_created]", + "type": "test", + "method": "GET", + "path": "/api/admin/audit-logs?action=grant_created", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.940707+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4511e41f", + "title": "GET /api/admin/audit-logs - classification tree row 6: [action=grant_revoked]", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "classification_tree", + "spec_path": "GET /api/admin/audit-logs parameters", + "rationale": "ECT row 6 — each-choice coverage: [action=grant_revoked]" + }, + "steps": [ + { + "id": "step-main", + "title": "classification tree row 6: [action=grant_revoked]", + "type": "test", + "method": "GET", + "path": "/api/admin/audit-logs?action=grant_revoked", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.940709+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e290ff04", + "title": "GET /api/admin/audit-logs - classification tree row 7: [action=token_created]", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "classification_tree", + "spec_path": "GET /api/admin/audit-logs parameters", + "rationale": "ECT row 7 — each-choice coverage: [action=token_created]" + }, + "steps": [ + { + "id": "step-main", + "title": "classification tree row 7: [action=token_created]", + "type": "test", + "method": "GET", + "path": "/api/admin/audit-logs?action=token_created", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.940711+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-5a6e9137", + "title": "GET /api/admin/audit-logs - classification tree row 8: [action=token_revoked]", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "classification_tree", + "spec_path": "GET /api/admin/audit-logs parameters", + "rationale": "ECT row 8 — each-choice coverage: [action=token_revoked]" + }, + "steps": [ + { + "id": "step-main", + "title": "classification tree row 8: [action=token_revoked]", + "type": "test", + "method": "GET", + "path": "/api/admin/audit-logs?action=token_revoked", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.940712+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e92e324e", + "title": "GET /api/admin/audit-logs - classification tree row 9: [action=user_created]", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "classification_tree", + "spec_path": "GET /api/admin/audit-logs parameters", + "rationale": "ECT row 9 — each-choice coverage: [action=user_created]" + }, + "steps": [ + { + "id": "step-main", + "title": "classification tree row 9: [action=user_created]", + "type": "test", + "method": "GET", + "path": "/api/admin/audit-logs?action=user_created", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.940714+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e73ed081", + "title": "GET /api/admin/audit-logs - classification tree row 10: [action=user_disabled]", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "classification_tree", + "spec_path": "GET /api/admin/audit-logs parameters", + "rationale": "ECT row 10 — each-choice coverage: [action=user_disabled]" + }, + "steps": [ + { + "id": "step-main", + "title": "classification tree row 10: [action=user_disabled]", + "type": "test", + "method": "GET", + "path": "/api/admin/audit-logs?action=user_disabled", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.940716+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a820fea5", + "title": "GET /api/admin/audit-logs - classification tree row 11: [action=team_created]", + "kind": "single", + "priority": "P2", + "tags": [ + "Admin" + ], + "source": { + "technique": "classification_tree", + "spec_path": "GET /api/admin/audit-logs parameters", + "rationale": "ECT row 11 — each-choice coverage: [action=team_created]" + }, + "steps": [ + { + "id": "step-main", + "title": "classification tree row 11: [action=team_created]", + "type": "test", + "method": "GET", + "path": "/api/admin/audit-logs?action=team_created", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.940718+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-eb7a16db", + "title": "[OWASP-API2] GET /api/admin/audit-logs — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/admin/audit-logs", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "GET", + "path": "/api/admin/audit-logs", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941174+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-0d70db14", + "title": "[OWASP-API7] GET /api/admin/audit-logs — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/admin/audit-logs", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "GET", + "path": "/api/admin/audit-logs?action=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941177+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-605a4d60", + "title": "[OWASP-API7] GET /api/admin/audit-logs — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/admin/audit-logs", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "GET", + "path": "/api/admin/audit-logs?action=%27+OR+1%3D1--", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941178+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a1c2c8cc", + "title": "[OWASP-API7] GET /api/admin/audit-logs — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/admin/audit-logs", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "GET", + "path": "/api/admin/audit-logs?action=..%2F..%2F..%2Fetc%2Fpasswd", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.94118+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-65fdbcb4", + "title": "GET /api/search - valid request with all required fields", + "kind": "single", + "priority": "P0", + "tags": [ + "Search" + ], + "source": { + "technique": "equivalence_partitioning", + "spec_path": "GET /api/search", + "rationale": "valid equivalence class: all required fields present with correct types" + }, + "steps": [ + { + "id": "step-main", + "title": "valid request with all required fields", + "type": "test", + "method": "GET", + "path": "/api/search", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + }, + { + "target": "body.results", + "operator": "exists" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941425+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6e192176", + "title": "[OWASP-API2] GET /api/search — broken authentication", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api2-broken-auth" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/search", + "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" + }, + "steps": [ + { + "id": "step-1", + "title": "request without auth token", + "type": "test", + "method": "GET", + "path": "/api/search", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 401 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941478+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b1a5ce9b", + "title": "[OWASP-API7] GET /api/search — injection (xss)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/search", + "rationale": "Inject xss payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject xss payload", + "type": "test", + "method": "GET", + "path": "/api/search?q=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.94148+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b0d05c32", + "title": "[OWASP-API7] GET /api/search — injection (sqli)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/search", + "rationale": "Inject sqli payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject sqli payload", + "type": "test", + "method": "GET", + "path": "/api/search?q=%27+OR+1%3D1--", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941481+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-30f18b95", + "title": "[OWASP-API7] GET /api/search — injection (path-traversal)", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api7-injection" + ], + "source": { + "technique": "owasp_api_top10", + "spec_path": "GET /api/search", + "rationale": "Inject path-traversal payload; server must reject and return 400" + }, + "steps": [ + { + "id": "step-1", + "title": "inject path-traversal payload", + "type": "test", + "method": "GET", + "path": "/api/search?q=..%2F..%2F..%2Fetc%2Fpasswd", + "body": null, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941482+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-128363b8", + "title": "GET /api/search - missing required param \"q\"", + "kind": "single", + "priority": "P1", + "tags": [ + "Search" + ], + "source": { + "technique": "isolated_negative", + "spec_path": "GET /api/search parameters.q", + "rationale": "isolated failure: required param \"q\" is absent", + "scenario": "MISSING_REQUIRED" + }, + "steps": [ + { + "id": "step-main", + "title": "missing required param \"q\"", + "type": "test", + "method": "GET", + "path": "/api/search?branch=valid\u0026service=valid", + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 422 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941662+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c88f572b", + "title": "[OWASP-API5] DELETE /api/catalog/:serviceId — function-level authorization missing", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api5-function-level-auth" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "DELETE /api/catalog/:serviceId", + "rationale": "Accessing a privileged endpoint with a regular user token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access privileged endpoint with regular user token", + "type": "test", + "method": "DELETE", + "path": "/api/catalog/:serviceId", + "headers": { + "Authorization": "Bearer {{user_token}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941794+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1f9d5ef0", + "title": "[OWASP-API5] DELETE /api/admin/teams/{id} — function-level authorization missing", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api5-function-level-auth" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "DELETE /api/admin/teams/{id}", + "rationale": "Accessing a privileged endpoint with a regular user token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access privileged endpoint with regular user token", + "type": "test", + "method": "DELETE", + "path": "/api/admin/teams/{id}", + "headers": { + "Authorization": "Bearer {{user_token}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941795+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-06b71a7c", + "title": "[OWASP-API5] PUT /api/admin/teams/{id} — function-level authorization missing", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api5-function-level-auth" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "PUT /api/admin/teams/{id}", + "rationale": "Accessing a privileged endpoint with a regular user token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access privileged endpoint with regular user token", + "type": "test", + "method": "PUT", + "path": "/api/admin/teams/{id}", + "headers": { + "Authorization": "Bearer {{user_token}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941796+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-edc7b8fe", + "title": "[OWASP-API5] GET /api/admin/teams/{id}/services — function-level authorization missing", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api5-function-level-auth" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "GET /api/admin/teams/{id}/services", + "rationale": "Accessing a privileged endpoint with a regular user token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access privileged endpoint with regular user token", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{id}/services", + "headers": { + "Authorization": "Bearer {{user_token}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941797+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4c861285", + "title": "[OWASP-API5] DELETE /api/admin/users/{id} — function-level authorization missing", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api5-function-level-auth" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "DELETE /api/admin/users/{id}", + "rationale": "Accessing a privileged endpoint with a regular user token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access privileged endpoint with regular user token", + "type": "test", + "method": "DELETE", + "path": "/api/admin/users/{id}", + "headers": { + "Authorization": "Bearer {{user_token}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941798+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8f0d7884", + "title": "[OWASP-API5] PUT /api/admin/users/{id} — function-level authorization missing", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api5-function-level-auth" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "PUT /api/admin/users/{id}", + "rationale": "Accessing a privileged endpoint with a regular user token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access privileged endpoint with regular user token", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{id}", + "headers": { + "Authorization": "Bearer {{user_token}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941799+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a9276ccc", + "title": "[OWASP-API5] GET /api/admin/teams — function-level authorization missing", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api5-function-level-auth" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "GET /api/admin/teams", + "rationale": "Accessing a privileged endpoint with a regular user token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access privileged endpoint with regular user token", + "type": "test", + "method": "GET", + "path": "/api/admin/teams", + "headers": { + "Authorization": "Bearer {{user_token}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.9418+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2df9f5ad", + "title": "[OWASP-API5] POST /api/admin/teams — function-level authorization missing", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api5-function-level-auth" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "POST /api/admin/teams", + "rationale": "Accessing a privileged endpoint with a regular user token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access privileged endpoint with regular user token", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Authorization": "Bearer {{user_token}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941801+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8f5433a6", + "title": "[OWASP-API5] GET /api/admin/teams/{id}/grants — function-level authorization missing", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api5-function-level-auth" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "GET /api/admin/teams/{id}/grants", + "rationale": "Accessing a privileged endpoint with a regular user token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access privileged endpoint with regular user token", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Authorization": "Bearer {{user_token}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941802+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4c520692", + "title": "[OWASP-API5] POST /api/admin/teams/{id}/grants — function-level authorization missing", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api5-function-level-auth" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "POST /api/admin/teams/{id}/grants", + "rationale": "Accessing a privileged endpoint with a regular user token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access privileged endpoint with regular user token", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Authorization": "Bearer {{user_token}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941803+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-908d0d93", + "title": "[OWASP-API5] POST /api/admin/webhooks/:id/test — function-level authorization missing", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api5-function-level-auth" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "POST /api/admin/webhooks/:id/test", + "rationale": "Accessing a privileged endpoint with a regular user token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access privileged endpoint with regular user token", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks/:id/test", + "headers": { + "Authorization": "Bearer {{user_token}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941804+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-640109d2", + "title": "[OWASP-API5] DELETE /api/admin/grants/{id} — function-level authorization missing", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api5-function-level-auth" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "DELETE /api/admin/grants/{id}", + "rationale": "Accessing a privileged endpoint with a regular user token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access privileged endpoint with regular user token", + "type": "test", + "method": "DELETE", + "path": "/api/admin/grants/{id}", + "headers": { + "Authorization": "Bearer {{user_token}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941805+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-fbedb9f1", + "title": "[OWASP-API5] DELETE /api/tokens/{id} — function-level authorization missing", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api5-function-level-auth" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "DELETE /api/tokens/{id}", + "rationale": "Accessing a privileged endpoint with a regular user token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access privileged endpoint with regular user token", + "type": "test", + "method": "DELETE", + "path": "/api/tokens/{id}", + "headers": { + "Authorization": "Bearer {{user_token}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941805+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a2ef426c", + "title": "[OWASP-API5] GET /api/admin/webhooks — function-level authorization missing", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api5-function-level-auth" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "GET /api/admin/webhooks", + "rationale": "Accessing a privileged endpoint with a regular user token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access privileged endpoint with regular user token", + "type": "test", + "method": "GET", + "path": "/api/admin/webhooks", + "headers": { + "Authorization": "Bearer {{user_token}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941806+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d8d5bdac", + "title": "[OWASP-API5] POST /api/admin/webhooks — function-level authorization missing", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api5-function-level-auth" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "POST /api/admin/webhooks", + "rationale": "Accessing a privileged endpoint with a regular user token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access privileged endpoint with regular user token", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Authorization": "Bearer {{user_token}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941807+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-544e90d2", + "title": "[OWASP-API5] PUT /api/admin/services/{serviceId}/team — function-level authorization missing", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api5-function-level-auth" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "PUT /api/admin/services/{serviceId}/team", + "rationale": "Accessing a privileged endpoint with a regular user token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access privileged endpoint with regular user token", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Authorization": "Bearer {{user_token}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941808+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3724bb26", + "title": "[OWASP-API5] GET /api/admin/users — function-level authorization missing", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api5-function-level-auth" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "GET /api/admin/users", + "rationale": "Accessing a privileged endpoint with a regular user token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access privileged endpoint with regular user token", + "type": "test", + "method": "GET", + "path": "/api/admin/users", + "headers": { + "Authorization": "Bearer {{user_token}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941809+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-01a13cd8", + "title": "[OWASP-API5] DELETE /api/admin/webhooks/:id — function-level authorization missing", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api5-function-level-auth" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "DELETE /api/admin/webhooks/:id", + "rationale": "Accessing a privileged endpoint with a regular user token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access privileged endpoint with regular user token", + "type": "test", + "method": "DELETE", + "path": "/api/admin/webhooks/:id", + "headers": { + "Authorization": "Bearer {{user_token}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.94181+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6c16dac4", + "title": "[OWASP-API5] PATCH /api/admin/webhooks/:id — function-level authorization missing", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api5-function-level-auth" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "PATCH /api/admin/webhooks/:id", + "rationale": "Accessing a privileged endpoint with a regular user token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access privileged endpoint with regular user token", + "type": "test", + "method": "PATCH", + "path": "/api/admin/webhooks/:id", + "headers": { + "Authorization": "Bearer {{user_token}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941811+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b02abc71", + "title": "[OWASP-API5] GET /api/admin/audit-logs — function-level authorization missing", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api5-function-level-auth" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "GET /api/admin/audit-logs", + "rationale": "Accessing a privileged endpoint with a regular user token should return 403" + }, + "steps": [ + { + "id": "step-1", + "title": "access privileged endpoint with regular user token", + "type": "test", + "method": "GET", + "path": "/api/admin/audit-logs", + "headers": { + "Authorization": "Bearer {{user_token}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 403 + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941812+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e3ff3623", + "title": "[OWASP-API8] OPTIONS /api/catalog — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/catalog", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/catalog", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941814+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-dc211e18", + "title": "[OWASP-API8] OPTIONS /api/catalog/:serviceId — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/catalog/:serviceId", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/catalog/:serviceId", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941815+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6bbc18bd", + "title": "[OWASP-API8] OPTIONS /api/admin/teams/{id} — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/admin/teams/{id}", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/admin/teams/{id}", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941816+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-84a2058d", + "title": "[OWASP-API8] OPTIONS /api/admin/teams/{id}/services — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/admin/teams/{id}/services", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/admin/teams/{id}/services", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941817+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e0b5b44a", + "title": "[OWASP-API8] OPTIONS /api/admin/users/{id} — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/admin/users/{id}", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/admin/users/{id}", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.94182+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ad2f2f8a", + "title": "[OWASP-API8] OPTIONS /api/admin/teams — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/admin/teams", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/admin/teams", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941821+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b009aaa0", + "title": "[OWASP-API8] OPTIONS /api/tokens — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/tokens", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/tokens", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941822+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-86522697", + "title": "[OWASP-API8] OPTIONS /auth/logout — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /auth/logout", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/auth/logout", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941823+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-02ec7afc", + "title": "[OWASP-API8] OPTIONS /api/admin/teams/{id}/members — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/admin/teams/{id}/members", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/admin/teams/{id}/members", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941824+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ecd6daec", + "title": "[OWASP-API8] OPTIONS /api/specs/{service}/{branch}/openapi.json — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/specs/{service}/{branch}/openapi.json", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/specs/{service}/{branch}/openapi.json", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941825+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2f9039a1", + "title": "[OWASP-API8] OPTIONS /auth/register — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /auth/register", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/auth/register", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941826+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8d947b43", + "title": "[OWASP-API8] OPTIONS /api/me — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/me", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/me", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941827+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8b59e761", + "title": "[OWASP-API8] OPTIONS /api/admin/teams/{id}/grants — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/admin/teams/{id}/grants", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941828+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d622eda3", + "title": "[OWASP-API8] OPTIONS /api/specs/:service/versions — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/specs/:service/versions", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/specs/:service/versions", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941828+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-19ddcfe4", + "title": "[OWASP-API8] OPTIONS /api/admin/webhooks/:id/test — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/admin/webhooks/:id/test", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/admin/webhooks/:id/test", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.94183+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ff243297", + "title": "[OWASP-API8] OPTIONS /api/admin/grants/{id} — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/admin/grants/{id}", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/admin/grants/{id}", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941831+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ba604e45", + "title": "[OWASP-API8] OPTIONS /api/tokens/{id} — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/tokens/{id}", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/tokens/{id}", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941831+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3f16f7ab", + "title": "[OWASP-API8] OPTIONS /api/admin/webhooks — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/admin/webhooks", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/admin/webhooks", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941832+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-95a63795", + "title": "[OWASP-API8] OPTIONS /api/diff — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/diff", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/diff", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941834+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-09111fdc", + "title": "[OWASP-API8] OPTIONS /auth/login — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /auth/login", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/auth/login", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941835+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4b672517", + "title": "[OWASP-API8] OPTIONS /api/admin/services/{serviceId}/team — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/admin/services/{serviceId}/team", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/admin/services/{serviceId}/team", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941836+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-d0d06277", + "title": "[OWASP-API8] OPTIONS /api/admin/users — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/admin/users", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/admin/users", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941837+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-65631595", + "title": "[OWASP-API8] OPTIONS /api/upload — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/upload", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/upload", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941838+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-86b21409", + "title": "[OWASP-API8] OPTIONS /api/admin/teams/{id}/members/{userId} — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/admin/teams/{id}/members/{userId}", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/admin/teams/{id}/members/{userId}", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941839+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c34b22b5", + "title": "[OWASP-API8] OPTIONS /api/admin/webhooks/:id — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/admin/webhooks/:id", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/admin/webhooks/:id", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941841+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-744c12cf", + "title": "[OWASP-API8] OPTIONS /api/admin/audit-logs — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/admin/audit-logs", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/admin/audit-logs", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941842+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e799f553", + "title": "[OWASP-API8] OPTIONS /api/search — CORS security configuration", + "kind": "single", + "priority": "P0", + "tags": [ + "security", + "owasp", + "api8-cors" + ], + "source": { + "technique": "owasp_api_top10_spec", + "spec_path": "OPTIONS /api/search", + "rationale": "CORS response header Access-Control-Allow-Origin must not be *" + }, + "steps": [ + { + "id": "step-1", + "title": "OPTIONS preflight request", + "type": "test", + "method": "OPTIONS", + "path": "/api/search", + "headers": { + "Origin": "https://evil.example.com" + }, + "assertions": [ + { + "target": "header Access-Control-Allow-Origin", + "operator": "ne", + "expected": "*" + } + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941843+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4b81d9bb", + "title": "auth chain: GET /api/admin/audit-logs", + "kind": "chain", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "auth_chain", + "spec_path": "GET /api/admin/audit-logs", + "rationale": "authenticate via /api/tokens then call secured endpoint GET /api/admin/audit-logs" + }, + "steps": [ + { + "id": "step-auth", + "title": "authenticate via POST /api/tokens", + "type": "setup", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Jakob Jensen", + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "authToken", + "from": "jsonpath $.token" + } + ] + }, + { + "id": "step-test", + "title": "GET /api/admin/audit-logs with auth token", + "type": "test", + "method": "GET", + "path": "/api/admin/audit-logs", + "headers": { + "Authorization": "Bearer {{authToken}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-auth" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941912+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3977085e", + "title": "auth chain: GET /api/admin/teams", + "kind": "chain", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "auth_chain", + "spec_path": "GET /api/admin/teams", + "rationale": "authenticate via /api/tokens then call secured endpoint GET /api/admin/teams" + }, + "steps": [ + { + "id": "step-auth", + "title": "authenticate via POST /api/tokens", + "type": "setup", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Jakob Jensen", + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "authToken", + "from": "jsonpath $.token" + } + ] + }, + { + "id": "step-test", + "title": "GET /api/admin/teams with auth token", + "type": "test", + "method": "GET", + "path": "/api/admin/teams", + "headers": { + "Authorization": "Bearer {{authToken}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-auth" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941917+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e4ef12fa", + "title": "auth chain: GET /api/admin/users", + "kind": "chain", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "auth_chain", + "spec_path": "GET /api/admin/users", + "rationale": "authenticate via /api/tokens then call secured endpoint GET /api/admin/users" + }, + "steps": [ + { + "id": "step-auth", + "title": "authenticate via POST /api/tokens", + "type": "setup", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Jakob Jensen", + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "authToken", + "from": "jsonpath $.token" + } + ] + }, + { + "id": "step-test", + "title": "GET /api/admin/users with auth token", + "type": "test", + "method": "GET", + "path": "/api/admin/users", + "headers": { + "Authorization": "Bearer {{authToken}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-auth" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941918+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c741d9e1", + "title": "auth chain: GET /api/admin/webhooks", + "kind": "chain", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "auth_chain", + "spec_path": "GET /api/admin/webhooks", + "rationale": "authenticate via /api/tokens then call secured endpoint GET /api/admin/webhooks" + }, + "steps": [ + { + "id": "step-auth", + "title": "authenticate via POST /api/tokens", + "type": "setup", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Jakob Jensen", + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "authToken", + "from": "jsonpath $.token" + } + ] + }, + { + "id": "step-test", + "title": "GET /api/admin/webhooks with auth token", + "type": "test", + "method": "GET", + "path": "/api/admin/webhooks", + "headers": { + "Authorization": "Bearer {{authToken}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-auth" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.94192+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-bde6cda3", + "title": "auth chain: GET /api/catalog", + "kind": "chain", + "priority": "P1", + "tags": [ + "Catalog" + ], + "source": { + "technique": "auth_chain", + "spec_path": "GET /api/catalog", + "rationale": "authenticate via /api/tokens then call secured endpoint GET /api/catalog" + }, + "steps": [ + { + "id": "step-auth", + "title": "authenticate via POST /api/tokens", + "type": "setup", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Jakob Jensen", + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "authToken", + "from": "jsonpath $.token" + } + ] + }, + { + "id": "step-test", + "title": "GET /api/catalog with auth token", + "type": "test", + "method": "GET", + "path": "/api/catalog", + "headers": { + "Authorization": "Bearer {{authToken}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-auth" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941921+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6af54553", + "title": "auth chain: GET /api/diff", + "kind": "chain", + "priority": "P1", + "tags": [ + "Specs" + ], + "source": { + "technique": "auth_chain", + "spec_path": "GET /api/diff", + "rationale": "authenticate via /api/tokens then call secured endpoint GET /api/diff" + }, + "steps": [ + { + "id": "step-auth", + "title": "authenticate via POST /api/tokens", + "type": "setup", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Jakob Jensen", + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "authToken", + "from": "jsonpath $.token" + } + ] + }, + { + "id": "step-test", + "title": "GET /api/diff with auth token", + "type": "test", + "method": "GET", + "path": "/api/diff", + "headers": { + "Authorization": "Bearer {{authToken}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-auth" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941923+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-646f48bb", + "title": "auth chain: GET /api/me", + "kind": "chain", + "priority": "P1", + "tags": [ + "Auth" + ], + "source": { + "technique": "auth_chain", + "spec_path": "GET /api/me", + "rationale": "authenticate via /api/tokens then call secured endpoint GET /api/me" + }, + "steps": [ + { + "id": "step-auth", + "title": "authenticate via POST /api/tokens", + "type": "setup", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Jakob Jensen", + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "authToken", + "from": "jsonpath $.token" + } + ] + }, + { + "id": "step-test", + "title": "GET /api/me with auth token", + "type": "test", + "method": "GET", + "path": "/api/me", + "headers": { + "Authorization": "Bearer {{authToken}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-auth" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941924+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e66b7d53", + "title": "auth chain: GET /api/search", + "kind": "chain", + "priority": "P1", + "tags": [ + "Search" + ], + "source": { + "technique": "auth_chain", + "spec_path": "GET /api/search", + "rationale": "authenticate via /api/tokens then call secured endpoint GET /api/search" + }, + "steps": [ + { + "id": "step-auth", + "title": "authenticate via POST /api/tokens", + "type": "setup", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Jakob Jensen", + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "authToken", + "from": "jsonpath $.token" + } + ] + }, + { + "id": "step-test", + "title": "GET /api/search with auth token", + "type": "test", + "method": "GET", + "path": "/api/search", + "headers": { + "Authorization": "Bearer {{authToken}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-auth" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941925+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-9d529cfb", + "title": "auth chain: GET /api/tokens", + "kind": "chain", + "priority": "P1", + "tags": [ + "MCP Tokens" + ], + "source": { + "technique": "auth_chain", + "spec_path": "GET /api/tokens", + "rationale": "authenticate via /api/tokens then call secured endpoint GET /api/tokens" + }, + "steps": [ + { + "id": "step-auth", + "title": "authenticate via POST /api/tokens", + "type": "setup", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Jakob Jensen", + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "authToken", + "from": "jsonpath $.token" + } + ] + }, + { + "id": "step-test", + "title": "GET /api/tokens with auth token", + "type": "test", + "method": "GET", + "path": "/api/tokens", + "headers": { + "Authorization": "Bearer {{authToken}}" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-auth" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941927+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4c68c418", + "title": "auth chain: POST /api/admin/teams", + "kind": "chain", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "auth_chain", + "spec_path": "POST /api/admin/teams", + "rationale": "authenticate via /api/tokens then call secured endpoint POST /api/admin/teams" + }, + "steps": [ + { + "id": "step-auth", + "title": "authenticate via POST /api/tokens", + "type": "setup", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Jakob Jensen", + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "authToken", + "from": "jsonpath $.token" + } + ] + }, + { + "id": "step-test", + "title": "POST /api/admin/teams with auth token", + "type": "test", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Authorization": "Bearer {{authToken}}", + "Content-Type": "application/json" + }, + "body": { + "description": "The government should confusing.", + "displayName": "yours", + "name": "Lee Burton" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-auth" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941938+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f4c0b7fc", + "title": "auth chain: POST /api/admin/webhooks", + "kind": "chain", + "priority": "P1", + "tags": [ + "Admin" + ], + "source": { + "technique": "auth_chain", + "spec_path": "POST /api/admin/webhooks", + "rationale": "authenticate via /api/tokens then call secured endpoint POST /api/admin/webhooks" + }, + "steps": [ + { + "id": "step-auth", + "title": "authenticate via POST /api/tokens", + "type": "setup", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Jakob Jensen", + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "authToken", + "from": "jsonpath $.token" + } + ] + }, + { + "id": "step-test", + "title": "POST /api/admin/webhooks with auth token", + "type": "test", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Authorization": "Bearer {{authToken}}", + "Content-Type": "application/json" + }, + "body": { + "events": [ + "where" + ], + "name": "Lilla Henderson", + "providerType": "shirt", + "teamId": "1e74395d-96d5-4632-bff5-1db94dfc9c0c", + "url": "http://www.brandengage.info/out-of-the-box/end-to-end/engineer/visualize" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-auth" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941944+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-c60cf805", + "title": "auth chain: POST /api/upload", + "kind": "chain", + "priority": "P1", + "tags": [ + "Upload" + ], + "source": { + "technique": "auth_chain", + "spec_path": "POST /api/upload", + "rationale": "authenticate via /api/tokens then call secured endpoint POST /api/upload" + }, + "steps": [ + { + "id": "step-auth", + "title": "authenticate via POST /api/tokens", + "type": "setup", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Jakob Jensen", + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "authToken", + "from": "jsonpath $.token" + } + ] + }, + { + "id": "step-test", + "title": "POST /api/upload with auth token", + "type": "test", + "method": "POST", + "path": "/api/upload", + "headers": { + "Authorization": "Bearer {{authToken}}", + "Content-Type": "application/json" + }, + "body": { + "branch": "they", + "commitSha": "sometimes", + "service": "Darwinian", + "specContent": "i.e." + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-auth" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941948+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-46922b8d", + "title": "auth chain: POST /auth/register", + "kind": "chain", + "priority": "P1", + "tags": [ + "Auth" + ], + "source": { + "technique": "auth_chain", + "spec_path": "POST /auth/register", + "rationale": "authenticate via /api/tokens then call secured endpoint POST /auth/register" + }, + "steps": [ + { + "id": "step-auth", + "title": "authenticate via POST /api/tokens", + "type": "setup", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Jakob Jensen", + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "authToken", + "from": "jsonpath $.token" + } + ] + }, + { + "id": "step-test", + "title": "POST /auth/register with auth token", + "type": "test", + "method": "POST", + "path": "/auth/register", + "headers": { + "Authorization": "Bearer {{authToken}}", + "Content-Type": "application/json" + }, + "body": { + "email": "edbarber@reyes.name", + "password": "nest" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 200 + }, + { + "target": "duration_ms", + "operator": "lt", + "expected": 2000 + } + ], + "depends_on": [ + "step-auth" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.941954+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-fae601d3", + "title": "sequence chain: /api/admin/teams/{id}/grants → DELETE /api/admin/grants/{id}", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/teams/{id}/grants", + "rationale": "field-similarity chain (score 1.00): /api/admin/teams/{id}/grants → /api/admin/grants/{id} param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/teams/{id}/grants", + "type": "setup", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "in" + ], + "expiresAt": "1934-04-27T17:54:54Z", + "granteeTeamId": "ef7ba0e3-e654-4cbe-a8db-7d80ae34554a", + "granteeUserId": "6b8cf351-2a07-4e9b-af8d-93adadf31af4", + "serviceId": "4af3c971-e3ff-4038-8eec-7562f600ef7e" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via DELETE /api/admin/grants/{id}", + "type": "test", + "method": "DELETE", + "path": "/api/admin/grants/{{id}}", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942181+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1e93f696", + "title": "sequence chain: /api/admin/teams/{id}/grants → DELETE /api/admin/users/{id}", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/teams/{id}/grants", + "rationale": "field-similarity chain (score 1.00): /api/admin/teams/{id}/grants → /api/admin/users/{id} param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/teams/{id}/grants", + "type": "setup", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "next" + ], + "expiresAt": "1953-08-22T03:36:54Z", + "granteeTeamId": "4ec6231f-137f-4153-97d0-8c43294d0bd2", + "granteeUserId": "94e4e393-307c-46af-870b-f6f1a737e66b", + "serviceId": "67af3e57-44c9-4422-ae15-53de1e10b9a7" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via DELETE /api/admin/users/{id}", + "type": "test", + "method": "DELETE", + "path": "/api/admin/users/{{id}}", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942186+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-7710bdae", + "title": "sequence chain: /api/admin/teams/{id}/grants → GET /api/admin/teams/{id}/members", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/teams/{id}/grants", + "rationale": "field-similarity chain (score 1.00): /api/admin/teams/{id}/grants → /api/admin/teams/{id}/members param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/teams/{id}/grants", + "type": "setup", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "place" + ], + "expiresAt": "1973-01-05T11:42:04Z", + "granteeTeamId": "58c7d788-061b-4021-9e8c-01942f155464", + "granteeUserId": "1b70dc76-c2d3-4e62-9f5d-22c8319dc0a2", + "serviceId": "a31b4938-a01f-4bc1-80fe-f165a18d784e" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via GET /api/admin/teams/{id}/members", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{{id}}/members", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.94219+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-fd7cb142", + "title": "sequence chain: /api/admin/teams/{id}/grants → GET /api/admin/teams/{id}/services", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/teams/{id}/grants", + "rationale": "field-similarity chain (score 1.00): /api/admin/teams/{id}/grants → /api/admin/teams/{id}/services param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/teams/{id}/grants", + "type": "setup", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "nightly" + ], + "expiresAt": "2014-07-24T15:17:10Z", + "granteeTeamId": "da38f17d-bcba-48c6-b1e9-2b8c5c84b849", + "granteeUserId": "a204f443-d1b0-4bfc-803a-4c17ae6cc61d", + "serviceId": "ce438324-485f-4319-9bd6-11c6d9721984" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via GET /api/admin/teams/{id}/services", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{{id}}/services", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942194+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-136f3cd3", + "title": "sequence chain: /api/admin/teams/{id}/grants → POST /api/admin/teams/{id}/members", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/teams/{id}/grants", + "rationale": "field-similarity chain (score 1.00): /api/admin/teams/{id}/grants → /api/admin/teams/{id}/members param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/teams/{id}/grants", + "type": "setup", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "wow" + ], + "expiresAt": "1972-07-06T21:33:45Z", + "granteeTeamId": "b14431ac-e726-45f0-93de-31b938772976", + "granteeUserId": "4d5d2551-5245-4b9f-96e5-0b702e93eff2", + "serviceId": "fa586d52-80ed-493e-8e6d-6047b31e41fa" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via POST /api/admin/teams/{id}/members", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{{id}}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "member", + "userId": "1dd37e1e-0598-4a14-9118-1e52865101d3" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942202+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-cafaccf6", + "title": "sequence chain: /api/admin/teams/{id}/grants → PUT /api/admin/services/{serviceId}/team", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/teams/{id}/grants", + "rationale": "field-similarity chain (score 0.50): /api/admin/teams/{id}/grants → /api/admin/services/{serviceId}/team param serviceId", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/teams/{id}/grants", + "type": "setup", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "am" + ], + "expiresAt": "1930-06-02T07:33:10Z", + "granteeTeamId": "6eb082a3-7a81-4673-b080-6f876150d238", + "granteeUserId": "9c8b45fd-f191-4a4d-80fd-b8dad10d176a", + "serviceId": "d078acf6-4a9a-463a-9632-1d93b5a7ecfa" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "serviceId", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via PUT /api/admin/services/{serviceId}/team", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{{serviceId}}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "teamId": "ef302aa8-fd8d-4fd6-9798-6d57d88f7ac6" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942207+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-636e3912", + "title": "sequence chain: /api/admin/teams/{id}/grants → PUT /api/admin/users/{id}", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/teams/{id}/grants", + "rationale": "field-similarity chain (score 1.00): /api/admin/teams/{id}/grants → /api/admin/users/{id} param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/teams/{id}/grants", + "type": "setup", + "method": "POST", + "path": "/api/admin/teams/{id}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "half" + ], + "expiresAt": "1911-12-23T17:30:07Z", + "granteeTeamId": "e275d7a1-f1f0-449b-9962-e43b92698249", + "granteeUserId": "5a22025f-d28e-4434-9b1d-93bf353fbdb9", + "serviceId": "71bbc723-acdf-4be2-b56f-e471f9077cc5" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via PUT /api/admin/users/{id}", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{{id}}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": true, + "role": "team_member" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942211+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-70b060a1", + "title": "sequence chain: /api/admin/teams → DELETE /api/admin/grants/{id}", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/teams", + "rationale": "field-similarity chain (score 1.00): /api/admin/teams → /api/admin/grants/{id} param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/teams", + "type": "setup", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Ours child be ready for irritation.", + "displayName": "daily", + "name": "Cordell Marshall" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via DELETE /api/admin/grants/{id}", + "type": "test", + "method": "DELETE", + "path": "/api/admin/grants/{{id}}", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942218+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f0f67b06", + "title": "sequence chain: /api/admin/teams → DELETE /api/admin/users/{id}", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/teams", + "rationale": "field-similarity chain (score 1.00): /api/admin/teams → /api/admin/users/{id} param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/teams", + "type": "setup", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Invite review for the group in Birmingham.", + "displayName": "eventually", + "name": "Robyn Williams" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via DELETE /api/admin/users/{id}", + "type": "test", + "method": "DELETE", + "path": "/api/admin/users/{{id}}", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942222+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-6aeda09f", + "title": "sequence chain: /api/admin/teams → GET /api/admin/teams/{id}/grants", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/teams", + "rationale": "field-similarity chain (score 1.00): /api/admin/teams → /api/admin/teams/{id}/grants param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/teams", + "type": "setup", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "They ski patiently to stabilize the year.", + "displayName": "fiercely", + "name": "Cassandra Robbins" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via GET /api/admin/teams/{id}/grants", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{{id}}/grants", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.94223+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-0cb6ef87", + "title": "sequence chain: /api/admin/teams → GET /api/admin/teams/{id}/members", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/teams", + "rationale": "field-similarity chain (score 1.00): /api/admin/teams → /api/admin/teams/{id}/members param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/teams", + "type": "setup", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Mind the hand, then celebrate!", + "displayName": "ride", + "name": "Dolores Grady" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via GET /api/admin/teams/{id}/members", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{{id}}/members", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942233+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3642a068", + "title": "sequence chain: /api/admin/teams → GET /api/admin/teams/{id}/services", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/teams", + "rationale": "field-similarity chain (score 1.00): /api/admin/teams → /api/admin/teams/{id}/services param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/teams", + "type": "setup", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Track problem over time weekly.", + "displayName": "of", + "name": "Owen Perez" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via GET /api/admin/teams/{id}/services", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{{id}}/services", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942237+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1b66938a", + "title": "sequence chain: /api/admin/teams → POST /api/admin/teams/{id}/grants", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/teams", + "rationale": "field-similarity chain (score 1.00): /api/admin/teams → /api/admin/teams/{id}/grants param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/teams", + "type": "setup", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Evenings in Oakland invite quieter man.", + "displayName": "which", + "name": "Clifton Shields" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via POST /api/admin/teams/{id}/grants", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{{id}}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "it" + ], + "expiresAt": "2001-12-10T08:50:19Z", + "granteeTeamId": "722fd61c-8b80-44f6-9e81-c9c8550ab73d", + "granteeUserId": "a1efd1eb-3a36-4f78-85fb-7edd1d4af481", + "serviceId": "2a7ed0b1-582d-4271-9b40-91828aded5f0" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942244+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-210690e6", + "title": "sequence chain: /api/admin/teams → POST /api/admin/teams/{id}/members", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/teams", + "rationale": "field-similarity chain (score 1.00): /api/admin/teams → /api/admin/teams/{id}/members param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/teams", + "type": "setup", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Weekends reserve time for Animation and fact.", + "displayName": "today", + "name": "Jeffrey Lyons" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via POST /api/admin/teams/{id}/members", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{{id}}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "owner", + "userId": "45f53f9f-487d-4010-8fff-c2d438433278" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.94225+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8cbdf061", + "title": "sequence chain: /api/admin/teams → PUT /api/admin/services/{serviceId}/team", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/teams", + "rationale": "field-similarity chain (score 0.50): /api/admin/teams → /api/admin/services/{serviceId}/team param serviceId", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/teams", + "type": "setup", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Optimize company for light clarity.", + "displayName": "many", + "name": "Christina Patterson" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "serviceId", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via PUT /api/admin/services/{serviceId}/team", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{{serviceId}}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "teamId": "40d2db88-109b-49a0-8983-e2740333822a" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942255+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2d5ea99d", + "title": "sequence chain: /api/admin/teams → PUT /api/admin/users/{id}", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/teams", + "rationale": "field-similarity chain (score 1.00): /api/admin/teams → /api/admin/users/{id} param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/teams", + "type": "setup", + "method": "POST", + "path": "/api/admin/teams", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "description": "Stage number behind feature flags.", + "displayName": "sew", + "name": "Stanley Purdy" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via PUT /api/admin/users/{id}", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{{id}}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": false, + "role": "super_admin" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942259+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8ef3fbbb", + "title": "sequence chain: /api/admin/webhooks → DELETE /api/admin/grants/{id}", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/webhooks", + "rationale": "field-similarity chain (score 1.00): /api/admin/webhooks → /api/admin/grants/{id} param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/webhooks", + "type": "setup", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "today" + ], + "name": "Abe Collier", + "providerType": "listen", + "teamId": "7fae1382-a4cd-4c6d-9387-4f7b3c489c4e", + "url": "https://www.staffclicks-and-mortar.biz/monetize/monetize/initiatives" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via DELETE /api/admin/grants/{id}", + "type": "test", + "method": "DELETE", + "path": "/api/admin/grants/{{id}}", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942264+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-763b85b6", + "title": "sequence chain: /api/admin/webhooks → DELETE /api/admin/users/{id}", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/webhooks", + "rationale": "field-similarity chain (score 1.00): /api/admin/webhooks → /api/admin/users/{id} param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/webhooks", + "type": "setup", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "other" + ], + "name": "Payton Yang", + "providerType": "anyone", + "teamId": "e7136d75-172b-46d0-8e7e-838fb2a645b4", + "url": "http://www.investorarchitectures.com/viral/real-time" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via DELETE /api/admin/users/{id}", + "type": "test", + "method": "DELETE", + "path": "/api/admin/users/{{id}}", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942268+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-83289d9f", + "title": "sequence chain: /api/admin/webhooks → GET /api/admin/teams/{id}/grants", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/webhooks", + "rationale": "field-similarity chain (score 1.00): /api/admin/webhooks → /api/admin/teams/{id}/grants param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/webhooks", + "type": "setup", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "yourself" + ], + "name": "Janis Santos", + "providerType": "owing", + "teamId": "f1f952e5-15e9-4e13-9296-ebf46b9a6f04", + "url": "http://www.corporateproductize.org/vortals" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via GET /api/admin/teams/{id}/grants", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{{id}}/grants", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942273+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-969a9fae", + "title": "sequence chain: /api/admin/webhooks → GET /api/admin/teams/{id}/members", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/webhooks", + "rationale": "field-similarity chain (score 1.00): /api/admin/webhooks → /api/admin/teams/{id}/members param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/webhooks", + "type": "setup", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "another" + ], + "name": "Roxanne Barber", + "providerType": "well", + "teamId": "360fddbd-2bf8-4533-b759-353946ddb3bb", + "url": "https://www.corporateimplement.net/recontextualize/extensible/leading-edge" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via GET /api/admin/teams/{id}/members", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{{id}}/members", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942278+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ce956549", + "title": "sequence chain: /api/admin/webhooks → GET /api/admin/teams/{id}/services", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/webhooks", + "rationale": "field-similarity chain (score 1.00): /api/admin/webhooks → /api/admin/teams/{id}/services param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/webhooks", + "type": "setup", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "does" + ], + "name": "Joanne Peterson", + "providerType": "extremely", + "teamId": "85472ea1-82f2-4e21-8559-2c86837acb46", + "url": "http://www.nationalroi.io/integrated/integrated/target/action-items" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via GET /api/admin/teams/{id}/services", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{{id}}/services", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942282+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-02ba968a", + "title": "sequence chain: /api/admin/webhooks → POST /api/admin/teams/{id}/grants", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/webhooks", + "rationale": "field-similarity chain (score 1.00): /api/admin/webhooks → /api/admin/teams/{id}/grants param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/webhooks", + "type": "setup", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "him" + ], + "name": "Cayla Rosenbaum", + "providerType": "ours", + "teamId": "ccd3929e-a106-4df3-8d31-66697e80dbe3", + "url": "https://www.seniore-enable.name/synergies/end-to-end/integrate/e-tailers" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via POST /api/admin/teams/{id}/grants", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{{id}}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "i.e." + ], + "expiresAt": "2011-10-23T02:54:47Z", + "granteeTeamId": "d189b00e-5719-4cc5-b97a-a00f62029da1", + "granteeUserId": "77c00823-081e-4450-9ea4-1bd04aabfdee", + "serviceId": "433f7b49-b2b9-485d-a48e-d48715ed6be5" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942289+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-393f686a", + "title": "sequence chain: /api/admin/webhooks → POST /api/admin/teams/{id}/members", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/webhooks", + "rationale": "field-similarity chain (score 1.00): /api/admin/webhooks → /api/admin/teams/{id}/members param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/webhooks", + "type": "setup", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "outside" + ], + "name": "Marlene Jacobs", + "providerType": "for", + "teamId": "c8d6d6a7-3cc6-4d33-b8b1-b6c03d928bf7", + "url": "http://www.internalbrand.info/impactful/transform/web-enabled/e-commerce" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via POST /api/admin/teams/{id}/members", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{{id}}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "member", + "userId": "6dc4ae45-29b7-456d-b346-b29b27cb5494" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942297+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-256209eb", + "title": "sequence chain: /api/admin/webhooks → PUT /api/admin/services/{serviceId}/team", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/webhooks", + "rationale": "field-similarity chain (score 0.50): /api/admin/webhooks → /api/admin/services/{serviceId}/team param serviceId", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/webhooks", + "type": "setup", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "throughout" + ], + "name": "Pablo Hoffman", + "providerType": "barely", + "teamId": "cc3b8d87-6c30-464d-a451-ec70a317a56a", + "url": "http://www.futuresynergize.org/evolve" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "serviceId", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via PUT /api/admin/services/{serviceId}/team", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{{serviceId}}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "teamId": "fbaecfc9-d46e-4518-8fc8-3534e881b114" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942302+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-88a6983e", + "title": "sequence chain: /api/admin/webhooks → PUT /api/admin/users/{id}", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/admin/webhooks", + "rationale": "field-similarity chain (score 1.00): /api/admin/webhooks → /api/admin/users/{id} param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/admin/webhooks", + "type": "setup", + "method": "POST", + "path": "/api/admin/webhooks", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "events": [ + "only" + ], + "name": "Dawson Matthews", + "providerType": "that", + "teamId": "7c2b8aba-98b4-477e-b7fe-f53f6306f514", + "url": "http://www.financecultivate.com/envisioneer/enable/synergies/strategize" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via PUT /api/admin/users/{id}", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{{id}}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": false, + "role": "super_admin" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942307+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-e1324ddf", + "title": "sequence chain: /api/tokens → DELETE /api/admin/grants/{id}", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/tokens", + "rationale": "field-similarity chain (score 1.00): /api/tokens → /api/admin/grants/{id} param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/tokens", + "type": "setup", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Bernardo Auer", + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via DELETE /api/admin/grants/{id}", + "type": "test", + "method": "DELETE", + "path": "/api/admin/grants/{{id}}", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942311+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-60268ad8", + "title": "sequence chain: /api/tokens → DELETE /api/admin/users/{id}", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/tokens", + "rationale": "field-similarity chain (score 1.00): /api/tokens → /api/admin/users/{id} param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/tokens", + "type": "setup", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Rafael Hopkins", + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via DELETE /api/admin/users/{id}", + "type": "test", + "method": "DELETE", + "path": "/api/admin/users/{{id}}", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942314+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f107e18d", + "title": "sequence chain: /api/tokens → GET /api/admin/teams/{id}/grants", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/tokens", + "rationale": "field-similarity chain (score 1.00): /api/tokens → /api/admin/teams/{id}/grants param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/tokens", + "type": "setup", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Janie Stone", + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via GET /api/admin/teams/{id}/grants", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{{id}}/grants", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942316+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-90e7f90e", + "title": "sequence chain: /api/tokens → GET /api/admin/teams/{id}/members", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/tokens", + "rationale": "field-similarity chain (score 1.00): /api/tokens → /api/admin/teams/{id}/members param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/tokens", + "type": "setup", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Brett Bird", + "scope": "read" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via GET /api/admin/teams/{id}/members", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{{id}}/members", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942318+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-bda7e5b2", + "title": "sequence chain: /api/tokens → GET /api/admin/teams/{id}/services", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/tokens", + "rationale": "field-similarity chain (score 1.00): /api/tokens → /api/admin/teams/{id}/services param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/tokens", + "type": "setup", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Bernadine Murray", + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via GET /api/admin/teams/{id}/services", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{{id}}/services", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.94232+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ba99a719", + "title": "sequence chain: /api/tokens → POST /api/admin/teams/{id}/grants", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/tokens", + "rationale": "field-similarity chain (score 1.00): /api/tokens → /api/admin/teams/{id}/grants param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/tokens", + "type": "setup", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Aric Carpenter", + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via POST /api/admin/teams/{id}/grants", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{{id}}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "consequence" + ], + "expiresAt": "1923-07-31T23:48:34Z", + "granteeTeamId": "951d9915-63f4-46d3-b5d5-8b170b457b9e", + "granteeUserId": "bbc3acfe-6b9e-4c9c-bf24-b4d09f78276d", + "serviceId": "47af9d4e-ddf7-4f73-8a33-2c60da4c1f72" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942325+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-714b8b84", + "title": "sequence chain: /api/tokens → POST /api/admin/teams/{id}/members", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/tokens", + "rationale": "field-similarity chain (score 1.00): /api/tokens → /api/admin/teams/{id}/members param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/tokens", + "type": "setup", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Athena Fernandez", + "scope": "read" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via POST /api/admin/teams/{id}/members", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{{id}}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "member", + "userId": "02ef8546-0050-41de-be11-ab585b23ac54" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942329+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-110b6d72", + "title": "sequence chain: /api/tokens → PUT /api/admin/services/{serviceId}/team", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/tokens", + "rationale": "field-similarity chain (score 0.50): /api/tokens → /api/admin/services/{serviceId}/team param serviceId", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/tokens", + "type": "setup", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Diego Herman", + "scope": "read" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "serviceId", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via PUT /api/admin/services/{serviceId}/team", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{{serviceId}}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "teamId": "9e4f4d0e-d5d7-447e-830c-1c638616ddbf" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942332+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-3028e37b", + "title": "sequence chain: /api/tokens → PUT /api/admin/users/{id}", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/tokens", + "rationale": "field-similarity chain (score 1.00): /api/tokens → /api/admin/users/{id} param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/tokens", + "type": "setup", + "method": "POST", + "path": "/api/tokens", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "name": "Dante Kennedy", + "scope": "write" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.id" + } + ] + }, + { + "id": "step-test", + "title": "use via PUT /api/admin/users/{id}", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{{id}}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": true, + "role": "super_admin" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942335+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8c25506c", + "title": "sequence chain: /api/upload → GET /api/specs/{service}/{branch}/openapi.json", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/upload", + "rationale": "field-similarity chain (score 1.00): /api/upload → /api/specs/{service}/{branch}/openapi.json param service", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/upload", + "type": "setup", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "gift", + "commitSha": "host", + "service": "been", + "specContent": "time" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "service", + "from": "jsonpath $.service" + } + ] + }, + { + "id": "step-test", + "title": "use via GET /api/specs/{service}/{branch}/openapi.json", + "type": "test", + "method": "GET", + "path": "/api/specs/{{service}}/{branch}/openapi.json", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942342+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-f88dc931", + "title": "sequence chain: /api/upload → PUT /api/admin/services/{serviceId}/team", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/api/upload", + "rationale": "field-similarity chain (score 0.50): /api/upload → /api/admin/services/{serviceId}/team param serviceId", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /api/upload", + "type": "setup", + "method": "POST", + "path": "/api/upload", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branch": "someone", + "commitSha": "instead", + "service": "therefore", + "specContent": "yesterday" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "serviceId", + "from": "jsonpath $.service" + } + ] + }, + { + "id": "step-test", + "title": "use via PUT /api/admin/services/{serviceId}/team", + "type": "test", + "method": "PUT", + "path": "/api/admin/services/{{serviceId}}/team", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "teamId": "e76c96fd-19bb-41c3-a5a4-6720d313f439" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942347+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2db91768", + "title": "sequence chain: /auth/login → DELETE /api/admin/grants/{id}", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/auth/login", + "rationale": "field-similarity chain (score 0.50): /auth/login → /api/admin/grants/{id} param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /auth/login", + "type": "setup", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "elbertgibson@sanchez.biz", + "password": "which" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.userId" + } + ] + }, + { + "id": "step-test", + "title": "use via DELETE /api/admin/grants/{id}", + "type": "test", + "method": "DELETE", + "path": "/api/admin/grants/{{id}}", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.94235+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-8192e6ba", + "title": "sequence chain: /auth/login → DELETE /api/admin/users/{id}", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/auth/login", + "rationale": "field-similarity chain (score 0.50): /auth/login → /api/admin/users/{id} param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /auth/login", + "type": "setup", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "meaghanbailey@simpson.io", + "password": "whatever" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.userId" + } + ] + }, + { + "id": "step-test", + "title": "use via DELETE /api/admin/users/{id}", + "type": "test", + "method": "DELETE", + "path": "/api/admin/users/{{id}}", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942352+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4f853ed4", + "title": "sequence chain: /auth/login → GET /api/admin/teams/{id}/grants", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/auth/login", + "rationale": "field-similarity chain (score 0.50): /auth/login → /api/admin/teams/{id}/grants param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /auth/login", + "type": "setup", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "frankiewebb@davies.org", + "password": "for" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.userId" + } + ] + }, + { + "id": "step-test", + "title": "use via GET /api/admin/teams/{id}/grants", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{{id}}/grants", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942359+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-315cb6bf", + "title": "sequence chain: /auth/login → GET /api/admin/teams/{id}/members", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/auth/login", + "rationale": "field-similarity chain (score 0.50): /auth/login → /api/admin/teams/{id}/members param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /auth/login", + "type": "setup", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "manuelcasper@owen.net", + "password": "herself" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.userId" + } + ] + }, + { + "id": "step-test", + "title": "use via GET /api/admin/teams/{id}/members", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{{id}}/members", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942363+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ccf62dd8", + "title": "sequence chain: /auth/login → GET /api/admin/teams/{id}/services", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/auth/login", + "rationale": "field-similarity chain (score 0.50): /auth/login → /api/admin/teams/{id}/services param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /auth/login", + "type": "setup", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "chetbergstrom@carroll.org", + "password": "additionally" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.userId" + } + ] + }, + { + "id": "step-test", + "title": "use via GET /api/admin/teams/{id}/services", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{{id}}/services", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942365+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ba58927e", + "title": "sequence chain: /auth/login → POST /api/admin/teams/{id}/grants", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/auth/login", + "rationale": "field-similarity chain (score 0.50): /auth/login → /api/admin/teams/{id}/grants param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /auth/login", + "type": "setup", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "chaimbird@peters.info", + "password": "have" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.userId" + } + ] + }, + { + "id": "step-test", + "title": "use via POST /api/admin/teams/{id}/grants", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{{id}}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "anybody" + ], + "expiresAt": "1900-01-23T02:22:54Z", + "granteeTeamId": "2c916244-ec7b-46c4-8a46-75d8003b66f2", + "granteeUserId": "c582e301-b02e-418f-9960-f865b66da97f", + "serviceId": "eaa19ebb-002b-497c-a98a-0293aa5606ad" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.94237+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b9578186", + "title": "sequence chain: /auth/login → POST /api/admin/teams/{id}/members", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/auth/login", + "rationale": "field-similarity chain (score 0.50): /auth/login → /api/admin/teams/{id}/members param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /auth/login", + "type": "setup", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "dwightsummers@schuster.org", + "password": "model" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.userId" + } + ] + }, + { + "id": "step-test", + "title": "use via POST /api/admin/teams/{id}/members", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{{id}}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "owner", + "userId": "5f656700-5067-4ad1-8384-1fb850bc7bf2" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942374+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-4e754ff4", + "title": "sequence chain: /auth/login → PUT /api/admin/users/{id}", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/auth/login", + "rationale": "field-similarity chain (score 0.50): /auth/login → /api/admin/users/{id} param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /auth/login", + "type": "setup", + "method": "POST", + "path": "/auth/login", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "amparoknight@evans.biz", + "password": "always" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.userId" + } + ] + }, + { + "id": "step-test", + "title": "use via PUT /api/admin/users/{id}", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{{id}}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": true, + "role": "team_owner" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.94238+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-465a3cf5", + "title": "sequence chain: /auth/register → DELETE /api/admin/grants/{id}", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/auth/register", + "rationale": "field-similarity chain (score 0.50): /auth/register → /api/admin/grants/{id} param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /auth/register", + "type": "setup", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "hollybarker@garza.com", + "password": "who" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.userId" + } + ] + }, + { + "id": "step-test", + "title": "use via DELETE /api/admin/grants/{id}", + "type": "test", + "method": "DELETE", + "path": "/api/admin/grants/{{id}}", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942384+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b3bffa74", + "title": "sequence chain: /auth/register → DELETE /api/admin/users/{id}", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/auth/register", + "rationale": "field-similarity chain (score 0.50): /auth/register → /api/admin/users/{id} param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /auth/register", + "type": "setup", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "fannystevenson@daugherty.com", + "password": "way" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.userId" + } + ] + }, + { + "id": "step-test", + "title": "use via DELETE /api/admin/users/{id}", + "type": "test", + "method": "DELETE", + "path": "/api/admin/users/{{id}}", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942386+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-a05de11b", + "title": "sequence chain: /auth/register → GET /api/admin/teams/{id}/grants", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/auth/register", + "rationale": "field-similarity chain (score 0.50): /auth/register → /api/admin/teams/{id}/grants param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /auth/register", + "type": "setup", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "claramorales@barton.org", + "password": "tickle" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.userId" + } + ] + }, + { + "id": "step-test", + "title": "use via GET /api/admin/teams/{id}/grants", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{{id}}/grants", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942389+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-b5dca30c", + "title": "sequence chain: /auth/register → GET /api/admin/teams/{id}/members", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/auth/register", + "rationale": "field-similarity chain (score 0.50): /auth/register → /api/admin/teams/{id}/members param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /auth/register", + "type": "setup", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "greggburns@spencer.info", + "password": "motivation" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.userId" + } + ] + }, + { + "id": "step-test", + "title": "use via GET /api/admin/teams/{id}/members", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{{id}}/members", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942396+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-344df791", + "title": "sequence chain: /auth/register → GET /api/admin/teams/{id}/services", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/auth/register", + "rationale": "field-similarity chain (score 0.50): /auth/register → /api/admin/teams/{id}/services param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /auth/register", + "type": "setup", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "joshpalmer@blake.info", + "password": "wad" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.userId" + } + ] + }, + { + "id": "step-test", + "title": "use via GET /api/admin/teams/{id}/services", + "type": "test", + "method": "GET", + "path": "/api/admin/teams/{{id}}/services", + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942398+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-10533daf", + "title": "sequence chain: /auth/register → POST /api/admin/teams/{id}/grants", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/auth/register", + "rationale": "field-similarity chain (score 0.50): /auth/register → /api/admin/teams/{id}/grants param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /auth/register", + "type": "setup", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "chaunceyjacobi@white.com", + "password": "that" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.userId" + } + ] + }, + { + "id": "step-test", + "title": "use via POST /api/admin/teams/{id}/grants", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{{id}}/grants", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "branches": [ + "disregard" + ], + "expiresAt": "2003-09-24T09:23:31Z", + "granteeTeamId": "c727d010-3eb5-469f-93d2-a46ab145fcf5", + "granteeUserId": "9f6fa71f-b14f-4fe8-bd62-fe79743d34db", + "serviceId": "1f968d6d-ab6e-4d94-b8de-a0df2b4a5209" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942404+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-98e576b1", + "title": "sequence chain: /auth/register → POST /api/admin/teams/{id}/members", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/auth/register", + "rationale": "field-similarity chain (score 0.50): /auth/register → /api/admin/teams/{id}/members param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /auth/register", + "type": "setup", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "lukasvalencia@cummings.name", + "password": "couple" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.userId" + } + ] + }, + { + "id": "step-test", + "title": "use via POST /api/admin/teams/{id}/members", + "type": "test", + "method": "POST", + "path": "/api/admin/teams/{{id}}/members", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "role": "owner", + "userId": "204452b4-832e-4601-a227-8ecf3cc125ec" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942408+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-0c6076ab", + "title": "sequence chain: /auth/register → PUT /api/admin/users/{id}", + "kind": "chain", + "priority": "P1", + "tags": null, + "source": { + "technique": "chain_sequence", + "spec_path": "/auth/register", + "rationale": "field-similarity chain (score 0.50): /auth/register → /api/admin/users/{id} param id", + "scenario": "CHAIN_SEQUENCE" + }, + "steps": [ + { + "id": "step-setup", + "title": "create via POST /auth/register", + "type": "setup", + "method": "POST", + "path": "/auth/register", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "email": "sharonwright@dietrich.org", + "password": "it" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "captures": [ + { + "name": "id", + "from": "jsonpath $.userId" + } + ] + }, + { + "id": "step-test", + "title": "use via PUT /api/admin/users/{id}", + "type": "test", + "method": "PUT", + "path": "/api/admin/users/{{id}}", + "headers": { + "Content-Type": "application/json" + }, + "body": { + "isActive": false, + "role": "team_owner" + }, + "assertions": [ + { + "target": "status_code", + "operator": "lt", + "expected": 300 + } + ], + "depends_on": [ + "step-setup" + ] + } + ], + "generated_at": "2026-05-06T21:30:41.942411+08:00" + } + ] +} \ No newline at end of file diff --git a/cmd/cases/index.json b/cmd/cases/index.json new file mode 100644 index 0000000..3f0c1ec --- /dev/null +++ b/cmd/cases/index.json @@ -0,0 +1,270 @@ +{ + "$schema": "https://caseforge.dev/schema/v1/index.json", + "version": "1", + "generated_at": "2026-05-06T21:53:17.49805+08:00", + "meta": { + "caseforge_version": "dev", + "by_technique": { + "ask": 6 + }, + "by_priority": { + "P0": 1, + "P1": 4, + "P2": 1 + }, + "by_kind": { + "chain": 1, + "single": 5 + } + }, + "test_cases": [ + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-1bc07161", + "title": "Create user with valid data", + "kind": "single", + "priority": "P0", + "tags": [ + "happy-path", + "create" + ], + "source": { + "technique": "ask", + "spec_path": "", + "rationale": "POST /users - create user" + }, + "steps": [ + { + "id": "step-1", + "title": "POST new user with all required fields", + "type": "test", + "method": "POST", + "path": "/users", + "body": { + "email": "john.doe@example.com", + "name": "John Doe", + "password": "SecurePass123!" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 201 + } + ] + } + ], + "generated_at": "2026-05-06T21:53:17.498008+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-20f71db2", + "title": "Create user missing required name field", + "kind": "single", + "priority": "P1", + "tags": [ + "validation", + "error" + ], + "source": { + "technique": "ask", + "spec_path": "", + "rationale": "POST /users - create user" + }, + "steps": [ + { + "id": "step-1", + "title": "POST user without name", + "type": "test", + "method": "POST", + "path": "/users", + "body": { + "email": "missing.name@example.com", + "password": "SecurePass123!" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:53:17.49801+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-802bab4d", + "title": "Create user with invalid email format", + "kind": "single", + "priority": "P1", + "tags": [ + "validation", + "error" + ], + "source": { + "technique": "ask", + "spec_path": "", + "rationale": "POST /users - create user" + }, + "steps": [ + { + "id": "step-1", + "title": "POST user with malformed email", + "type": "test", + "method": "POST", + "path": "/users", + "body": { + "email": "not-an-email", + "name": "Jane Doe", + "password": "SecurePass123!" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:53:17.498011+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-2143a276", + "title": "Create user with duplicate email", + "kind": "chain", + "priority": "P1", + "tags": [ + "duplicate", + "error" + ], + "source": { + "technique": "ask", + "spec_path": "", + "rationale": "POST /users - create user" + }, + "steps": [ + { + "id": "step-1", + "title": "Create first user", + "type": "test", + "method": "POST", + "path": "/users", + "body": { + "email": "duplicate@example.com", + "name": "First User", + "password": "SecurePass123!" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 201 + } + ] + }, + { + "id": "step-2", + "title": "Attempt to create second user with same email", + "type": "test", + "method": "POST", + "path": "/users", + "body": { + "email": "duplicate@example.com", + "name": "Second User", + "password": "DifferentPass456!" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 409 + } + ] + } + ], + "generated_at": "2026-05-06T21:53:17.498011+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-ae7a9790", + "title": "Create user with empty request body", + "kind": "single", + "priority": "P1", + "tags": [ + "validation", + "error" + ], + "source": { + "technique": "ask", + "spec_path": "", + "rationale": "POST /users - create user" + }, + "steps": [ + { + "id": "step-1", + "title": "POST with empty body", + "type": "test", + "method": "POST", + "path": "/users", + "body": {}, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:53:17.498012+08:00" + }, + { + "$schema": "https://caseforge.dev/schema/v1/testcase.json", + "version": "1", + "id": "TC-61182975", + "title": "Create user with weak password", + "kind": "single", + "priority": "P2", + "tags": [ + "validation", + "security" + ], + "source": { + "technique": "ask", + "spec_path": "", + "rationale": "POST /users - create user" + }, + "steps": [ + { + "id": "step-1", + "title": "POST user with short password", + "type": "test", + "method": "POST", + "path": "/users", + "body": { + "email": "weakpass@example.com", + "name": "Weak Pass User", + "password": "123" + }, + "assertions": [ + { + "target": "status_code", + "operator": "eq", + "expected": 400 + } + ] + } + ], + "generated_at": "2026-05-06T21:53:17.498012+08:00" + } + ] +} \ No newline at end of file diff --git a/cmd/cases/users_post_create_and_retrieve_user_8a91cfff.hurl b/cmd/cases/users_post_create_and_retrieve_user_8a91cfff.hurl new file mode 100644 index 0000000..6a23ad4 --- /dev/null +++ b/cmd/cases/users_post_create_and_retrieve_user_8a91cfff.hurl @@ -0,0 +1,32 @@ +# ══════════════════════════════════════════════════ +# Create and retrieve user +# case_id=TC-8a91cfff +# case_name=Create and retrieve user +# case_kind=chain +# priority=P0 +# ══════════════════════════════════════════════════ + +# ── POST new user [test] ──────────────────── +# step_id=step-1 +# step_type=test +# title=POST new user + +POST {{base_url}}/users +```json +{ + "email": "jane.smith@example.com", + "name": "Jane Smith" +} +``` + +HTTP 201 + +# ── GET created user by ID [test] ─────────── +# step_id=step-2 +# step_type=test +# title=GET created user by ID + +GET {{base_url}}/users/1 + +HTTP 200 + diff --git a/cmd/cases/users_post_create_duplicate_user_62e19623.hurl b/cmd/cases/users_post_create_duplicate_user_62e19623.hurl new file mode 100644 index 0000000..e48400f --- /dev/null +++ b/cmd/cases/users_post_create_duplicate_user_62e19623.hurl @@ -0,0 +1,40 @@ +# ══════════════════════════════════════════════════ +# Create duplicate user +# case_id=TC-62e19623 +# case_name=Create duplicate user +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── Create first user [test] ──────────────── +# step_id=step-1 +# step_type=test +# title=Create first user + +POST {{base_url}}/users +```json +{ + "email": "jane.doe@example.com", + "name": "Jane Doe", + "password": "SecurePass123!" +} +``` + +HTTP 201 + +# ── Attempt to create duplicate user [test] ── +# step_id=step-2 +# step_type=test +# title=Attempt to create duplicate user + +POST {{base_url}}/users +```json +{ + "email": "jane.doe@example.com", + "name": "Jane Doe", + "password": "AnotherPass456!" +} +``` + +HTTP 409 + diff --git a/cmd/cases/users_post_create_duplicate_user_with_existing_email_7c11147b.hurl b/cmd/cases/users_post_create_duplicate_user_with_existing_email_7c11147b.hurl new file mode 100644 index 0000000..c378547 --- /dev/null +++ b/cmd/cases/users_post_create_duplicate_user_with_existing_email_7c11147b.hurl @@ -0,0 +1,40 @@ +# ══════════════════════════════════════════════════ +# Create duplicate user with existing email +# case_id=TC-7c11147b +# case_name=Create duplicate user with existing email +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── POST first user [test] ────────────────── +# step_id=step-1 +# step_type=test +# title=POST first user + +POST {{base_url}}/users +```json +{ + "email": "duplicate@example.com", + "name": "Duplicate User", + "password": "SecurePass123!" +} +``` + +HTTP 201 + +# ── POST second user with same email [test] ── +# step_id=step-2 +# step_type=test +# title=POST second user with same email + +POST {{base_url}}/users +```json +{ + "email": "duplicate@example.com", + "name": "Another User", + "password": "DifferentPass456!" +} +``` + +HTTP 409 + diff --git a/cmd/cases/users_post_create_user_and_retrieve_it_f9ba7a73.hurl b/cmd/cases/users_post_create_user_and_retrieve_it_f9ba7a73.hurl new file mode 100644 index 0000000..ffd3482 --- /dev/null +++ b/cmd/cases/users_post_create_user_and_retrieve_it_f9ba7a73.hurl @@ -0,0 +1,33 @@ +# ══════════════════════════════════════════════════ +# Create user and retrieve it +# case_id=TC-f9ba7a73 +# case_name=Create user and retrieve it +# case_kind=chain +# priority=P0 +# ══════════════════════════════════════════════════ + +# ── Create new user [test] ────────────────── +# step_id=step-1 +# step_type=test +# title=Create new user + +POST {{base_url}}/users +```json +{ + "email": "alice.smith@example.com", + "name": "Alice Smith", + "password": "SecurePass123!" +} +``` + +HTTP 201 + +# ── Retrieve created user [test] ──────────── +# step_id=step-2 +# step_type=test +# title=Retrieve created user + +GET {{base_url}}/users/1 + +HTTP 200 + diff --git a/cmd/cases/users_post_create_user_missing_required_fields_053ab84f.hurl b/cmd/cases/users_post_create_user_missing_required_fields_053ab84f.hurl new file mode 100644 index 0000000..cf7aaeb --- /dev/null +++ b/cmd/cases/users_post_create_user_missing_required_fields_053ab84f.hurl @@ -0,0 +1,17 @@ +# ── Create user missing required fields ───── +# case_id=TC-053ab84f +# case_name=Create user missing required fields +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "name": "John Doe" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_missing_required_fields_8b269035.hurl b/cmd/cases/users_post_create_user_missing_required_fields_8b269035.hurl new file mode 100644 index 0000000..9012158 --- /dev/null +++ b/cmd/cases/users_post_create_user_missing_required_fields_8b269035.hurl @@ -0,0 +1,17 @@ +# ── Create user missing required fields ───── +# case_id=TC-8b269035 +# case_name=Create user missing required fields +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "name": "Jane Doe" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_missing_required_fields_d374ddbf.hurl b/cmd/cases/users_post_create_user_missing_required_fields_d374ddbf.hurl new file mode 100644 index 0000000..fa8e8c4 --- /dev/null +++ b/cmd/cases/users_post_create_user_missing_required_fields_d374ddbf.hurl @@ -0,0 +1,18 @@ +# ── Create user missing required fields ───── +# case_id=TC-d374ddbf +# case_name=Create user missing required fields +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "name": "Jane Doe", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_missing_required_fields_e321037a.hurl b/cmd/cases/users_post_create_user_missing_required_fields_e321037a.hurl new file mode 100644 index 0000000..e485fa3 --- /dev/null +++ b/cmd/cases/users_post_create_user_missing_required_fields_e321037a.hurl @@ -0,0 +1,18 @@ +# ── Create user missing required fields ───── +# case_id=TC-e321037a +# case_name=Create user missing required fields +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "name": "Jane Doe", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_missing_required_name_field_20f71db2.hurl b/cmd/cases/users_post_create_user_missing_required_name_field_20f71db2.hurl new file mode 100644 index 0000000..93ca637 --- /dev/null +++ b/cmd/cases/users_post_create_user_missing_required_name_field_20f71db2.hurl @@ -0,0 +1,18 @@ +# ── Create user missing required name field ── +# case_id=TC-20f71db2 +# case_name=Create user missing required name field +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "email": "missing.name@example.com", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_successfully_with_valid_data_6bdcfc62.hurl b/cmd/cases/users_post_create_user_successfully_with_valid_data_6bdcfc62.hurl new file mode 100644 index 0000000..9fc78c7 --- /dev/null +++ b/cmd/cases/users_post_create_user_successfully_with_valid_data_6bdcfc62.hurl @@ -0,0 +1,19 @@ +# ── Create user successfully with valid data ── +# case_id=TC-6bdcfc62 +# case_name=Create user successfully with valid data +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "email": "john.doe@example.com", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 201 + diff --git a/cmd/cases/users_post_create_user_successfully_with_valid_data_d6d2f9b6.hurl b/cmd/cases/users_post_create_user_successfully_with_valid_data_d6d2f9b6.hurl new file mode 100644 index 0000000..8a8006e --- /dev/null +++ b/cmd/cases/users_post_create_user_successfully_with_valid_data_d6d2f9b6.hurl @@ -0,0 +1,19 @@ +# ── Create user successfully with valid data ── +# case_id=TC-d6d2f9b6 +# case_name=Create user successfully with valid data +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "email": "john.doe@example.com", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 201 + diff --git a/cmd/cases/users_post_create_user_successfully_with_valid_data_ed41be39.hurl b/cmd/cases/users_post_create_user_successfully_with_valid_data_ed41be39.hurl new file mode 100644 index 0000000..680d25d --- /dev/null +++ b/cmd/cases/users_post_create_user_successfully_with_valid_data_ed41be39.hurl @@ -0,0 +1,19 @@ +# ── Create user successfully with valid data ── +# case_id=TC-ed41be39 +# case_name=Create user successfully with valid data +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "email": "john.doe@example.com", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 201 + diff --git a/cmd/cases/users_post_create_user_with_all_required_fields_ca607f38.hurl b/cmd/cases/users_post_create_user_with_all_required_fields_ca607f38.hurl new file mode 100644 index 0000000..26a6dae --- /dev/null +++ b/cmd/cases/users_post_create_user_with_all_required_fields_ca607f38.hurl @@ -0,0 +1,19 @@ +# ── Create user with all required fields ──── +# case_id=TC-ca607f38 +# case_name=Create user with all required fields +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "email": "john.doe@example.com", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 201 + diff --git a/cmd/cases/users_post_create_user_with_duplicate_email_0be9ec08.hurl b/cmd/cases/users_post_create_user_with_duplicate_email_0be9ec08.hurl new file mode 100644 index 0000000..78fb427 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_duplicate_email_0be9ec08.hurl @@ -0,0 +1,40 @@ +# ══════════════════════════════════════════════════ +# Create user with duplicate email +# case_id=TC-0be9ec08 +# case_name=Create user with duplicate email +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── POST first user successfully [test] ───── +# step_id=step-1 +# step_type=test +# title=POST first user successfully + +POST {{base_url}}/users +```json +{ + "email": "alice@example.com", + "name": "Alice Johnson", + "password": "SecurePass123!" +} +``` + +HTTP 201 + +# ── POST second user with same email [test] ── +# step_id=step-2 +# step_type=test +# title=POST second user with same email + +POST {{base_url}}/users +```json +{ + "email": "alice@example.com", + "name": "Alice Smith", + "password": "DifferentPass456!" +} +``` + +HTTP 409 + diff --git a/cmd/cases/users_post_create_user_with_duplicate_email_14bec37e.hurl b/cmd/cases/users_post_create_user_with_duplicate_email_14bec37e.hurl new file mode 100644 index 0000000..e0c447e --- /dev/null +++ b/cmd/cases/users_post_create_user_with_duplicate_email_14bec37e.hurl @@ -0,0 +1,40 @@ +# ══════════════════════════════════════════════════ +# Create user with duplicate email +# case_id=TC-14bec37e +# case_name=Create user with duplicate email +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── POST first user [test] ────────────────── +# step_id=step-1 +# step_type=test +# title=POST first user + +POST {{base_url}}/users +```json +{ + "email": "alice@example.com", + "name": "Alice Johnson", + "password": "SecurePass123!" +} +``` + +HTTP 201 + +# ── POST second user with same email [test] ── +# step_id=step-2 +# step_type=test +# title=POST second user with same email + +POST {{base_url}}/users +```json +{ + "email": "alice@example.com", + "name": "Alice Duplicate", + "password": "AnotherPass456!" +} +``` + +HTTP 409 + diff --git a/cmd/cases/users_post_create_user_with_duplicate_email_16b5e1af.hurl b/cmd/cases/users_post_create_user_with_duplicate_email_16b5e1af.hurl new file mode 100644 index 0000000..90e217e --- /dev/null +++ b/cmd/cases/users_post_create_user_with_duplicate_email_16b5e1af.hurl @@ -0,0 +1,19 @@ +# ── Create user with duplicate email ──────── +# case_id=TC-16b5e1af +# case_name=Create user with duplicate email +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "email": "existing.user@example.com", + "name": "Jane Doe", + "password": "SecurePass123!" +} +``` + +HTTP 409 + diff --git a/cmd/cases/users_post_create_user_with_duplicate_email_2143a276.hurl b/cmd/cases/users_post_create_user_with_duplicate_email_2143a276.hurl new file mode 100644 index 0000000..dd61193 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_duplicate_email_2143a276.hurl @@ -0,0 +1,40 @@ +# ══════════════════════════════════════════════════ +# Create user with duplicate email +# case_id=TC-2143a276 +# case_name=Create user with duplicate email +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── Create first user [test] ──────────────── +# step_id=step-1 +# step_type=test +# title=Create first user + +POST {{base_url}}/users +```json +{ + "email": "duplicate@example.com", + "name": "First User", + "password": "SecurePass123!" +} +``` + +HTTP 201 + +# ── Attempt to create second user with same email [test] ── +# step_id=step-2 +# step_type=test +# title=Attempt to create second user with same email + +POST {{base_url}}/users +```json +{ + "email": "duplicate@example.com", + "name": "Second User", + "password": "DifferentPass456!" +} +``` + +HTTP 409 + diff --git a/cmd/cases/users_post_create_user_with_duplicate_email_4540500f.hurl b/cmd/cases/users_post_create_user_with_duplicate_email_4540500f.hurl new file mode 100644 index 0000000..a0e7f8c --- /dev/null +++ b/cmd/cases/users_post_create_user_with_duplicate_email_4540500f.hurl @@ -0,0 +1,40 @@ +# ══════════════════════════════════════════════════ +# Create user with duplicate email +# case_id=TC-4540500f +# case_name=Create user with duplicate email +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── Create first user [test] ──────────────── +# step_id=step-1 +# step_type=test +# title=Create first user + +POST {{base_url}}/users +```json +{ + "email": "alice@example.com", + "name": "Alice Johnson", + "password": "SecurePass123!" +} +``` + +HTTP 201 + +# ── Attempt to create second user with same email [test] ── +# step_id=step-2 +# step_type=test +# title=Attempt to create second user with same email + +POST {{base_url}}/users +```json +{ + "email": "alice@example.com", + "name": "Alice Smith", + "password": "DifferentPass456!" +} +``` + +HTTP 409 + diff --git a/cmd/cases/users_post_create_user_with_duplicate_email_847c5ec7.hurl b/cmd/cases/users_post_create_user_with_duplicate_email_847c5ec7.hurl new file mode 100644 index 0000000..4fc8df7 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_duplicate_email_847c5ec7.hurl @@ -0,0 +1,40 @@ +# ══════════════════════════════════════════════════ +# Create user with duplicate email +# case_id=TC-847c5ec7 +# case_name=Create user with duplicate email +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── POST first user successfully [test] ───── +# step_id=step-1 +# step_type=test +# title=POST first user successfully + +POST {{base_url}}/users +```json +{ + "email": "duplicate@example.com", + "name": "Duplicate User", + "password": "Password123" +} +``` + +HTTP 201 + +# ── POST second user with same email [test] ── +# step_id=step-2 +# step_type=test +# title=POST second user with same email + +POST {{base_url}}/users +```json +{ + "email": "duplicate@example.com", + "name": "Another User", + "password": "DifferentPass456" +} +``` + +HTTP 409 + diff --git a/cmd/cases/users_post_create_user_with_duplicate_email_855ae92d.hurl b/cmd/cases/users_post_create_user_with_duplicate_email_855ae92d.hurl new file mode 100644 index 0000000..b0f2219 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_duplicate_email_855ae92d.hurl @@ -0,0 +1,40 @@ +# ══════════════════════════════════════════════════ +# Create user with duplicate email +# case_id=TC-855ae92d +# case_name=Create user with duplicate email +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── POST first user [test] ────────────────── +# step_id=step-1 +# step_type=test +# title=POST first user + +POST {{base_url}}/users +```json +{ + "email": "alice@example.com", + "name": "Alice Brown", + "password": "SecurePass123!" +} +``` + +HTTP 201 + +# ── POST second user with same email [test] ── +# step_id=step-2 +# step_type=test +# title=POST second user with same email + +POST {{base_url}}/users +```json +{ + "email": "alice@example.com", + "name": "Alice Duplicate", + "password": "AnotherPass456!" +} +``` + +HTTP 409 + diff --git a/cmd/cases/users_post_create_user_with_duplicate_email_d50aa5de.hurl b/cmd/cases/users_post_create_user_with_duplicate_email_d50aa5de.hurl new file mode 100644 index 0000000..8da5d6e --- /dev/null +++ b/cmd/cases/users_post_create_user_with_duplicate_email_d50aa5de.hurl @@ -0,0 +1,40 @@ +# ══════════════════════════════════════════════════ +# Create user with duplicate email +# case_id=TC-d50aa5de +# case_name=Create user with duplicate email +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── POST first user [test] ────────────────── +# step_id=step-1 +# step_type=test +# title=POST first user + +POST {{base_url}}/users +```json +{ + "email": "jane.doe@example.com", + "name": "Jane Doe", + "password": "SecurePass123!" +} +``` + +HTTP 201 + +# ── POST second user with same email [test] ── +# step_id=step-2 +# step_type=test +# title=POST second user with same email + +POST {{base_url}}/users +```json +{ + "email": "jane.doe@example.com", + "name": "Jane Smith", + "password": "AnotherPass456!" +} +``` + +HTTP 409 + diff --git a/cmd/cases/users_post_create_user_with_duplicate_email_ec600d0b.hurl b/cmd/cases/users_post_create_user_with_duplicate_email_ec600d0b.hurl new file mode 100644 index 0000000..3898ee8 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_duplicate_email_ec600d0b.hurl @@ -0,0 +1,40 @@ +# ══════════════════════════════════════════════════ +# Create user with duplicate email +# case_id=TC-ec600d0b +# case_name=Create user with duplicate email +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── POST first user [test] ────────────────── +# step_id=step-1 +# step_type=test +# title=POST first user + +POST {{base_url}}/users +```json +{ + "email": "alice.brown@example.com", + "name": "Alice Brown", + "password": "SecurePass123!" +} +``` + +HTTP 201 + +# ── POST second user with same email [test] ── +# step_id=step-2 +# step_type=test +# title=POST second user with same email + +POST {{base_url}}/users +```json +{ + "email": "alice.brown@example.com", + "name": "Alice Duplicate", + "password": "AnotherPass456!" +} +``` + +HTTP 409 + diff --git a/cmd/cases/users_post_create_user_with_empty_body_563fc76d.hurl b/cmd/cases/users_post_create_user_with_empty_body_563fc76d.hurl new file mode 100644 index 0000000..43e4b64a --- /dev/null +++ b/cmd/cases/users_post_create_user_with_empty_body_563fc76d.hurl @@ -0,0 +1,15 @@ +# ── Create user with empty body ───────────── +# case_id=TC-563fc76d +# case_name=Create user with empty body +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_empty_request_body_1f9b1832.hurl b/cmd/cases/users_post_create_user_with_empty_request_body_1f9b1832.hurl new file mode 100644 index 0000000..14c109b --- /dev/null +++ b/cmd/cases/users_post_create_user_with_empty_request_body_1f9b1832.hurl @@ -0,0 +1,15 @@ +# ── Create user with empty request body ───── +# case_id=TC-1f9b1832 +# case_name=Create user with empty request body +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P2 + +POST {{base_url}}/users +```json +{} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_empty_request_body_403e1b49.hurl b/cmd/cases/users_post_create_user_with_empty_request_body_403e1b49.hurl new file mode 100644 index 0000000..d40a624 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_empty_request_body_403e1b49.hurl @@ -0,0 +1,15 @@ +# ── Create user with empty request body ───── +# case_id=TC-403e1b49 +# case_name=Create user with empty request body +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P2 + +POST {{base_url}}/users +```json +{} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_empty_request_body_5b591edb.hurl b/cmd/cases/users_post_create_user_with_empty_request_body_5b591edb.hurl new file mode 100644 index 0000000..1a79d52 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_empty_request_body_5b591edb.hurl @@ -0,0 +1,15 @@ +# ── Create user with empty request body ───── +# case_id=TC-5b591edb +# case_name=Create user with empty request body +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P2 + +POST {{base_url}}/users +```json +{} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_empty_request_body_5d3eb006.hurl b/cmd/cases/users_post_create_user_with_empty_request_body_5d3eb006.hurl new file mode 100644 index 0000000..296abd8 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_empty_request_body_5d3eb006.hurl @@ -0,0 +1,15 @@ +# ── Create user with empty request body ───── +# case_id=TC-5d3eb006 +# case_name=Create user with empty request body +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_empty_request_body_6d5b6c22.hurl b/cmd/cases/users_post_create_user_with_empty_request_body_6d5b6c22.hurl new file mode 100644 index 0000000..85b5796 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_empty_request_body_6d5b6c22.hurl @@ -0,0 +1,15 @@ +# ── Create user with empty request body ───── +# case_id=TC-6d5b6c22 +# case_name=Create user with empty request body +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P2 + +POST {{base_url}}/users +```json +{} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_empty_request_body_ae7a9790.hurl b/cmd/cases/users_post_create_user_with_empty_request_body_ae7a9790.hurl new file mode 100644 index 0000000..051111d --- /dev/null +++ b/cmd/cases/users_post_create_user_with_empty_request_body_ae7a9790.hurl @@ -0,0 +1,15 @@ +# ── Create user with empty request body ───── +# case_id=TC-ae7a9790 +# case_name=Create user with empty request body +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_empty_request_body_b9201ec1.hurl b/cmd/cases/users_post_create_user_with_empty_request_body_b9201ec1.hurl new file mode 100644 index 0000000..db05705 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_empty_request_body_b9201ec1.hurl @@ -0,0 +1,15 @@ +# ── Create user with empty request body ───── +# case_id=TC-b9201ec1 +# case_name=Create user with empty request body +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_empty_request_body_d4ebbcfb.hurl b/cmd/cases/users_post_create_user_with_empty_request_body_d4ebbcfb.hurl new file mode 100644 index 0000000..a6be502 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_empty_request_body_d4ebbcfb.hurl @@ -0,0 +1,15 @@ +# ── Create user with empty request body ───── +# case_id=TC-d4ebbcfb +# case_name=Create user with empty request body +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P2 + +POST {{base_url}}/users +```json +{} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_empty_request_body_dca30578.hurl b/cmd/cases/users_post_create_user_with_empty_request_body_dca30578.hurl new file mode 100644 index 0000000..bdf6022 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_empty_request_body_dca30578.hurl @@ -0,0 +1,15 @@ +# ── Create user with empty request body ───── +# case_id=TC-dca30578 +# case_name=Create user with empty request body +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P2 + +POST {{base_url}}/users +```json +{} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_invalid_email_format_12d150e0.hurl b/cmd/cases/users_post_create_user_with_invalid_email_format_12d150e0.hurl new file mode 100644 index 0000000..cf4ba09 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_invalid_email_format_12d150e0.hurl @@ -0,0 +1,19 @@ +# ── Create user with invalid email format ─── +# case_id=TC-12d150e0 +# case_name=Create user with invalid email format +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "email": "invalid-email", + "name": "Test User", + "password": "Password123" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_invalid_email_format_1b915f1c.hurl b/cmd/cases/users_post_create_user_with_invalid_email_format_1b915f1c.hurl new file mode 100644 index 0000000..0cdbf0c --- /dev/null +++ b/cmd/cases/users_post_create_user_with_invalid_email_format_1b915f1c.hurl @@ -0,0 +1,19 @@ +# ── Create user with invalid email format ─── +# case_id=TC-1b915f1c +# case_name=Create user with invalid email format +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "email": "invalid-email", + "name": "Bob Smith", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_invalid_email_format_3c84dd5d.hurl b/cmd/cases/users_post_create_user_with_invalid_email_format_3c84dd5d.hurl new file mode 100644 index 0000000..ea228ec --- /dev/null +++ b/cmd/cases/users_post_create_user_with_invalid_email_format_3c84dd5d.hurl @@ -0,0 +1,19 @@ +# ── Create user with invalid email format ─── +# case_id=TC-3c84dd5d +# case_name=Create user with invalid email format +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "email": "not-an-email", + "name": "Bob Smith", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_invalid_email_format_4987e0c9.hurl b/cmd/cases/users_post_create_user_with_invalid_email_format_4987e0c9.hurl new file mode 100644 index 0000000..3131ec8 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_invalid_email_format_4987e0c9.hurl @@ -0,0 +1,19 @@ +# ── Create user with invalid email format ─── +# case_id=TC-4987e0c9 +# case_name=Create user with invalid email format +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "email": "invalid-email", + "name": "Bob Smith", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_invalid_email_format_802bab4d.hurl b/cmd/cases/users_post_create_user_with_invalid_email_format_802bab4d.hurl new file mode 100644 index 0000000..54e09ca --- /dev/null +++ b/cmd/cases/users_post_create_user_with_invalid_email_format_802bab4d.hurl @@ -0,0 +1,19 @@ +# ── Create user with invalid email format ─── +# case_id=TC-802bab4d +# case_name=Create user with invalid email format +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "email": "not-an-email", + "name": "Jane Doe", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_invalid_email_format_a76df09a.hurl b/cmd/cases/users_post_create_user_with_invalid_email_format_a76df09a.hurl new file mode 100644 index 0000000..6952e2c --- /dev/null +++ b/cmd/cases/users_post_create_user_with_invalid_email_format_a76df09a.hurl @@ -0,0 +1,19 @@ +# ── Create user with invalid email format ─── +# case_id=TC-a76df09a +# case_name=Create user with invalid email format +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "email": "invalid-email", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_invalid_email_format_c4f2a558.hurl b/cmd/cases/users_post_create_user_with_invalid_email_format_c4f2a558.hurl new file mode 100644 index 0000000..d94c206 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_invalid_email_format_c4f2a558.hurl @@ -0,0 +1,19 @@ +# ── Create user with invalid email format ─── +# case_id=TC-c4f2a558 +# case_name=Create user with invalid email format +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "email": "invalid-email", + "name": "Bob Smith", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_invalid_email_format_c93fd0f2.hurl b/cmd/cases/users_post_create_user_with_invalid_email_format_c93fd0f2.hurl new file mode 100644 index 0000000..c5cc8d6 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_invalid_email_format_c93fd0f2.hurl @@ -0,0 +1,19 @@ +# ── Create user with invalid email format ─── +# case_id=TC-c93fd0f2 +# case_name=Create user with invalid email format +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "email": "invalid-email", + "name": "Jane Doe", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_invalid_email_format_e753478f.hurl b/cmd/cases/users_post_create_user_with_invalid_email_format_e753478f.hurl new file mode 100644 index 0000000..780538d --- /dev/null +++ b/cmd/cases/users_post_create_user_with_invalid_email_format_e753478f.hurl @@ -0,0 +1,19 @@ +# ── Create user with invalid email format ─── +# case_id=TC-e753478f +# case_name=Create user with invalid email format +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "email": "invalid-email", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_invalid_email_format_ebabbba7.hurl b/cmd/cases/users_post_create_user_with_invalid_email_format_ebabbba7.hurl new file mode 100644 index 0000000..088c37a --- /dev/null +++ b/cmd/cases/users_post_create_user_with_invalid_email_format_ebabbba7.hurl @@ -0,0 +1,19 @@ +# ── Create user with invalid email format ─── +# case_id=TC-ebabbba7 +# case_name=Create user with invalid email format +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "email": "invalid-email", + "name": "Bob Smith", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_invalid_email_format_ee2ea20f.hurl b/cmd/cases/users_post_create_user_with_invalid_email_format_ee2ea20f.hurl new file mode 100644 index 0000000..0840efd --- /dev/null +++ b/cmd/cases/users_post_create_user_with_invalid_email_format_ee2ea20f.hurl @@ -0,0 +1,19 @@ +# ── Create user with invalid email format ─── +# case_id=TC-ee2ea20f +# case_name=Create user with invalid email format +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "email": "invalid-email", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_minimal_fields_4626dbf0.hurl b/cmd/cases/users_post_create_user_with_minimal_fields_4626dbf0.hurl new file mode 100644 index 0000000..cada759 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_minimal_fields_4626dbf0.hurl @@ -0,0 +1,17 @@ +# ── Create user with minimal fields ───────── +# case_id=TC-4626dbf0 +# case_name=Create user with minimal fields +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "email": "minimal@example.com" +} +``` + +HTTP 201 + diff --git a/cmd/cases/users_post_create_user_with_minimal_required_fields_272780ec.hurl b/cmd/cases/users_post_create_user_with_minimal_required_fields_272780ec.hurl new file mode 100644 index 0000000..60ce0ba --- /dev/null +++ b/cmd/cases/users_post_create_user_with_minimal_required_fields_272780ec.hurl @@ -0,0 +1,18 @@ +# ── Create user with minimal required fields ── +# case_id=TC-272780ec +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 +# title=Create user with minimal required fields + +POST {{base_url}}/users +```json +{ + "email": "minimal@example.com", + "password": "Password123" +} +``` + +HTTP 201 + diff --git a/cmd/cases/users_post_create_user_with_minimal_required_fields_6cad6219.hurl b/cmd/cases/users_post_create_user_with_minimal_required_fields_6cad6219.hurl new file mode 100644 index 0000000..62d8aeb --- /dev/null +++ b/cmd/cases/users_post_create_user_with_minimal_required_fields_6cad6219.hurl @@ -0,0 +1,18 @@ +# ── Create user with minimal required fields ── +# case_id=TC-6cad6219 +# case_name=Create user with minimal required fields +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "email": "minimal@example.com", + "password": "Password123" +} +``` + +HTTP 201 + diff --git a/cmd/cases/users_post_create_user_with_minimal_required_fields_9bb38a6e.hurl b/cmd/cases/users_post_create_user_with_minimal_required_fields_9bb38a6e.hurl new file mode 100644 index 0000000..928fc68 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_minimal_required_fields_9bb38a6e.hurl @@ -0,0 +1,18 @@ +# ── Create user with minimal required fields ── +# case_id=TC-9bb38a6e +# case_name=Create user with minimal required fields +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "email": "minimal@example.com", + "password": "Password123" +} +``` + +HTTP 201 + diff --git a/cmd/cases/users_post_create_user_with_missing_required_fields_088af62f.hurl b/cmd/cases/users_post_create_user_with_missing_required_fields_088af62f.hurl new file mode 100644 index 0000000..49919e2 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_missing_required_fields_088af62f.hurl @@ -0,0 +1,17 @@ +# ── Create user with missing required fields ── +# case_id=TC-088af62f +# case_name=Create user with missing required fields +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "name": "John Doe" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_missing_required_fields_3e271201.hurl b/cmd/cases/users_post_create_user_with_missing_required_fields_3e271201.hurl new file mode 100644 index 0000000..e9d8e80 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_missing_required_fields_3e271201.hurl @@ -0,0 +1,18 @@ +# ── Create user with missing required fields ── +# case_id=TC-3e271201 +# case_name=Create user with missing required fields +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "name": "Jane Doe", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_missing_required_fields_a1a407ac.hurl b/cmd/cases/users_post_create_user_with_missing_required_fields_a1a407ac.hurl new file mode 100644 index 0000000..5c332f6 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_missing_required_fields_a1a407ac.hurl @@ -0,0 +1,18 @@ +# ── Create user with missing required fields ── +# case_id=TC-a1a407ac +# case_name=Create user with missing required fields +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "name": "Jane Doe", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_missing_required_fields_cca11513.hurl b/cmd/cases/users_post_create_user_with_missing_required_fields_cca11513.hurl new file mode 100644 index 0000000..b450d72 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_missing_required_fields_cca11513.hurl @@ -0,0 +1,15 @@ +# ── Create user with missing required fields ── +# case_id=TC-cca11513 +# case_name=Create user with missing required fields +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_missing_required_fields_d11763fa.hurl b/cmd/cases/users_post_create_user_with_missing_required_fields_d11763fa.hurl new file mode 100644 index 0000000..8a2d18d --- /dev/null +++ b/cmd/cases/users_post_create_user_with_missing_required_fields_d11763fa.hurl @@ -0,0 +1,18 @@ +# ── Create user with missing required fields ── +# case_id=TC-d11763fa +# case_name=Create user with missing required fields +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "name": "Jane Doe", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_missing_required_fields_f2b440ff.hurl b/cmd/cases/users_post_create_user_with_missing_required_fields_f2b440ff.hurl new file mode 100644 index 0000000..74869cd --- /dev/null +++ b/cmd/cases/users_post_create_user_with_missing_required_fields_f2b440ff.hurl @@ -0,0 +1,17 @@ +# ── Create user with missing required fields ── +# case_id=TC-f2b440ff +# case_name=Create user with missing required fields +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "name": "John Doe" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_password_too_short_6585f31e.hurl b/cmd/cases/users_post_create_user_with_password_too_short_6585f31e.hurl new file mode 100644 index 0000000..c534d24 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_password_too_short_6585f31e.hurl @@ -0,0 +1,19 @@ +# ── Create user with password too short ───── +# case_id=TC-6585f31e +# case_name=Create user with password too short +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P2 + +POST {{base_url}}/users +```json +{ + "email": "weakpass@example.com", + "name": "Weak Pass User", + "password": "123" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_valid_data_0add7ad1.hurl b/cmd/cases/users_post_create_user_with_valid_data_0add7ad1.hurl new file mode 100644 index 0000000..25ef66a --- /dev/null +++ b/cmd/cases/users_post_create_user_with_valid_data_0add7ad1.hurl @@ -0,0 +1,19 @@ +# ── Create user with valid data ───────────── +# case_id=TC-0add7ad1 +# case_name=Create user with valid data +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "email": "john.doe@example.com", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 201 + diff --git a/cmd/cases/users_post_create_user_with_valid_data_0b80c623.hurl b/cmd/cases/users_post_create_user_with_valid_data_0b80c623.hurl new file mode 100644 index 0000000..cd928e9 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_valid_data_0b80c623.hurl @@ -0,0 +1,19 @@ +# ── Create user with valid data ───────────── +# case_id=TC-0b80c623 +# case_name=Create user with valid data +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "email": "john.doe@example.com", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 201 + diff --git a/cmd/cases/users_post_create_user_with_valid_data_168ded86.hurl b/cmd/cases/users_post_create_user_with_valid_data_168ded86.hurl new file mode 100644 index 0000000..8a754ff --- /dev/null +++ b/cmd/cases/users_post_create_user_with_valid_data_168ded86.hurl @@ -0,0 +1,19 @@ +# ── Create user with valid data ───────────── +# case_id=TC-168ded86 +# case_name=Create user with valid data +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "email": "john.doe@example.com", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 201 + diff --git a/cmd/cases/users_post_create_user_with_valid_data_1bc07161.hurl b/cmd/cases/users_post_create_user_with_valid_data_1bc07161.hurl new file mode 100644 index 0000000..2f6ef6f --- /dev/null +++ b/cmd/cases/users_post_create_user_with_valid_data_1bc07161.hurl @@ -0,0 +1,19 @@ +# ── Create user with valid data ───────────── +# case_id=TC-1bc07161 +# case_name=Create user with valid data +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "email": "john.doe@example.com", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 201 + diff --git a/cmd/cases/users_post_create_user_with_valid_data_23ae4070.hurl b/cmd/cases/users_post_create_user_with_valid_data_23ae4070.hurl new file mode 100644 index 0000000..e585878 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_valid_data_23ae4070.hurl @@ -0,0 +1,19 @@ +# ── Create user with valid data ───────────── +# case_id=TC-23ae4070 +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 +# title=Create user with valid data + +POST {{base_url}}/users +```json +{ + "email": "john.doe@example.com", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 201 + diff --git a/cmd/cases/users_post_create_user_with_valid_data_2a7542be.hurl b/cmd/cases/users_post_create_user_with_valid_data_2a7542be.hurl new file mode 100644 index 0000000..5fb684c --- /dev/null +++ b/cmd/cases/users_post_create_user_with_valid_data_2a7542be.hurl @@ -0,0 +1,19 @@ +# ── Create user with valid data ───────────── +# case_id=TC-2a7542be +# case_name=Create user with valid data +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "email": "john.doe@example.com", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 201 + diff --git a/cmd/cases/users_post_create_user_with_valid_data_405b1cc7.hurl b/cmd/cases/users_post_create_user_with_valid_data_405b1cc7.hurl new file mode 100644 index 0000000..a2df480 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_valid_data_405b1cc7.hurl @@ -0,0 +1,19 @@ +# ── Create user with valid data ───────────── +# case_id=TC-405b1cc7 +# case_name=Create user with valid data +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "email": "john.doe@example.com", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 201 + diff --git a/cmd/cases/users_post_create_user_with_valid_data_42336db4.hurl b/cmd/cases/users_post_create_user_with_valid_data_42336db4.hurl new file mode 100644 index 0000000..cdfcaad --- /dev/null +++ b/cmd/cases/users_post_create_user_with_valid_data_42336db4.hurl @@ -0,0 +1,19 @@ +# ── Create user with valid data ───────────── +# case_id=TC-42336db4 +# case_name=Create user with valid data +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "email": "john.doe@example.com", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 201 + diff --git a/cmd/cases/users_post_create_user_with_valid_data_66eaac33.hurl b/cmd/cases/users_post_create_user_with_valid_data_66eaac33.hurl new file mode 100644 index 0000000..edb6051 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_valid_data_66eaac33.hurl @@ -0,0 +1,19 @@ +# ── Create user with valid data ───────────── +# case_id=TC-66eaac33 +# case_name=Create user with valid data +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "email": "john.doe@example.com", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 201 + diff --git a/cmd/cases/users_post_create_user_with_valid_data_7bd9e5f4.hurl b/cmd/cases/users_post_create_user_with_valid_data_7bd9e5f4.hurl new file mode 100644 index 0000000..b82129f --- /dev/null +++ b/cmd/cases/users_post_create_user_with_valid_data_7bd9e5f4.hurl @@ -0,0 +1,19 @@ +# ── Create user with valid data ───────────── +# case_id=TC-7bd9e5f4 +# case_name=Create user with valid data +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "email": "john.doe@example.com", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 201 + diff --git a/cmd/cases/users_post_create_user_with_valid_data_8d1e56af.hurl b/cmd/cases/users_post_create_user_with_valid_data_8d1e56af.hurl new file mode 100644 index 0000000..8cf5536 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_valid_data_8d1e56af.hurl @@ -0,0 +1,19 @@ +# ── Create user with valid data ───────────── +# case_id=TC-8d1e56af +# case_name=Create user with valid data +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "email": "john.doe@example.com", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 201 + diff --git a/cmd/cases/users_post_create_user_with_valid_data_d820dbc4.hurl b/cmd/cases/users_post_create_user_with_valid_data_d820dbc4.hurl new file mode 100644 index 0000000..1588a7b --- /dev/null +++ b/cmd/cases/users_post_create_user_with_valid_data_d820dbc4.hurl @@ -0,0 +1,19 @@ +# ── Create user with valid data ───────────── +# case_id=TC-d820dbc4 +# case_name=Create user with valid data +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "email": "john.doe@example.com", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 201 + diff --git a/cmd/cases/users_post_create_user_with_valid_data_ef5c32e1.hurl b/cmd/cases/users_post_create_user_with_valid_data_ef5c32e1.hurl new file mode 100644 index 0000000..cd8cd30 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_valid_data_ef5c32e1.hurl @@ -0,0 +1,19 @@ +# ── Create user with valid data ───────────── +# case_id=TC-ef5c32e1 +# case_name=Create user with valid data +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "email": "john.doe@example.com", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 201 + diff --git a/cmd/cases/users_post_create_user_with_valid_data_f4fc91e0.hurl b/cmd/cases/users_post_create_user_with_valid_data_f4fc91e0.hurl new file mode 100644 index 0000000..861ac86 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_valid_data_f4fc91e0.hurl @@ -0,0 +1,19 @@ +# ── Create user with valid data ───────────── +# case_id=TC-f4fc91e0 +# case_name=Create user with valid data +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "email": "john.doe@example.com", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 201 + diff --git a/cmd/cases/users_post_create_user_with_weak_password_066b5eb6.hurl b/cmd/cases/users_post_create_user_with_weak_password_066b5eb6.hurl new file mode 100644 index 0000000..ddb406c --- /dev/null +++ b/cmd/cases/users_post_create_user_with_weak_password_066b5eb6.hurl @@ -0,0 +1,19 @@ +# ── Create user with weak password ────────── +# case_id=TC-066b5eb6 +# case_name=Create user with weak password +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P2 + +POST {{base_url}}/users +```json +{ + "email": "weakpass@example.com", + "name": "Weak Pass User", + "password": "123" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_weak_password_4414257a.hurl b/cmd/cases/users_post_create_user_with_weak_password_4414257a.hurl new file mode 100644 index 0000000..9eb199f --- /dev/null +++ b/cmd/cases/users_post_create_user_with_weak_password_4414257a.hurl @@ -0,0 +1,19 @@ +# ── Create user with weak password ────────── +# case_id=TC-4414257a +# case_name=Create user with weak password +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P2 + +POST {{base_url}}/users +```json +{ + "email": "john.weak@example.com", + "name": "John Doe", + "password": "123" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_weak_password_61182975.hurl b/cmd/cases/users_post_create_user_with_weak_password_61182975.hurl new file mode 100644 index 0000000..ef714ca --- /dev/null +++ b/cmd/cases/users_post_create_user_with_weak_password_61182975.hurl @@ -0,0 +1,19 @@ +# ── Create user with weak password ────────── +# case_id=TC-61182975 +# case_name=Create user with weak password +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P2 + +POST {{base_url}}/users +```json +{ + "email": "weakpass@example.com", + "name": "Weak Pass User", + "password": "123" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_weak_password_927b5196.hurl b/cmd/cases/users_post_create_user_with_weak_password_927b5196.hurl new file mode 100644 index 0000000..2d93789 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_weak_password_927b5196.hurl @@ -0,0 +1,19 @@ +# ── Create user with weak password ────────── +# case_id=TC-927b5196 +# case_name=Create user with weak password +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P2 + +POST {{base_url}}/users +```json +{ + "email": "john.weak@example.com", + "name": "John Doe", + "password": "123" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_weak_password_ad27efeb.hurl b/cmd/cases/users_post_create_user_with_weak_password_ad27efeb.hurl new file mode 100644 index 0000000..6e64e72 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_weak_password_ad27efeb.hurl @@ -0,0 +1,19 @@ +# ── Create user with weak password ────────── +# case_id=TC-ad27efeb +# case_name=Create user with weak password +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P2 + +POST {{base_url}}/users +```json +{ + "email": "charlie.wilson@example.com", + "name": "Charlie Wilson", + "password": "123" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_weak_password_e00f7c68.hurl b/cmd/cases/users_post_create_user_with_weak_password_e00f7c68.hurl new file mode 100644 index 0000000..ec38de7 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_weak_password_e00f7c68.hurl @@ -0,0 +1,19 @@ +# ── Create user with weak password ────────── +# case_id=TC-e00f7c68 +# case_name=Create user with weak password +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P2 + +POST {{base_url}}/users +```json +{ + "email": "weakpass@example.com", + "name": "Weak Pass User", + "password": "123" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_weak_password_e83267a6.hurl b/cmd/cases/users_post_create_user_with_weak_password_e83267a6.hurl new file mode 100644 index 0000000..114b799 --- /dev/null +++ b/cmd/cases/users_post_create_user_with_weak_password_e83267a6.hurl @@ -0,0 +1,19 @@ +# ── Create user with weak password ────────── +# case_id=TC-e83267a6 +# case_name=Create user with weak password +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P2 + +POST {{base_url}}/users +```json +{ + "email": "weakpass@example.com", + "name": "Weak Pass User", + "password": "123" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_with_weak_password_f80ddbdb.hurl b/cmd/cases/users_post_create_user_with_weak_password_f80ddbdb.hurl new file mode 100644 index 0000000..2b65e6e --- /dev/null +++ b/cmd/cases/users_post_create_user_with_weak_password_f80ddbdb.hurl @@ -0,0 +1,19 @@ +# ── Create user with weak password ────────── +# case_id=TC-f80ddbdb +# case_name=Create user with weak password +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P2 + +POST {{base_url}}/users +```json +{ + "email": "weakpass@example.com", + "name": "Weak Pass User", + "password": "123" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_create_user_without_authentication_token_dd3e5af5.hurl b/cmd/cases/users_post_create_user_without_authentication_token_dd3e5af5.hurl new file mode 100644 index 0000000..ccff5a6 --- /dev/null +++ b/cmd/cases/users_post_create_user_without_authentication_token_dd3e5af5.hurl @@ -0,0 +1,19 @@ +# ── Create user without authentication token ── +# case_id=TC-dd3e5af5 +# case_name=Create user without authentication token +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "email": "unauth@example.com", + "name": "Unauthorized User", + "password": "SecurePass123!" +} +``` + +HTTP 401 + diff --git a/cmd/cases/users_post_fail_to_create_duplicate_user_027c26b3.hurl b/cmd/cases/users_post_fail_to_create_duplicate_user_027c26b3.hurl new file mode 100644 index 0000000..450d3b0 --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_duplicate_user_027c26b3.hurl @@ -0,0 +1,38 @@ +# ══════════════════════════════════════════════════ +# Fail to create duplicate user +# case_id=TC-027c26b3 +# case_name=Fail to create duplicate user +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── POST first user [test] ────────────────── +# step_id=step-1 +# step_type=test +# title=POST first user + +POST {{base_url}}/users +```json +{ + "email": "duplicate@example.com", + "name": "Duplicate Test" +} +``` + +HTTP 201 + +# ── POST duplicate user with same email [test] ── +# step_id=step-2 +# step_type=test +# title=POST duplicate user with same email + +POST {{base_url}}/users +```json +{ + "email": "duplicate@example.com", + "name": "Duplicate Test" +} +``` + +HTTP 409 + diff --git a/cmd/cases/users_post_fail_to_create_duplicate_user_9b4f9a72.hurl b/cmd/cases/users_post_fail_to_create_duplicate_user_9b4f9a72.hurl new file mode 100644 index 0000000..fa7cbd0 --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_duplicate_user_9b4f9a72.hurl @@ -0,0 +1,40 @@ +# ══════════════════════════════════════════════════ +# Fail to create duplicate user +# case_id=TC-9b4f9a72 +# case_name=Fail to create duplicate user +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── Create first user [test] ──────────────── +# step_id=step-1 +# step_type=test +# title=Create first user + +POST {{base_url}}/users +```json +{ + "email": "duplicate@example.com", + "name": "Duplicate User", + "password": "Password123" +} +``` + +HTTP 201 + +# ── Attempt to create user with same email [test] ── +# step_id=step-2 +# step_type=test +# title=Attempt to create user with same email + +POST {{base_url}}/users +```json +{ + "email": "duplicate@example.com", + "name": "Another User", + "password": "DifferentPass456" +} +``` + +HTTP 409 + diff --git a/cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_6c2e4ea0.hurl b/cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_6c2e4ea0.hurl new file mode 100644 index 0000000..f103df4 --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_6c2e4ea0.hurl @@ -0,0 +1,40 @@ +# ══════════════════════════════════════════════════ +# Fail to create duplicate user with existing email +# case_id=TC-6c2e4ea0 +# case_name=Fail to create duplicate user with existing email +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── Create first user [test] ──────────────── +# step_id=step-1 +# step_type=test +# title=Create first user + +POST {{base_url}}/users +```json +{ + "email": "alice.brown@example.com", + "name": "Alice Brown", + "password": "SecurePass123!" +} +``` + +HTTP 201 + +# ── Attempt to create user with same email [test] ── +# step_id=step-2 +# step_type=test +# title=Attempt to create user with same email + +POST {{base_url}}/users +```json +{ + "email": "alice.brown@example.com", + "name": "Alice Brown", + "password": "DifferentPass456!" +} +``` + +HTTP 409 + diff --git a/cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_78c9e99f.hurl b/cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_78c9e99f.hurl new file mode 100644 index 0000000..c0f2dde --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_78c9e99f.hurl @@ -0,0 +1,39 @@ +# ══════════════════════════════════════════════════ +# Fail to create duplicate user with existing email +# case_id=TC-78c9e99f +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── Create first user [test] ──────────────── +# step_id=step-1 +# step_type=test +# title=Create first user + +POST {{base_url}}/users +```json +{ + "email": "jane.doe@example.com", + "name": "Jane Doe", + "password": "SecurePass123!" +} +``` + +HTTP 201 + +# ── Attempt to create second user with same email [test] ── +# step_id=step-2 +# step_type=test +# title=Attempt to create second user with same email + +POST {{base_url}}/users +```json +{ + "email": "jane.doe@example.com", + "name": "Jane Smith", + "password": "DifferentPass456!" +} +``` + +HTTP 409 + diff --git a/cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_b9e88eb8.hurl b/cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_b9e88eb8.hurl new file mode 100644 index 0000000..847c52b --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_b9e88eb8.hurl @@ -0,0 +1,40 @@ +# ══════════════════════════════════════════════════ +# Fail to create duplicate user with existing email +# case_id=TC-b9e88eb8 +# case_name=Fail to create duplicate user with existing email +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── Create first user [test] ──────────────── +# step_id=step-1 +# step_type=test +# title=Create first user + +POST {{base_url}}/users +```json +{ + "email": "alice@example.com", + "name": "Alice Johnson", + "password": "SecurePass123!" +} +``` + +HTTP 201 + +# ── Attempt to create user with same email [test] ── +# step_id=step-2 +# step_type=test +# title=Attempt to create user with same email + +POST {{base_url}}/users +```json +{ + "email": "alice@example.com", + "name": "Alice Johnson", + "password": "DifferentPass456!" +} +``` + +HTTP 409 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_duplicate_email_004d19bc.hurl b/cmd/cases/users_post_fail_to_create_user_with_duplicate_email_004d19bc.hurl new file mode 100644 index 0000000..5aca944 --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_duplicate_email_004d19bc.hurl @@ -0,0 +1,40 @@ +# ══════════════════════════════════════════════════ +# Fail to create user with duplicate email +# case_id=TC-004d19bc +# case_name=Fail to create user with duplicate email +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── Create first user [test] ──────────────── +# step_id=step-1 +# step_type=test +# title=Create first user + +POST {{base_url}}/users +```json +{ + "email": "duplicate@example.com", + "name": "First User", + "password": "SecurePass123!" +} +``` + +HTTP 201 + +# ── Attempt to create second user with same email [test] ── +# step_id=step-2 +# step_type=test +# title=Attempt to create second user with same email + +POST {{base_url}}/users +```json +{ + "email": "duplicate@example.com", + "name": "Second User", + "password": "DifferentPass456!" +} +``` + +HTTP 409 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_duplicate_email_865cada7.hurl b/cmd/cases/users_post_fail_to_create_user_with_duplicate_email_865cada7.hurl new file mode 100644 index 0000000..fa1c37d --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_duplicate_email_865cada7.hurl @@ -0,0 +1,40 @@ +# ══════════════════════════════════════════════════ +# Fail to create user with duplicate email +# case_id=TC-865cada7 +# case_name=Fail to create user with duplicate email +# case_kind=chain +# priority=P1 +# ══════════════════════════════════════════════════ + +# ── Create first user [test] ──────────────── +# step_id=step-1 +# step_type=test +# title=Create first user + +POST {{base_url}}/users +```json +{ + "email": "john.doe@example.com", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 201 + +# ── Attempt to create user with same email [test] ── +# step_id=step-2 +# step_type=test +# title=Attempt to create user with same email + +POST {{base_url}}/users +```json +{ + "email": "john.doe@example.com", + "name": "Another John", + "password": "DifferentPass456!" +} +``` + +HTTP 409 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_84405873.hurl b/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_84405873.hurl new file mode 100644 index 0000000..6cb216d --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_84405873.hurl @@ -0,0 +1,15 @@ +# ── Fail to create user with empty request body ── +# case_id=TC-84405873 +# case_name=Fail to create user with empty request body +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P2 + +POST {{base_url}}/users +```json +{} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_9787221a.hurl b/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_9787221a.hurl new file mode 100644 index 0000000..e154558 --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_9787221a.hurl @@ -0,0 +1,15 @@ +# ── Fail to create user with empty request body ── +# case_id=TC-9787221a +# case_name=Fail to create user with empty request body +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P2 + +POST {{base_url}}/users +```json +{} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_9fa1c233.hurl b/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_9fa1c233.hurl new file mode 100644 index 0000000..c64c876 --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_9fa1c233.hurl @@ -0,0 +1,15 @@ +# ── Fail to create user with empty request body ── +# case_id=TC-9fa1c233 +# case_name=Fail to create user with empty request body +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P2 + +POST {{base_url}}/users +```json +{} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_cea3990a.hurl b/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_cea3990a.hurl new file mode 100644 index 0000000..6d99e29 --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_cea3990a.hurl @@ -0,0 +1,15 @@ +# ── Fail to create user with empty request body ── +# case_id=TC-cea3990a +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 +# title=Fail to create user with empty request body + +POST {{base_url}}/users +```json +{} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_1ba1acf6.hurl b/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_1ba1acf6.hurl new file mode 100644 index 0000000..cd513df --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_1ba1acf6.hurl @@ -0,0 +1,19 @@ +# ── Fail to create user with invalid email format ── +# case_id=TC-1ba1acf6 +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 +# title=Fail to create user with invalid email format + +POST {{base_url}}/users +```json +{ + "email": "invalid-email", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_2bd6ea23.hurl b/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_2bd6ea23.hurl new file mode 100644 index 0000000..a1d6613 --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_2bd6ea23.hurl @@ -0,0 +1,19 @@ +# ── Fail to create user with invalid email format ── +# case_id=TC-2bd6ea23 +# case_name=Fail to create user with invalid email format +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "email": "invalid-email", + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_354a4ea6.hurl b/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_354a4ea6.hurl new file mode 100644 index 0000000..d821ae8 --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_354a4ea6.hurl @@ -0,0 +1,19 @@ +# ── Fail to create user with invalid email format ── +# case_id=TC-354a4ea6 +# case_name=Fail to create user with invalid email format +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "email": "invalid-email-format", + "name": "Bob Smith", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_5204b57a.hurl b/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_5204b57a.hurl new file mode 100644 index 0000000..757cecd --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_5204b57a.hurl @@ -0,0 +1,18 @@ +# ── Fail to create user with invalid email format ── +# case_id=TC-5204b57a +# case_name=Fail to create user with invalid email format +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "email": "invalid-email-format", + "name": "Test User" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_71d8d257.hurl b/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_71d8d257.hurl new file mode 100644 index 0000000..86fea35 --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_71d8d257.hurl @@ -0,0 +1,19 @@ +# ── Fail to create user with invalid email format ── +# case_id=TC-71d8d257 +# case_name=Fail to create user with invalid email format +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "email": "not-an-email", + "name": "Bad Email User", + "password": "Password123" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_984e56e9.hurl b/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_984e56e9.hurl new file mode 100644 index 0000000..ecbe682 --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_984e56e9.hurl @@ -0,0 +1,19 @@ +# ── Fail to create user with invalid email format ── +# case_id=TC-984e56e9 +# case_name=Fail to create user with invalid email format +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "email": "not-an-email", + "name": "Invalid User", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_a2bd888d.hurl b/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_a2bd888d.hurl new file mode 100644 index 0000000..c967014 --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_a2bd888d.hurl @@ -0,0 +1,19 @@ +# ── Fail to create user with invalid email format ── +# case_id=TC-a2bd888d +# case_name=Fail to create user with invalid email format +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "email": "invalid-email", + "name": "Bob Smith", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_missing_email_9984528c.hurl b/cmd/cases/users_post_fail_to_create_user_with_missing_email_9984528c.hurl new file mode 100644 index 0000000..bcf6301 --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_missing_email_9984528c.hurl @@ -0,0 +1,18 @@ +# ── Fail to create user with missing email ── +# case_id=TC-9984528c +# case_name=Fail to create user with missing email +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "name": "Jane Doe", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_missing_email_e1e9b7f8.hurl b/cmd/cases/users_post_fail_to_create_user_with_missing_email_e1e9b7f8.hurl new file mode 100644 index 0000000..63f8676 --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_missing_email_e1e9b7f8.hurl @@ -0,0 +1,18 @@ +# ── Fail to create user with missing email ── +# case_id=TC-e1e9b7f8 +# case_name=Fail to create user with missing email +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "name": "No Email User", + "password": "Password123" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_00b8cf47.hurl b/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_00b8cf47.hurl new file mode 100644 index 0000000..9551d95 --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_00b8cf47.hurl @@ -0,0 +1,18 @@ +# ── Fail to create user with missing required fields ── +# case_id=TC-00b8cf47 +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 +# title=Fail to create user with missing required fields + +POST {{base_url}}/users +```json +{ + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_8a424b35.hurl b/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_8a424b35.hurl new file mode 100644 index 0000000..7cb0e1b --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_8a424b35.hurl @@ -0,0 +1,18 @@ +# ── Fail to create user with missing required fields ── +# case_id=TC-8a424b35 +# case_name=Fail to create user with missing required fields +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "name": "Jane Doe", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_8eba8f6c.hurl b/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_8eba8f6c.hurl new file mode 100644 index 0000000..b489a5c --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_8eba8f6c.hurl @@ -0,0 +1,18 @@ +# ── Fail to create user with missing required fields ── +# case_id=TC-8eba8f6c +# case_name=Fail to create user with missing required fields +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "name": "John Doe", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_9be782de.hurl b/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_9be782de.hurl new file mode 100644 index 0000000..1a3b32a --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_9be782de.hurl @@ -0,0 +1,18 @@ +# ── Fail to create user with missing required fields ── +# case_id=TC-9be782de +# case_name=Fail to create user with missing required fields +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{ + "name": "Jane Doe", + "password": "SecurePass123!" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_c122d03b.hurl b/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_c122d03b.hurl new file mode 100644 index 0000000..a555c58 --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_c122d03b.hurl @@ -0,0 +1,15 @@ +# ── Fail to create user with missing required fields ── +# case_id=TC-c122d03b +# case_name=Fail to create user with missing required fields +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P0 + +POST {{base_url}}/users +```json +{} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_weak_password_3cf31478.hurl b/cmd/cases/users_post_fail_to_create_user_with_weak_password_3cf31478.hurl new file mode 100644 index 0000000..3e44440 --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_weak_password_3cf31478.hurl @@ -0,0 +1,19 @@ +# ── Fail to create user with weak password ── +# case_id=TC-3cf31478 +# case_name=Fail to create user with weak password +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "email": "charlie@example.com", + "name": "Charlie Brown", + "password": "123" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_weak_password_5278686c.hurl b/cmd/cases/users_post_fail_to_create_user_with_weak_password_5278686c.hurl new file mode 100644 index 0000000..a131721 --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_weak_password_5278686c.hurl @@ -0,0 +1,19 @@ +# ── Fail to create user with weak password ── +# case_id=TC-5278686c +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P2 +# title=Fail to create user with weak password + +POST {{base_url}}/users +```json +{ + "email": "john.weak@example.com", + "name": "John Doe", + "password": "123" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_weak_password_91adc9f5.hurl b/cmd/cases/users_post_fail_to_create_user_with_weak_password_91adc9f5.hurl new file mode 100644 index 0000000..cabe4b9 --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_weak_password_91adc9f5.hurl @@ -0,0 +1,19 @@ +# ── Fail to create user with weak password ── +# case_id=TC-91adc9f5 +# case_name=Fail to create user with weak password +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P1 + +POST {{base_url}}/users +```json +{ + "email": "weakpass@example.com", + "name": "Weak Password User", + "password": "123" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_weak_password_a8b3ff8c.hurl b/cmd/cases/users_post_fail_to_create_user_with_weak_password_a8b3ff8c.hurl new file mode 100644 index 0000000..d1651f4 --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_weak_password_a8b3ff8c.hurl @@ -0,0 +1,19 @@ +# ── Fail to create user with weak password ── +# case_id=TC-a8b3ff8c +# case_name=Fail to create user with weak password +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P2 + +POST {{base_url}}/users +```json +{ + "email": "charlie.wilson@example.com", + "name": "Charlie Wilson", + "password": "123" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_fail_to_create_user_with_weak_password_ac0b807a.hurl b/cmd/cases/users_post_fail_to_create_user_with_weak_password_ac0b807a.hurl new file mode 100644 index 0000000..bab3801 --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_with_weak_password_ac0b807a.hurl @@ -0,0 +1,19 @@ +# ── Fail to create user with weak password ── +# case_id=TC-ac0b807a +# case_name=Fail to create user with weak password +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P2 + +POST {{base_url}}/users +```json +{ + "email": "weakpass@example.com", + "name": "Weak Password User", + "password": "123" +} +``` + +HTTP 400 + diff --git a/cmd/cases/users_post_fail_to_create_user_without_authentication_127085f6.hurl b/cmd/cases/users_post_fail_to_create_user_without_authentication_127085f6.hurl new file mode 100644 index 0000000..08ac804 --- /dev/null +++ b/cmd/cases/users_post_fail_to_create_user_without_authentication_127085f6.hurl @@ -0,0 +1,19 @@ +# ── Fail to create user without authentication ── +# case_id=TC-127085f6 +# case_name=Fail to create user without authentication +# step_id=step-1 +# step_type=test +# technique=ask +# priority=P2 + +POST {{base_url}}/users +```json +{ + "email": "unauth@example.com", + "name": "Unauthorized User", + "password": "SecurePass123!" +} +``` + +HTTP 401 + diff --git a/cmd/gen.go b/cmd/gen.go index 109dec5..ad06dc1 100644 --- a/cmd/gen.go +++ b/cmd/gen.go @@ -50,9 +50,10 @@ var ( genExcludePath string genIncludeTag string genExcludeTag string - genAuthBootstrap bool - genWithOracles bool - genForce bool + genAuthBootstrap bool + genWithOracles bool + genForce bool + genAnnotationBatch int ) // allTechniqueNames is the canonical list used for --technique completion. @@ -108,6 +109,7 @@ func init() { genCmd.Flags().BoolVar(&genAuthBootstrap, "auth-bootstrap", false, "Wrap all secured-endpoint cases with an auth setup step") genCmd.Flags().BoolVar(&genWithOracles, "with-oracles", false, "Mine response body constraints via LLM and inject as assertions (requires LLM)") genCmd.Flags().BoolVar(&genForce, "force", false, "Regenerate even when spec hash matches existing output") + genCmd.Flags().IntVar(&genAnnotationBatch, "annotation-batch", 0, "Number of operations to annotate per LLM call (0 = one call per operation, recommended: 8–20)") _ = genCmd.MarkFlagRequired("spec") // Dynamic completion: --operations reads the spec and suggests operationIds. @@ -401,6 +403,9 @@ func runGen(cmd *cobra.Command, args []string) error { if genMaxCasesPerOp > 0 { engine.SetMaxCasesPerOp(genMaxCasesPerOp) } + if genAnnotationBatch > 0 { + engine.SetAnnotationBatch(genAnnotationBatch) + } newCases, err := engine.Generate(parsedSpec) if err != nil { return fmt.Errorf("generating test cases: %w", err) diff --git a/cmd/gen_e2e_test.go b/cmd/gen_e2e_test.go index 6869f2f..a744ca1 100644 --- a/cmd/gen_e2e_test.go +++ b/cmd/gen_e2e_test.go @@ -37,6 +37,7 @@ func resetGenGlobals(t *testing.T) func() { genConcurrency = 1 genResume = false genForce = false + genAnnotationBatch = 0 genTupleLevel = 2 genSeed = 0 } diff --git a/cmd/reports/dea-report.json b/cmd/reports/dea-report.json new file mode 100644 index 0000000..9cb5bc8 --- /dev/null +++ b/cmd/reports/dea-report.json @@ -0,0 +1,7 @@ +{ + "spec_path": "/var/folders/1j/6j5tknyn4b3_gsbr3zbyv2hc0000gn/T/TestExploreCommand_ExportPool_DryRun3336969209/001/spec.yaml", + "target_url": "", + "explored_at": "2026-05-06T21:56:17.835811+08:00", + "total_probes": 0, + "rules": null +} \ No newline at end of file diff --git a/docs/acceptance/acceptance-tests.md b/docs/acceptance/acceptance-tests.md index 5ac5c77..42b6760 100644 --- a/docs/acceptance/acceptance-tests.md +++ b/docs/acceptance/acceptance-tests.md @@ -146,6 +146,7 @@ | AT-249 | Hurl output contains case_name field | `caseforge gen --no-ai --format hurl --spec petstore.yaml --output /tmp/at249` | Every `.hurl` file has a `# case_name=` header line | ✅ PASS | | AT-250 | gen skips regeneration on unchanged spec | Run `gen` twice on the same spec | Second run prints "unchanged" and exits without regenerating | ✅ PASS | | AT-251 | gen --force regenerates despite matching hash | Run `gen` then `gen --force` on the same spec | `--force` run prints "Generated" (bypasses dedup) | ✅ PASS | +| AT-252 | gen --annotation-batch flag is registered | `caseforge gen --help` | Help text contains `annotation-batch` | ✅ PASS | --- diff --git a/internal/methodology/engine.go b/internal/methodology/engine.go index e213331..d795514 100644 --- a/internal/methodology/engine.go +++ b/internal/methodology/engine.go @@ -7,6 +7,7 @@ import ( "fmt" "io" "os" + "strings" "sync" "time" @@ -37,14 +38,15 @@ type Seedable interface { } type Engine struct { - techniques []Technique - specTechniques []SpecTechnique - llm llm.LLMProvider - sink event.Sink - warnWriter io.Writer // destination for warn: lines; defaults to os.Stderr - concurrency int // 0 or 1 = serial; >1 = parallel worker pool - seed int64 // 0 = random - maxCasesPerOp int // 0 = unlimited + techniques []Technique + specTechniques []SpecTechnique + llm llm.LLMProvider + sink event.Sink + warnWriter io.Writer // destination for warn: lines; defaults to os.Stderr + concurrency int // 0 or 1 = serial; >1 = parallel worker pool + seed int64 // 0 = random + maxCasesPerOp int // 0 = unlimited + annotationBatch int // 0 = sequential (one call per op); >0 = batch size } func NewEngine(provider llm.LLMProvider, techniques ...Technique) *Engine { @@ -83,6 +85,14 @@ func (e *Engine) SetMaxCasesPerOp(n int) { e.maxCasesPerOp = n } +// SetAnnotationBatch sets the number of operations to annotate per LLM call. +// 0 (default) uses sequential mode: one call per operation. +// Values > 0 batch that many operations into a single call, reducing round-trips +// at the cost of larger prompts. Recommended range: 5–20. +func (e *Engine) SetAnnotationBatch(n int) { + e.annotationBatch = n +} + // SetSink registers an event sink for progress events. func (e *Engine) SetSink(s event.Sink) { e.sink = s @@ -233,6 +243,11 @@ func (e *Engine) annotateOperations(ops []*spec.Operation) { if !e.llm.IsAvailable() { return // NoopProvider: skip annotation, SemanticInfo stays nil } + if e.annotationBatch > 1 { + e.annotateOperationsBatch(ops, e.annotationBatch) + return + } + // Sequential mode: one LLM call per operation. for i, op := range ops { if i > 0 { time.Sleep(500 * time.Millisecond) // throttle to reduce rate-limit pressure @@ -251,6 +266,101 @@ func (e *Engine) annotateOperations(ops []*spec.Operation) { } } +// annotateOperationsBatch sends ops in groups of batchSize to the LLM, each +// group in a single call. Responses are matched back to ops by operation_id. +// Failures are per-batch: if a batch call fails, those ops get no annotation +// and generation continues unaffected (annotation is best-effort). +func (e *Engine) annotateOperationsBatch(ops []*spec.Operation, batchSize int) { + for start := 0; start < len(ops); start += batchSize { + end := start + batchSize + if end > len(ops) { + end = len(ops) + } + batch := ops[start:end] + + annotations, err := e.annotateBatch(batch) + for _, op := range batch { + if err != nil { + e.warn("warn: batch annotation failed for %s %s: %v\n", op.Method, op.Path, err) + } else if a, ok := annotations[op.OperationID]; ok { + op.SemanticInfo = a + } + e.emit(event.Event{Type: event.EventOperationAnnotating, Payload: event.OperationDonePayload{ + OperationID: op.OperationID, + Method: op.Method, + Path: op.Path, + }}) + } + } +} + +// annotateBatch calls the LLM once for a slice of operations, returning a map +// of operationId → SemanticAnnotation. Unrecognised or unparseable entries are +// silently omitted so callers can fall through to the no-annotation path. +func (e *Engine) annotateBatch(ops []*spec.Operation) (map[string]*spec.SemanticAnnotation, error) { + // Build prompt listing all operations. + var sb strings.Builder + sb.WriteString("Analyze these API operations. Return a JSON array — one object per operation, in any order.\n") + sb.WriteString("Each object must include \"operation_id\" plus these fields: resource_type, action_type, has_state_machine, state_field, unique_fields, implicit_rules.\n\n") + for _, op := range ops { + id := op.OperationID + if id == "" { + id = op.Method + "_" + op.Path + } + fmt.Fprintf(&sb, "- operation_id: %q %s %s summary: %s\n", id, op.Method, op.Path, op.Summary) + } + sb.WriteString("\nReturn ONLY the JSON array, no other text.") + + ctx, cancel := context.WithTimeout(context.Background(), 90*time.Second) + defer cancel() + + req := &llm.CompletionRequest{ + System: "You are an API testing expert. Analyze operations and return structured JSON.", + Messages: []llm.Message{{Role: "user", Content: sb.String()}}, + MaxTokens: 256 * len(ops), // ~256 tokens per op is enough for the annotation fields + } + resp, err := llm.Retry(ctx, 5, func() (*llm.CompletionResponse, error) { + return e.llm.Complete(ctx, req) + }) + if err != nil { + return nil, err + } + return parseBatchAnnotations(resp.Text), nil +} + +// parseBatchAnnotations extracts a JSON array of per-operation annotations from +// the LLM response and returns a map keyed by operation_id. +func parseBatchAnnotations(text string) map[string]*spec.SemanticAnnotation { + extracted := llm.ExtractJSON(text) + var items []struct { + OperationID string `json:"operation_id"` + ResourceType string `json:"resource_type"` + ActionType string `json:"action_type"` + HasStateMachine bool `json:"has_state_machine"` + StateField string `json:"state_field"` + UniqueFields []string `json:"unique_fields"` + ImplicitRules []string `json:"implicit_rules"` + } + if err := json.Unmarshal([]byte(extracted), &items); err != nil { + return nil + } + out := make(map[string]*spec.SemanticAnnotation, len(items)) + for _, item := range items { + if item.OperationID == "" { + continue + } + out[item.OperationID] = &spec.SemanticAnnotation{ + ResourceType: item.ResourceType, + ActionType: item.ActionType, + HasStateMachine: item.HasStateMachine, + StateField: item.StateField, + UniqueFields: item.UniqueFields, + ImplicitRules: item.ImplicitRules, + } + } + return out +} + func (e *Engine) annotateOperation(op *spec.Operation) (*spec.SemanticAnnotation, error) { prompt := fmt.Sprintf( "Analyze this API operation and return JSON:\n"+ diff --git a/internal/methodology/engine_test.go b/internal/methodology/engine_test.go index 34cba17..a8f93ee 100644 --- a/internal/methodology/engine_test.go +++ b/internal/methodology/engine_test.go @@ -3,6 +3,7 @@ package methodology import ( "context" + "fmt" "sync" "testing" @@ -346,3 +347,158 @@ func TestEngine_MaxCasesPerOp_TruncatesByPriority(t *testing.T) { assert.LessOrEqual(t, len(cases), 2, "engine must not produce more than maxCasesPerOp cases for a single operation") } + +// batchLLMProvider captures LLM calls and returns a canned batch JSON response. +type batchLLMProvider struct { + calls int + muCalls sync.Mutex + // responseFor returns the response text for each call (indexed by call number). + responseFor func(req string) string +} + +func (b *batchLLMProvider) IsAvailable() bool { return true } +func (b *batchLLMProvider) Name() string { return "batch-stub" } +func (b *batchLLMProvider) Complete(_ context.Context, req *llm.CompletionRequest) (*llm.CompletionResponse, error) { + b.muCalls.Lock() + n := b.calls + b.calls++ + b.muCalls.Unlock() + _ = n + text := b.responseFor(req.Messages[0].Content) + return &llm.CompletionResponse{Text: text}, nil +} + +func TestEngine_BatchAnnotation_EmitsOneEventPerOp(t *testing.T) { + var got []event.EventType + mu := sync.Mutex{} + sink := event.SinkFunc(func(e event.Event) { + mu.Lock() + got = append(got, e.Type) + mu.Unlock() + }) + + stub := &batchLLMProvider{responseFor: func(_ string) string { + return `[ + {"operation_id":"op1","resource_type":"pet","action_type":"list"}, + {"operation_id":"op2","resource_type":"pet","action_type":"create"} + ]` + }} + engine := NewEngine(stub, NewEquivalenceTechnique()) + engine.SetAnnotationBatch(10) // both ops fit in one batch + engine.SetSink(sink) + + ps := &spec.ParsedSpec{Operations: []*spec.Operation{ + {OperationID: "op1", Method: "GET", Path: "/pets", Responses: map[string]*spec.Response{"200": {}}}, + {OperationID: "op2", Method: "POST", Path: "/pets", Responses: map[string]*spec.Response{"201": {}}}, + }} + _, err := engine.Generate(ps) + require.NoError(t, err) + + var annotatingCount int + for _, typ := range got { + if typ == event.EventOperationAnnotating { + annotatingCount++ + } + } + assert.Equal(t, 2, annotatingCount, "batch mode must still emit one EventOperationAnnotating per operation") +} + +func TestEngine_BatchAnnotation_AnnotatesOpsCorrectly(t *testing.T) { + stub := &batchLLMProvider{responseFor: func(_ string) string { + return `[ + {"operation_id":"createPet","resource_type":"pet","action_type":"create","unique_fields":["name"]}, + {"operation_id":"listPets","resource_type":"pet","action_type":"list"} + ]` + }} + engine := NewEngine(stub) + engine.SetAnnotationBatch(10) + + ops := []*spec.Operation{ + {OperationID: "listPets", Method: "GET", Path: "/pets", Responses: map[string]*spec.Response{"200": {}}}, + {OperationID: "createPet", Method: "POST", Path: "/pets", Responses: map[string]*spec.Response{"201": {}}}, + } + ps := &spec.ParsedSpec{Operations: ops} + _, err := engine.Generate(ps) + require.NoError(t, err) + + var listOp, createOp *spec.Operation + for _, op := range ops { + if op.OperationID == "listPets" { + listOp = op + } else if op.OperationID == "createPet" { + createOp = op + } + } + require.NotNil(t, listOp.SemanticInfo, "listPets should have annotation") + assert.Equal(t, "list", listOp.SemanticInfo.ActionType) + + require.NotNil(t, createOp.SemanticInfo, "createPet should have annotation") + assert.Equal(t, "create", createOp.SemanticInfo.ActionType) + assert.Equal(t, []string{"name"}, createOp.SemanticInfo.UniqueFields) +} + +func TestEngine_BatchAnnotation_BatchFailureIsGraceful(t *testing.T) { + // LLM returns invalid JSON — ops should get no annotation but gen still succeeds. + stub := &batchLLMProvider{responseFor: func(_ string) string { + return `not valid json` + }} + engine := NewEngine(stub, NewEquivalenceTechnique()) + engine.SetAnnotationBatch(5) + + ops := []*spec.Operation{ + {OperationID: "op1", Method: "GET", Path: "/x", Responses: map[string]*spec.Response{"200": {}}}, + } + _, err := engine.Generate(&spec.ParsedSpec{Operations: ops}) + require.NoError(t, err, "batch annotation failure must not fail generation") + assert.Nil(t, ops[0].SemanticInfo, "failed batch should leave SemanticInfo nil") +} + +func TestEngine_BatchAnnotation_SplitsIntoBatches(t *testing.T) { + var callCount int + mu := sync.Mutex{} + stub := &batchLLMProvider{responseFor: func(_ string) string { + mu.Lock() + callCount++ + mu.Unlock() + return `[]` // empty but valid + }} + engine := NewEngine(stub) + engine.SetAnnotationBatch(3) // 5 ops → 2 batches + + ops := make([]*spec.Operation, 5) + for i := range ops { + ops[i] = &spec.Operation{ + OperationID: fmt.Sprintf("op%d", i), + Method: "GET", Path: fmt.Sprintf("/x%d", i), + Responses: map[string]*spec.Response{"200": {}}, + } + } + _, err := engine.Generate(&spec.ParsedSpec{Operations: ops}) + require.NoError(t, err) + assert.Equal(t, 2, callCount, "5 ops with batch size 3 should make exactly 2 LLM calls") +} + +func TestParseBatchAnnotations_HandlesValidArray(t *testing.T) { + text := `[ + {"operation_id":"getUser","resource_type":"user","action_type":"read","has_state_machine":false,"unique_fields":["email"],"implicit_rules":["email must be unique"]}, + {"operation_id":"createUser","resource_type":"user","action_type":"create"} + ]` + result := parseBatchAnnotations(text) + require.Len(t, result, 2) + assert.Equal(t, "user", result["getUser"].ResourceType) + assert.Equal(t, "read", result["getUser"].ActionType) + assert.Equal(t, []string{"email"}, result["getUser"].UniqueFields) + assert.Equal(t, "create", result["createUser"].ActionType) +} + +func TestParseBatchAnnotations_DropsEntryWithoutOperationID(t *testing.T) { + text := `[{"resource_type":"user","action_type":"read"},{"operation_id":"op2","action_type":"list"}]` + result := parseBatchAnnotations(text) + assert.NotContains(t, result, "", "entry without operation_id must be dropped") + assert.Contains(t, result, "op2") +} + +func TestParseBatchAnnotations_InvalidJSONReturnsNil(t *testing.T) { + assert.Nil(t, parseBatchAnnotations("not json")) + assert.Nil(t, parseBatchAnnotations("{}")) // object not array +} diff --git a/scripts/acceptance.sh b/scripts/acceptance.sh index 66c6bb4..aa0cdee 100755 --- a/scripts/acceptance.sh +++ b/scripts/acceptance.sh @@ -1055,6 +1055,10 @@ run "AT-251" "gen --force regenerates even when spec is unchanged" \ "'$BIN' gen --spec '$WORKDIR/petstore.yaml' --no-ai --output '$AT251DIR' 2>&1 | grep -q 'Generated' && \ '$BIN' gen --spec '$WORKDIR/petstore.yaml' --no-ai --force --output '$AT251DIR' 2>&1 | grep -q 'Generated'" +# AT-252: --annotation-batch flag is registered +contains "AT-252" "gen --annotation-batch flag is registered" "annotation-batch" \ + "$BIN gen --help" + echo "" # ------------------------------------------------------- From 98cbb8ca54086d4c9d4e18b6a83eb5339a1c2b60 Mon Sep 17 00:00:00 2001 From: yuchou87 Date: Wed, 6 May 2026 21:58:59 +0800 Subject: [PATCH 2/3] chore: ignore generated cases/ output directory --- .gitignore | 3 + ...in_audit_logs_get_auth_chain_4b81d9bb.hurl | 44 - ..._row_10_action_user_disabled_e73ed081.hurl | 15 - ...e_row_11_action_team_created_a820fea5.hurl | 15 - ...tion_tree_row_1_action_login_80f9a912.hurl | 15 - ...e_row_2_action_spec_uploaded_ee7cf268.hurl | 15 - ...ee_row_3_action_spec_updated_df4697d4.hurl | 15 - ...row_4_action_service_deleted_ba4c28cb.hurl | 15 - ...e_row_5_action_grant_created_2874616a.hurl | 15 - ...e_row_6_action_grant_revoked_4511e41f.hurl | 15 - ...e_row_7_action_token_created_e290ff04.hurl | 15 - ...e_row_8_action_token_revoked_5a6e9137.hurl | 15 - ...ee_row_9_action_user_created_e92e324e.hurl | 15 - ...p_api2_broken_authentication_eb7a16db.hurl | 12 - ..._level_authorization_missing_b02abc71.hurl | 13 - ...pi7_injection_path_traversal_a1c2c8cc.hurl | 15 - ...et_owasp_api7_injection_sqli_605a4d60.hurl | 15 - ...get_owasp_api7_injection_xss_0d70db14.hurl | 15 - ...est_with_all_required_fields_04940e9f.hurl | 19 - ..._cors_security_configuration_744c12cf.hurl | 16 - ...ent_second_call_must_be_safe_1f6fc417.hurl | 33 - ..._id_delete_idor_id_0_zero_id_c0c54349.hurl | 16 - ..._delete_idor_id_99999_alt_id_b20f3be6.hurl | 16 - ...te_missing_required_param_id_57e2f5d8.hurl | 12 - ...pi1_bola_unauthorized_access_d8d75c69.hurl | 12 - ...p_api2_broken_authentication_2b26b1b2.hurl | 12 - ..._level_authorization_missing_640109d2.hurl | 13 - ...pi7_injection_path_traversal_5cfaf557.hurl | 15 - ...te_owasp_api7_injection_sqli_3883f876.hurl | 15 - ...ete_owasp_api7_injection_xss_7e26f4e3.hurl | 15 - ...est_with_all_required_fields_03c20c58.hurl | 16 - ..._cors_security_configuration_ff243297.hurl | 16 - ..._cors_security_configuration_4b672517.hurl | 16 - ...ent_second_call_must_be_safe_dc1513dd.hurl | 45 - ...s_assignment_financial_probe_297a0e33.hurl | 22 - ...ss_assignment_identity_probe_c9fe2f6f.hurl | 22 - ...s_assignment_privilege_probe_c8fb1c8e.hurl | 22 - ...mass_assignment_status_probe_6072976c.hurl | 22 - ...issing_required_field_teamid_8397ba83.hurl | 16 - ...issing_required_field_teamid_bc585ae5.hurl | 16 - ...ing_required_param_serviceid_3dc3ff8a.hurl | 12 - ...mutation_teamid_empty_string_717311a7.hurl | 22 - ...id_integer_instead_of_string_cea11786.hurl | 22 - ...t_mutation_teamid_null_value_3c6b4929.hurl | 22 - ...d_oversized_string_300_chars_452218de.hurl | 22 - ...pi1_bola_unauthorized_access_b7125bf5.hurl | 12 - ...p_api2_broken_authentication_6bc9b636.hurl | 12 - ..._bopla_property_level_access_26712b87.hurl | 24 - ...ction_level_authorization_mi_544e90d2.hurl | 13 - ...t_owasp_api6_mass_assignment_29a92605.hurl | 26 - ...pi7_injection_path_traversal_b621722f.hurl | 15 - ...ut_owasp_api7_injection_sqli_53f0e55f.hurl | 15 - ...put_owasp_api7_injection_xss_3ad867af.hurl | 15 - ...uired_omission_teamid_absent_d24b98db.hurl | 20 - ...tion_teamid_missing_required_c8b11e1e.hurl | 16 - ...tation_nullable_field_teamid_f06bfa27.hurl | 22 - ...on_teamid_wrong_type_boolean_5b55ebea.hurl | 18 - ...on_teamid_wrong_type_integer_87eccc15.hurl | 18 - ...fuzzing_teamid_bidi_override_e30f1b9e.hurl | 18 - ..._fuzzing_teamid_control_char_00caba6f.hurl | 18 - ...code_fuzzing_teamid_overlong_5dc313b9.hurl | 18 - ...unicode_fuzzing_teamid_zalgo_c1fa3472.hurl | 18 - ...de_fuzzing_teamid_zero_width_1c0a1d4a.hurl | 18 - ...est_with_all_required_fields_c8662867.hurl | 22 - ...rong_content_type_text_plain_16d39238.hurl | 18 - ...i_admin_teams_get_auth_chain_3977085e.hurl | 44 - ...p_api2_broken_authentication_1e347647.hurl | 12 - ..._level_authorization_missing_a9276ccc.hurl | 13 - ...est_with_all_required_fields_978ae5a8.hurl | 16 - ...ent_second_call_must_be_safe_2d2c1dda.hurl | 33 - ..._id_delete_idor_id_0_zero_id_04e9a0f9.hurl | 16 - ..._delete_idor_id_99999_alt_id_0d533645.hurl | 16 - ...te_missing_required_param_id_d700a9bc.hurl | 12 - ...pi1_bola_unauthorized_access_a23b7745.hurl | 12 - ...p_api2_broken_authentication_f7305717.hurl | 12 - ..._level_authorization_missing_1f9d5ef0.hurl | 13 - ...pi7_injection_path_traversal_726d486c.hurl | 15 - ...te_owasp_api7_injection_sqli_e0aa0be4.hurl | 15 - ...ete_owasp_api7_injection_xss_cdcba009.hurl | 15 - ...est_with_all_required_fields_2f56068b.hurl | 16 - ...grants_get_idor_id_0_zero_id_625bb61d.hurl | 16 - ...nts_get_idor_id_99999_alt_id_1e7138b3.hurl | 16 - ...et_missing_required_param_id_aa4a85d2.hurl | 12 - ...pi1_bola_unauthorized_access_9c3bba1f.hurl | 12 - ...p_api2_broken_authentication_2dae98a0.hurl | 12 - ..._level_authorization_missing_8f5433a6.hurl | 13 - ...pi7_injection_path_traversal_b5400171.hurl | 15 - ...et_owasp_api7_injection_sqli_a7917f13.hurl | 15 - ...get_owasp_api7_injection_xss_269d7a97.hurl | 15 - ...est_with_all_required_fields_d5427a01.hurl | 17 - ..._cors_security_configuration_8b59e761.hurl | 16 - ...ent_second_call_must_be_safe_810053e8.hurl | 57 - ...rants_post_idor_id_0_zero_id_82f1376b.hurl | 16 - ...ts_post_idor_id_99999_alt_id_14f8c7cc.hurl | 16 - ...s_assignment_financial_probe_8b55910b.hurl | 28 - ...ss_assignment_identity_probe_74060ffe.hurl | 28 - ...s_assignment_privilege_probe_eaaad8f0.hurl | 28 - ...mass_assignment_status_probe_54b93b94.hurl | 28 - ...ing_required_field_serviceid_33636c2c.hurl | 23 - ...ing_required_field_serviceid_62d899fa.hurl | 23 - ...st_missing_required_param_id_aee10eee.hurl | 12 - ...mutation_branches_null_value_3f1f0acd.hurl | 26 - ...ches_object_instead_of_array_c0bd2a08.hurl | 26 - ...ches_string_instead_of_array_963f2d23.hurl | 26 - ...ation_expiresat_empty_string_2894700e.hurl | 28 - ...at_integer_instead_of_string_c03df9f9.hurl | 28 - ...xpiresat_invalid_date_format_6260c870.hurl | 28 - ...utation_expiresat_null_value_759658e7.hurl | 28 - ...t_oversized_string_300_chars_0ee96c4d.hurl | 28 - ...n_granteeteamid_empty_string_7d06efc6.hurl | 28 - ...ion_granteeteamid_null_value_0064709a.hurl | 28 - ...post_null_injection_branches_e32391c6.hurl | 22 - ...ost_null_injection_expiresat_df39db3e.hurl | 24 - ...null_injection_granteeteamid_63fd31b7.hurl | 24 - ...null_injection_granteeuserid_593b0773.hurl | 24 - ...ost_null_injection_serviceid_2571eb1b.hurl | 24 - ...pi1_bola_unauthorized_access_750fd5ab.hurl | 12 - ...p_api2_broken_authentication_a5db835c.hurl | 12 - ..._level_authorization_missing_4c520692.hurl | 13 - ...t_owasp_api6_mass_assignment_e74b3c2c.hurl | 32 - ...pi7_injection_path_traversal_aa0b7128.hurl | 15 - ...st_owasp_api7_injection_sqli_ea6fd919.hurl | 15 - ...ost_owasp_api7_injection_xss_c288f174.hurl | 15 - ...ed_omission_serviceid_absent_eb992221.hurl | 27 - ...resat_invalid_format_date_ti_9509a04a.hurl | 24 - ...n_serviceid_missing_required_4b79a206.hurl | 23 - ...n_branches_wrong_type_string_291b984a.hurl | 22 - ...expiresat_wrong_type_boolean_d73bcfa6.hurl | 24 - ...expiresat_wrong_type_integer_4440c404.hurl | 24 - ...teeteamid_wrong_type_boolean_8920e31f.hurl | 24 - ...teeteamid_wrong_type_integer_50132b05.hurl | 24 - ...teeuserid_wrong_type_boolean_1566fad3.hurl | 24 - ...teeuserid_wrong_type_integer_3f9db72b.hurl | 24 - ...serviceid_wrong_type_boolean_f4852904.hurl | 24 - ...serviceid_wrong_type_integer_e98b7c31.hurl | 24 - ...zing_expiresat_bidi_override_691f2024.hurl | 24 - ...zzing_expiresat_control_char_ed7d403f.hurl | 24 - ...e_fuzzing_expiresat_overlong_e80f6e77.hurl | 24 - ...code_fuzzing_expiresat_zalgo_e8fa18b3.hurl | 24 - ...fuzzing_expiresat_zero_width_c67b22d4.hurl | 24 - ..._granteeteamid_bidi_override_d197e84d.hurl | 24 - ...g_granteeteamid_control_char_d5595214.hurl | 24 - ...zzing_granteeteamid_overlong_4df41e59.hurl | 24 - ..._fuzzing_granteeteamid_zalgo_603eeaa8.hurl | 24 - ...ing_granteeteamid_zero_width_28a0c8b4.hurl | 24 - ..._granteeuserid_bidi_override_57831769.hurl | 24 - ...g_granteeuserid_control_char_bb1058c5.hurl | 24 - ...zzing_granteeuserid_overlong_81f35d0c.hurl | 24 - ..._fuzzing_granteeuserid_zalgo_7682a2d7.hurl | 24 - ...ing_granteeuserid_zero_width_7f787ffd.hurl | 24 - ...zing_serviceid_bidi_override_894450de.hurl | 24 - ...zzing_serviceid_control_char_aea6968a.hurl | 24 - ...e_fuzzing_serviceid_overlong_ae4ea893.hurl | 24 - ...code_fuzzing_serviceid_zalgo_3b372657.hurl | 24 - ...fuzzing_serviceid_zero_width_c9798ccb.hurl | 24 - ...est_with_all_required_fields_62bccfec.hurl | 28 - ...rong_content_type_text_plain_a9ed456f.hurl | 24 - ...n_delete_api_admin_grants_id_fae601d3.hurl | 48 - ...in_delete_api_admin_users_id_1e93f696.hurl | 48 - ...t_api_admin_teams_id_members_7710bdae.hurl | 48 - ..._api_admin_teams_id_services_fd7cb142.hurl | 48 - ...t_api_admin_teams_id_members_136f3cd3.hurl | 55 - ...dmin_services_serviceid_team_cafaccf6.hurl | 54 - ...chain_put_api_admin_users_id_636e3912.hurl | 55 - ...embers_get_idor_id_0_zero_id_8d769a8b.hurl | 16 - ...ers_get_idor_id_99999_alt_id_4af55f13.hurl | 16 - ...et_missing_required_param_id_724cd05d.hurl | 12 - ...pi1_bola_unauthorized_access_be93ffb9.hurl | 12 - ...p_api2_broken_authentication_942888a7.hurl | 12 - ...pi7_injection_path_traversal_c5fcb2bd.hurl | 15 - ...et_owasp_api7_injection_sqli_05eacd8d.hurl | 15 - ...get_owasp_api7_injection_xss_9935c2df.hurl | 15 - ...est_with_all_required_fields_f1d4a7ff.hurl | 16 - ..._cors_security_configuration_02ec7afc.hurl | 16 - ...ent_second_call_must_be_safe_fce8d8db.hurl | 47 - ...mbers_post_idor_id_0_zero_id_07948765.hurl | 16 - ...rs_post_idor_id_99999_alt_id_d1a0e9c6.hurl | 16 - ...valid_role_value_not_in_enum_54b6ea73.hurl | 19 - ...s_assignment_financial_probe_31f44a55.hurl | 23 - ...ss_assignment_identity_probe_09f9b8eb.hurl | 22 - ...s_assignment_privilege_probe_850dd902.hurl | 22 - ...mass_assignment_status_probe_edb444ec.hurl | 23 - ...issing_required_field_userid_4eda623b.hurl | 18 - ...issing_required_field_userid_aea81fb1.hurl | 18 - ...st_missing_required_param_id_e44fc900.hurl | 12 - ...t_mutation_role_empty_string_0cb69d90.hurl | 23 - ...le_integer_instead_of_string_dc8849f5.hurl | 23 - ...ost_mutation_role_null_value_aff2608e.hurl | 23 - ...e_oversized_string_300_chars_977e71fa.hurl | 23 - ...mutation_userid_empty_string_b3beebbb.hurl | 23 - ...id_integer_instead_of_string_d8212bc8.hurl | 23 - ...t_mutation_userid_null_value_8e4fd867.hurl | 23 - ...d_oversized_string_300_chars_5739a85b.hurl | 23 - ...ers_post_null_injection_role_a2c2e196.hurl | 19 - ...s_post_null_injection_userid_1b45482b.hurl | 19 - ...pi1_bola_unauthorized_access_bc997516.hurl | 12 - ...p_api2_broken_authentication_d1200108.hurl | 12 - ...t_owasp_api6_mass_assignment_5a01a3ba.hurl | 27 - ...pi7_injection_path_traversal_60a70815.hurl | 15 - ...st_owasp_api7_injection_sqli_5a3931f1.hurl | 15 - ...ost_owasp_api7_injection_xss_dd4d8c19.hurl | 15 - ...uired_omission_userid_absent_1da7a2c3.hurl | 22 - ..._violation_role_invalid_enum_1d2b8bb8.hurl | 19 - ...tion_userid_missing_required_71efcd62.hurl | 18 - ...cion_role_wrong_type_boolean_2a4f0269.hurl | 19 - ...cion_role_wrong_type_integer_95fd239a.hurl | 19 - ...on_userid_wrong_type_boolean_8aeef740.hurl | 19 - ...on_userid_wrong_type_integer_76bfddd4.hurl | 19 - ...e_fuzzing_role_bidi_override_aa47e2dd.hurl | 19 - ...de_fuzzing_role_control_char_39e9a695.hurl | 19 - ...nicode_fuzzing_role_overlong_7473f431.hurl | 19 - ...t_unicode_fuzzing_role_zalgo_83be4bd5.hurl | 19 - ...code_fuzzing_role_zero_width_241bc1b4.hurl | 19 - ...fuzzing_userid_bidi_override_e839caab.hurl | 19 - ..._fuzzing_userid_control_char_382c05ef.hurl | 19 - ...code_fuzzing_userid_overlong_cbe2af65.hurl | 19 - ...unicode_fuzzing_userid_zalgo_9cd03a11.hurl | 19 - ...de_fuzzing_userid_zero_width_bdeeed04.hurl | 19 - ...est_with_all_required_fields_17f7b78e.hurl | 23 - ...rong_content_type_text_plain_0f904569.hurl | 19 - ...ent_second_call_must_be_safe_e8a5f757.hurl | 33 - ...rid_delete_idor_id_0_zero_id_eb538efa.hurl | 16 - ..._delete_idor_id_99999_alt_id_c4642225.hurl | 16 - ...te_missing_required_param_id_4661322e.hurl | 12 - ...issing_required_param_userid_636a79c8.hurl | 12 - ...pi1_bola_unauthorized_access_042e8f38.hurl | 12 - ...p_api2_broken_authentication_46113a78.hurl | 12 - ...pi7_injection_path_traversal_511147be.hurl | 15 - ...te_owasp_api7_injection_sqli_0cf3a030.hurl | 15 - ...ete_owasp_api7_injection_xss_a4c3899a.hurl | 15 - ...est_with_all_required_fields_8384ae85.hurl | 16 - ..._cors_security_configuration_86b21409.hurl | 16 - ...ent_second_call_must_be_safe_7fb55548.hurl | 45 - ...userid_put_idor_id_0_zero_id_3ecaa43f.hurl | 16 - ...rid_put_idor_id_99999_alt_id_5ee92e8d.hurl | 16 - ...valid_role_value_not_in_enum_1385a015.hurl | 18 - ...s_assignment_financial_probe_e346a0c6.hurl | 22 - ...ss_assignment_identity_probe_c5b345ac.hurl | 22 - ...s_assignment_privilege_probe_830ae193.hurl | 21 - ...mass_assignment_status_probe_08a1d397.hurl | 22 - ..._missing_required_field_role_02cdac38.hurl | 16 - ..._missing_required_field_role_7f67bdd2.hurl | 16 - ...ut_missing_required_param_id_c90499c8.hurl | 12 - ...issing_required_param_userid_a0b457a0.hurl | 12 - ...t_mutation_role_empty_string_9334c130.hurl | 22 - ...le_integer_instead_of_string_c930d5b2.hurl | 22 - ...put_mutation_role_null_value_8380cf38.hurl | 22 - ...e_oversized_string_300_chars_c4c6cb7f.hurl | 22 - ...erid_put_null_injection_role_92d17333.hurl | 18 - ...pi1_bola_unauthorized_access_37084d5c.hurl | 12 - ...p_api2_broken_authentication_19b34217.hurl | 12 - ..._bopla_property_level_access_4c06b345.hurl | 23 - ...t_owasp_api6_mass_assignment_ffe14e02.hurl | 26 - ...pi7_injection_path_traversal_df6e5f44.hurl | 15 - ...ut_owasp_api7_injection_sqli_16482ca3.hurl | 15 - ...put_owasp_api7_injection_xss_d065e277.hurl | 15 - ...equired_omission_role_absent_b8039024.hurl | 20 - ..._violation_role_invalid_enum_128b22a3.hurl | 18 - ...lation_role_missing_required_e51f7c6d.hurl | 16 - ...cion_role_wrong_type_boolean_c33ffd8f.hurl | 18 - ...cion_role_wrong_type_integer_23b49146.hurl | 18 - ...e_fuzzing_role_bidi_override_0b0faf09.hurl | 18 - ...de_fuzzing_role_control_char_a8d734a8.hurl | 18 - ...nicode_fuzzing_role_overlong_1e651ae0.hurl | 18 - ...t_unicode_fuzzing_role_zalgo_f7cf562e.hurl | 18 - ...code_fuzzing_role_zero_width_2815807e.hurl | 18 - ...est_with_all_required_fields_b950209e.hurl | 22 - ...rong_content_type_text_plain_55f30d0f.hurl | 18 - ..._cors_security_configuration_6bbc18bd.hurl | 16 - ...ent_second_call_must_be_safe_1ca0ed36.hurl | 47 - ...ams_id_put_idor_id_0_zero_id_3c4cc44b.hurl | 16 - ..._id_put_idor_id_99999_alt_id_d4dddc4b.hurl | 16 - ...s_assignment_financial_probe_4c631268.hurl | 23 - ...ss_assignment_identity_probe_ed4e87e7.hurl | 23 - ...s_assignment_privilege_probe_1b5cbca5.hurl | 23 - ...mass_assignment_status_probe_c574427d.hurl | 23 - ...ut_missing_required_param_id_09825850.hurl | 12 - ...ion_description_empty_string_eb263846.hurl | 23 - ...on_integer_instead_of_string_f0d62caa.hurl | 23 - ...ation_description_null_value_df8e9c3a.hurl | 23 - ...n_oversized_string_300_chars_68ace4a3.hurl | 23 - ...ion_displayname_empty_string_13a9f6ae.hurl | 23 - ...me_integer_instead_of_string_05b44595.hurl | 23 - ...ation_displayname_null_value_c587ff33.hurl | 23 - ...e_oversized_string_300_chars_7def0ad8.hurl | 23 - ...t_null_injection_description_794499ad.hurl | 19 - ...t_null_injection_displayname_6c433e61.hurl | 19 - ...pi1_bola_unauthorized_access_50ace962.hurl | 12 - ...p_api2_broken_authentication_fea6c4f7.hurl | 12 - ..._bopla_property_level_access_d147b4f6.hurl | 25 - ..._level_authorization_missing_06b71a7c.hurl | 13 - ...t_owasp_api6_mass_assignment_6357ae57.hurl | 27 - ...pi7_injection_path_traversal_894772da.hurl | 15 - ...ut_owasp_api7_injection_sqli_c7f786e4.hurl | 15 - ...put_owasp_api7_injection_xss_d3681129.hurl | 15 - ...scription_wrong_type_boolean_6dd640a7.hurl | 19 - ...scription_wrong_type_integer_3296a87f.hurl | 19 - ...splayname_wrong_type_boolean_ccdc6ae5.hurl | 19 - ...splayname_wrong_type_integer_3ade9411.hurl | 19 - ...ng_description_bidi_override_c42ef106.hurl | 19 - ...ing_description_control_char_d9200d81.hurl | 19 - ...fuzzing_description_overlong_a87f58e7.hurl | 19 - ...de_fuzzing_description_zalgo_e354e0de.hurl | 19 - ...zzing_description_zero_width_1f9507e6.hurl | 19 - ...ng_displayname_bidi_override_7c97c5e9.hurl | 19 - ...ing_displayname_control_char_39195267.hurl | 19 - ...fuzzing_displayname_overlong_cb9e326e.hurl | 19 - ...de_fuzzing_displayname_zalgo_5add01e6.hurl | 19 - ...zzing_displayname_zero_width_a1cdc859.hurl | 19 - ...est_with_all_required_fields_92de58a1.hurl | 29 - ...rong_content_type_text_plain_a77a2981.hurl | 19 - ...rvices_get_idor_id_0_zero_id_405d2163.hurl | 16 - ...ces_get_idor_id_99999_alt_id_09f2f077.hurl | 16 - ...et_missing_required_param_id_bbd8e250.hurl | 12 - ...pi1_bola_unauthorized_access_ce61c6bf.hurl | 12 - ...p_api2_broken_authentication_29194ed9.hurl | 12 - ..._level_authorization_missing_edc7b8fe.hurl | 13 - ...pi7_injection_path_traversal_961479c7.hurl | 15 - ...et_owasp_api7_injection_sqli_2e72efb4.hurl | 15 - ...get_owasp_api7_injection_xss_80ccb269.hurl | 15 - ...est_with_all_required_fields_1b69193c.hurl | 16 - ..._cors_security_configuration_84a2058d.hurl | 16 - ..._cors_security_configuration_ad2f2f8a.hurl | 16 - ..._admin_teams_post_auth_chain_4c68c418.hurl | 52 - ...ndary_name_invalid_below_min_f9b893d9.hurl | 24 - ...ield_boundary_name_valid_min_787507a6.hurl | 24 - ...ent_second_call_must_be_safe_bee426f4.hurl | 49 - ..._string_violates_minlength_1_97aa6ff1.hurl | 20 - ...s_assignment_financial_probe_3c2025cc.hurl | 24 - ...ss_assignment_identity_probe_82f380ef.hurl | 24 - ...s_assignment_privilege_probe_ed2bac60.hurl | 24 - ...mass_assignment_status_probe_9b89bdf9.hurl | 24 - ..._missing_required_field_name_11fe758b.hurl | 19 - ..._missing_required_field_name_80c70bf8.hurl | 19 - ...ion_description_empty_string_569a3993.hurl | 24 - ...on_integer_instead_of_string_4d295fcc.hurl | 24 - ...ation_description_null_value_672e2bba.hurl | 24 - ...n_oversized_string_300_chars_20eb5b64.hurl | 24 - ...ion_displayname_empty_string_34993282.hurl | 24 - ...me_integer_instead_of_string_c361779d.hurl | 24 - ...ation_displayname_null_value_782f4da8.hurl | 24 - ...e_oversized_string_300_chars_b00969d7.hurl | 24 - ...t_mutation_name_empty_string_e4058fd4.hurl | 24 - ...ost_mutation_name_null_value_ec9e6e43.hurl | 24 - ...ax_plus_one_invalid_boundary_5330751c.hurl | 20 - ...t_name_at_max_valid_boundary_b9c84944.hurl | 23 - ...n_minus_one_invalid_boundary_2ccbadc2.hurl | 20 - ...t_name_at_min_valid_boundary_084178e7.hurl | 23 - ...t_null_injection_description_5294fe7b.hurl | 20 - ...t_null_injection_displayname_acaa7cdb.hurl | 20 - ...ams_post_null_injection_name_abe4e3e2.hurl | 20 - ...p_api2_broken_authentication_0f5c6cec.hurl | 12 - ..._level_authorization_missing_2df9f5ad.hurl | 13 - ...t_owasp_api6_mass_assignment_e17876cf.hurl | 28 - ...pi7_injection_path_traversal_a1f1c968.hurl | 18 - ...st_owasp_api7_injection_sqli_3e99ea9b.hurl | 18 - ...ost_owasp_api7_injection_xss_a582e336.hurl | 18 - ...equired_omission_name_absent_7a6a3b1a.hurl | 23 - ...lation_name_missing_required_144ca893.hurl | 19 - ...ema_violation_name_too_short_2d1be97b.hurl | 20 - ...scription_wrong_type_boolean_bf50b6f1.hurl | 20 - ...scription_wrong_type_integer_1aea557e.hurl | 20 - ...splayname_wrong_type_boolean_97c4c8ca.hurl | 20 - ...splayname_wrong_type_integer_759d30e5.hurl | 20 - ...cion_name_wrong_type_boolean_b516cdc6.hurl | 20 - ...cion_name_wrong_type_integer_05c0d231.hurl | 20 - ...ng_description_bidi_override_d96ca637.hurl | 20 - ...ing_description_control_char_8656dd0b.hurl | 20 - ...fuzzing_description_overlong_432c6afa.hurl | 20 - ...de_fuzzing_description_zalgo_760794e2.hurl | 20 - ...zzing_description_zero_width_5161dc9c.hurl | 20 - ...ng_displayname_bidi_override_693c8224.hurl | 20 - ...ing_displayname_control_char_7ead4ab7.hurl | 20 - ...fuzzing_displayname_overlong_3d12d252.hurl | 20 - ...de_fuzzing_displayname_zalgo_6474b9c1.hurl | 20 - ...zzing_displayname_zero_width_8b028ce1.hurl | 20 - ...e_fuzzing_name_bidi_override_19447855.hurl | 20 - ...de_fuzzing_name_control_char_4e8b3875.hurl | 20 - ...nicode_fuzzing_name_overlong_ee78ddc5.hurl | 20 - ...t_unicode_fuzzing_name_zalgo_b42d8584.hurl | 20 - ...code_fuzzing_name_zero_width_76a6b2ca.hurl | 20 - ...est_with_all_required_fields_17f73440.hurl | 30 - ...rong_content_type_text_plain_bd5b4e9e.hurl | 20 - ...n_delete_api_admin_grants_id_70b060a1.hurl | 44 - ...in_delete_api_admin_users_id_f0f67b06.hurl | 44 - ...et_api_admin_teams_id_grants_6aeda09f.hurl | 44 - ...t_api_admin_teams_id_members_0cb6ef87.hurl | 44 - ..._api_admin_teams_id_services_3642a068.hurl | 44 - ...st_api_admin_teams_id_grants_1b66938a.hurl | 56 - ...t_api_admin_teams_id_members_210690e6.hurl | 51 - ...dmin_services_serviceid_team_8cbdf061.hurl | 50 - ...chain_put_api_admin_users_id_2d5ea99d.hurl | 51 - ...i_admin_users_get_auth_chain_e4ef12fa.hurl | 44 - ...p_api2_broken_authentication_aaffe36c.hurl | 12 - ..._level_authorization_missing_3724bb26.hurl | 13 - ...est_with_all_required_fields_e7fb82c9.hurl | 16 - ...ent_second_call_must_be_safe_380dcf78.hurl | 33 - ..._id_delete_idor_id_0_zero_id_f8eac138.hurl | 16 - ..._delete_idor_id_99999_alt_id_f53c958f.hurl | 16 - ...te_missing_required_param_id_abfeb37c.hurl | 12 - ...pi1_bola_unauthorized_access_073a78a5.hurl | 12 - ...p_api2_broken_authentication_5cc69e63.hurl | 12 - ..._level_authorization_missing_4c861285.hurl | 13 - ...pi7_injection_path_traversal_9a54d420.hurl | 15 - ...te_owasp_api7_injection_sqli_35704eb4.hurl | 15 - ...ete_owasp_api7_injection_xss_ae1228c7.hurl | 15 - ...est_with_all_required_fields_fd2d7e20.hurl | 16 - ..._cors_security_configuration_e0b5b44a.hurl | 16 - ...ent_second_call_must_be_safe_383d2878.hurl | 47 - ...ers_id_put_idor_id_0_zero_id_1420839c.hurl | 16 - ..._id_put_idor_id_99999_alt_id_b306fbb7.hurl | 16 - ...rong_type_string_for_boolean_9a696767.hurl | 19 - ...valid_role_value_not_in_enum_be8b477d.hurl | 19 - ..._users_id_put_isactive_false_307b2101.hurl | 22 - ...n_users_id_put_isactive_true_920617a8.hurl | 22 - ...s_assignment_financial_probe_9e2cf67b.hurl | 23 - ...ss_assignment_identity_probe_4fb556e6.hurl | 23 - ...s_assignment_privilege_probe_a6a6cd31.hurl | 22 - ...mass_assignment_status_probe_1054f864.hurl | 23 - ...ut_missing_required_param_id_fe77f880.hurl | 12 - ...e_integer_instead_of_boolean_56c3f6cc.hurl | 23 - ...mutation_isactive_null_value_48706298.hurl | 23 - ...ve_string_instead_of_boolean_c83a8b69.hurl | 23 - ...t_mutation_role_empty_string_f4802a98.hurl | 23 - ...le_integer_instead_of_string_1d2d0cbd.hurl | 23 - ...put_mutation_role_null_value_091acd05.hurl | 23 - ...e_oversized_string_300_chars_786de8b3.hurl | 23 - ..._put_null_injection_isactive_c8deaf48.hurl | 19 - ...s_id_put_null_injection_role_e890383a.hurl | 19 - ...pi1_bola_unauthorized_access_91b47863.hurl | 12 - ...p_api2_broken_authentication_3552a6c6.hurl | 12 - ..._bopla_property_level_access_4ae5244a.hurl | 24 - ..._level_authorization_missing_8f0d7884.hurl | 13 - ...t_owasp_api6_mass_assignment_38dd166b.hurl | 27 - ...pi7_injection_path_traversal_e9f5a9c9.hurl | 15 - ...ut_owasp_api7_injection_sqli_c653b26d.hurl | 15 - ...put_owasp_api7_injection_xss_51b9a625.hurl | 15 - ...dmin_users_id_put_role_guest_d671319d.hurl | 22 - ...sers_id_put_role_super_admin_72c28c85.hurl | 22 - ...sers_id_put_role_team_member_c19312b9.hurl | 22 - ...users_id_put_role_team_owner_c8807eae.hurl | 22 - ...iolation_isactive_wrong_type_891572b6.hurl | 19 - ..._violation_role_invalid_enum_3765a2be.hurl | 19 - ..._isactive_wrong_type_integer_308337db.hurl | 19 - ...n_isactive_wrong_type_string_4a329fab.hurl | 19 - ...cion_role_wrong_type_boolean_c4d77768.hurl | 19 - ...cion_role_wrong_type_integer_60c61680.hurl | 19 - ...e_fuzzing_role_bidi_override_a2217373.hurl | 19 - ...de_fuzzing_role_control_char_be44c91e.hurl | 19 - ...nicode_fuzzing_role_overlong_4c95b987.hurl | 19 - ...t_unicode_fuzzing_role_zalgo_d015a170.hurl | 19 - ...code_fuzzing_role_zero_width_b1e60615.hurl | 19 - ...est_with_all_required_fields_d7979f2a.hurl | 23 - ...rong_content_type_text_plain_69ba511c.hurl | 19 - ..._cors_security_configuration_d0d06277.hurl | 16 - ...dmin_webhooks_get_auth_chain_c741d9e1.hurl | 44 - ...p_api2_broken_authentication_ec46e5a8.hurl | 12 - ..._level_authorization_missing_a2ef426c.hurl | 13 - ...est_with_all_required_fields_c3e5fa48.hurl | 16 - ...ent_second_call_must_be_safe_854a404a.hurl | 33 - ...000_0000_000000000000_nil_uu_2c9e3616.hurl | 16 - ...000_0000_000000000001_alt_uu_101b67d9.hurl | 16 - ...te_missing_required_param_id_25ba00ae.hurl | 12 - ...p_api2_broken_authentication_23cf0c86.hurl | 12 - ..._level_authorization_missing_01a13cd8.hurl | 13 - ...pi7_injection_path_traversal_bdc77229.hurl | 15 - ...te_owasp_api7_injection_sqli_7e499729.hurl | 15 - ...ete_owasp_api7_injection_xss_06da467b.hurl | 15 - ...est_with_all_required_fields_f50edea5.hurl | 15 - ..._cors_security_configuration_c34b22b5.hurl | 16 - ...00_0000_000000000000_nil_uui_93edf6a3.hurl | 16 - ...00_0000_000000000001_alt_uui_e5555fc8.hurl | 16 - ...rong_type_string_for_boolean_fbeea8b1.hurl | 23 - ...s_assignment_financial_probe_ed85e04f.hurl | 27 - ...ss_assignment_identity_probe_1274d148.hurl | 27 - ...s_assignment_privilege_probe_d0ddffec.hurl | 27 - ...mass_assignment_status_probe_16deab72.hurl | 27 - ...ch_missing_required_param_id_8a80112e.hurl | 12 - ...h_mutation_events_null_value_2d09c873.hurl | 25 - ...ents_object_instead_of_array_309789e7.hurl | 25 - ...ents_string_instead_of_array_9439ce9e.hurl | 25 - ...e_integer_instead_of_boolean_161755de.hurl | 27 - ...mutation_isactive_null_value_c42eb537.hurl | 27 - ...ve_string_instead_of_boolean_be6cb74f.hurl | 27 - ...h_mutation_name_empty_string_48b3b8ee.hurl | 27 - ...me_integer_instead_of_string_ec8ffbaa.hurl | 27 - ...tch_mutation_name_null_value_07005fc1.hurl | 27 - ...e_oversized_string_300_chars_bc9e284b.hurl | 27 - ..._patch_null_injection_events_e5f0413f.hurl | 21 - ...atch_null_injection_isactive_f681cd0b.hurl | 23 - ...id_patch_null_injection_name_abff0001.hurl | 23 - ..._id_patch_null_injection_url_6597f138.hurl | 23 - ...ks_id_patch_owasp_api10_ssrf_432c0bdd.hurl | 18 - ...p_api2_broken_authentication_3a1afdb6.hurl | 12 - ..._bopla_property_level_access_d7a97bb7.hurl | 29 - ..._level_authorization_missing_6c16dac4.hurl | 13 - ...pi7_injection_path_traversal_b84f711a.hurl | 15 - ...ch_owasp_api7_injection_sqli_e249a62c.hurl | 15 - ...tch_owasp_api7_injection_xss_e86a894c.hurl | 15 - ...iolation_isactive_wrong_type_a0047765.hurl | 23 - ...ion_events_wrong_type_string_ce35cd41.hurl | 21 - ..._isactive_wrong_type_integer_4c590e85.hurl | 23 - ...n_isactive_wrong_type_string_db8dd398.hurl | 23 - ...cion_name_wrong_type_boolean_e2d843b1.hurl | 23 - ...cion_name_wrong_type_integer_849247d2.hurl | 23 - ...rcion_url_wrong_type_boolean_d9bfd2d8.hurl | 23 - ...rcion_url_wrong_type_integer_5b388493.hurl | 23 - ...e_fuzzing_name_bidi_override_61073126.hurl | 23 - ...de_fuzzing_name_control_char_9fed73af.hurl | 23 - ...nicode_fuzzing_name_overlong_ff322daa.hurl | 23 - ...h_unicode_fuzzing_name_zalgo_a31d1299.hurl | 23 - ...code_fuzzing_name_zero_width_6bdb26ba.hurl | 23 - ...de_fuzzing_url_bidi_override_36430217.hurl | 23 - ...ode_fuzzing_url_control_char_ed68863e.hurl | 23 - ...unicode_fuzzing_url_overlong_d7318097.hurl | 23 - ...ch_unicode_fuzzing_url_zalgo_0a72a45e.hurl | 23 - ...icode_fuzzing_url_zero_width_61e8a563.hurl | 23 - ...est_with_all_required_fields_415f32a9.hurl | 35 - ...rong_content_type_text_plain_94225ad6.hurl | 23 - ..._cors_security_configuration_19ddcfe4.hurl | 16 - ...ent_second_call_must_be_safe_ff996bd3.hurl | 33 - ...0_0000_0000_000000000000_nil_33f46434.hurl | 16 - ...0_0000_0000_000000000001_alt_eb0b8c82.hurl | 16 - ...st_missing_required_param_id_8f3b353e.hurl | 12 - ...p_api2_broken_authentication_7054030e.hurl | 12 - ..._level_authorization_missing_908d0d93.hurl | 13 - ...pi7_injection_path_traversal_6c16c87b.hurl | 15 - ...st_owasp_api7_injection_sqli_7a0227b0.hurl | 15 - ...ost_owasp_api7_injection_xss_e8743ba7.hurl | 15 - ...est_with_all_required_fields_ae0a2dc3.hurl | 16 - ..._cors_security_configuration_3f16f7ab.hurl | 16 - ...min_webhooks_post_auth_chain_f4c0b7fc.hurl | 56 - ...ndary_name_invalid_below_min_7b9e5b4d.hurl | 28 - ...ield_boundary_name_valid_min_85b28596.hurl | 28 - ...ent_second_call_must_be_safe_06e188f6.hurl | 57 - ...ty_array_violates_minitems_1_41ef09da.hurl | 22 - ..._string_violates_minlength_1_86292ddb.hurl | 24 - ...s_assignment_financial_probe_241955ee.hurl | 28 - ...ss_assignment_identity_probe_30b18c5f.hurl | 28 - ...s_assignment_privilege_probe_f5c743f7.hurl | 28 - ...mass_assignment_status_probe_33b56375.hurl | 28 - ...issing_required_field_events_d6a5b0c7.hurl | 21 - ...issing_required_field_events_dfcc1c56.hurl | 21 - ..._missing_required_field_name_45423b82.hurl | 23 - ..._missing_required_field_name_6c83435b.hurl | 23 - ...t_missing_required_field_url_6ed0d9f4.hurl | 23 - ...t_missing_required_field_url_f322285b.hurl | 23 - ...t_mutation_events_null_value_2c34fbf1.hurl | 26 - ...ents_object_instead_of_array_4a653004.hurl | 26 - ...ents_string_instead_of_array_19783d1d.hurl | 26 - ...t_mutation_name_empty_string_f615d2a9.hurl | 28 - ...me_integer_instead_of_string_cf6c122c.hurl | 28 - ...ost_mutation_name_null_value_b75000cd.hurl | 28 - ...e_oversized_string_300_chars_5be879ce.hurl | 28 - ...on_providertype_empty_string_9b991c26.hurl | 28 - ...pe_integer_instead_of_string_83e13d1b.hurl | 28 - ...tion_providertype_null_value_595d67fc.hurl | 28 - ...ax_plus_one_invalid_boundary_94214268.hurl | 24 - ...t_name_at_max_valid_boundary_d8fb6781.hurl | 27 - ...n_minus_one_invalid_boundary_5b4327aa.hurl | 24 - ...t_name_at_min_valid_boundary_72f21135.hurl | 27 - ...s_post_null_injection_events_35254559.hurl | 22 - ...oks_post_null_injection_name_169dbf8c.hurl | 24 - ..._null_injection_providertype_d40094c4.hurl | 24 - ...s_post_null_injection_teamid_4f42ea82.hurl | 24 - ...ooks_post_null_injection_url_52359f32.hurl | 24 - ...bhooks_post_owasp_api10_ssrf_fa3b21f3.hurl | 18 - ...p_api2_broken_authentication_f690ca7e.hurl | 12 - ..._level_authorization_missing_d8d5bdac.hurl | 13 - ...t_owasp_api6_mass_assignment_1b59ba48.hurl | 32 - ...pi7_injection_path_traversal_a39cab42.hurl | 18 - ...st_owasp_api7_injection_sqli_03accab7.hurl | 18 - ...ost_owasp_api7_injection_xss_a1a1e257.hurl | 18 - ...uired_omission_events_absent_09946d4c.hurl | 25 - ...equired_omission_name_absent_d0373487.hurl | 27 - ...required_omission_url_absent_6d3bc221.hurl | 27 - ...tion_events_missing_required_e4df148d.hurl | 21 - ...olation_events_too_few_items_a0bdf58b.hurl | 22 - ...lation_name_missing_required_7b8cab12.hurl | 23 - ...ema_violation_name_too_short_b49ea6fa.hurl | 24 - ...olation_url_missing_required_4d32f3c3.hurl | 23 - ...ion_events_wrong_type_string_07b6f191.hurl | 22 - ...cion_name_wrong_type_boolean_49b71fc3.hurl | 24 - ...cion_name_wrong_type_integer_39c60504.hurl | 24 - ...vidertype_wrong_type_boolean_2f2c0975.hurl | 24 - ...vidertype_wrong_type_integer_e227c019.hurl | 24 - ...on_teamid_wrong_type_boolean_b27447cc.hurl | 24 - ...on_teamid_wrong_type_integer_5db01d88.hurl | 24 - ...rcion_url_wrong_type_boolean_2d482d43.hurl | 24 - ...rcion_url_wrong_type_integer_ea2aab8e.hurl | 24 - ...e_fuzzing_name_bidi_override_07e9eae2.hurl | 24 - ...de_fuzzing_name_control_char_5943393b.hurl | 24 - ...nicode_fuzzing_name_overlong_bee28f66.hurl | 24 - ...t_unicode_fuzzing_name_zalgo_a7f8f480.hurl | 24 - ...code_fuzzing_name_zero_width_2a6bf0cb.hurl | 24 - ...g_providertype_bidi_override_8724a676.hurl | 24 - ...ng_providertype_control_char_dc945e0e.hurl | 24 - ...uzzing_providertype_overlong_2cc3a01a.hurl | 24 - ...e_fuzzing_providertype_zalgo_07152569.hurl | 24 - ...zing_providertype_zero_width_e32282d7.hurl | 24 - ...fuzzing_teamid_bidi_override_0c229c2d.hurl | 24 - ..._fuzzing_teamid_control_char_f031554f.hurl | 24 - ...code_fuzzing_teamid_overlong_7de8af57.hurl | 24 - ...unicode_fuzzing_teamid_zalgo_bba333a6.hurl | 24 - ...de_fuzzing_teamid_zero_width_3128deb0.hurl | 24 - ...de_fuzzing_url_bidi_override_caf839d6.hurl | 24 - ...ode_fuzzing_url_control_char_c4479bd1.hurl | 24 - ...unicode_fuzzing_url_overlong_132333e4.hurl | 24 - ...st_unicode_fuzzing_url_zalgo_6343c227.hurl | 24 - ...icode_fuzzing_url_zero_width_d101973c.hurl | 24 - ...est_with_all_required_fields_42a4fab4.hurl | 36 - ...rong_content_type_text_plain_7a40055b.hurl | 24 - ...n_delete_api_admin_grants_id_8ef3fbbb.hurl | 48 - ...in_delete_api_admin_users_id_763b85b6.hurl | 48 - ...et_api_admin_teams_id_grants_83289d9f.hurl | 48 - ...t_api_admin_teams_id_members_969a9fae.hurl | 48 - ..._api_admin_teams_id_services_ce956549.hurl | 48 - ...st_api_admin_teams_id_grants_02ba968a.hurl | 60 - ...t_api_admin_teams_id_members_393f686a.hurl | 55 - ...dmin_services_serviceid_team_256209eb.hurl | 54 - ...chain_put_api_admin_users_id_88a6983e.hurl | 55 - .../api_catalog_get_auth_chain_bde6cda3.hurl | 44 - ...p_api2_broken_authentication_e1fa3406.hurl | 12 - ...est_with_all_required_fields_c9b53fc1.hurl | 16 - ..._cors_security_configuration_e3ff3623.hurl | 16 - ...ent_second_call_must_be_safe_84233d9e.hurl | 33 - ..._0000_0000_0000_000000000000_c4621de0.hurl | 16 - ..._0000_0000_0000_000000000001_e72a9984.hurl | 16 - ...ing_required_param_serviceid_3209e4f6.hurl | 12 - ...p_api2_broken_authentication_be467598.hurl | 12 - ..._level_authorization_missing_c88f572b.hurl | 13 - ...pi7_injection_path_traversal_c37e4439.hurl | 15 - ...te_owasp_api7_injection_sqli_d27beca6.hurl | 15 - ...ete_owasp_api7_injection_xss_bfdae539.hurl | 15 - ...est_with_all_required_fields_b2745533.hurl | 16 - ..._cors_security_configuration_dc211e18.hurl | 16 - cases/api_diff_get_auth_chain_6af54553.hurl | 44 - ..._missing_required_param_from_436315da.hurl | 12 - ...et_missing_required_param_to_592a212d.hurl | 12 - ...p_api2_broken_authentication_f6e6d81e.hurl | 12 - ...pi7_injection_path_traversal_d2e88748.hurl | 15 - ...et_owasp_api7_injection_sqli_2add12cf.hurl | 15 - ...get_owasp_api7_injection_xss_1fb05370.hurl | 15 - ...est_with_all_required_fields_f98b2b82.hurl | 18 - ..._cors_security_configuration_95a63795.hurl | 16 - cases/api_me_get_auth_chain_646f48bb.hurl | 44 - ...p_api2_broken_authentication_16f4aef5.hurl | 12 - ...est_with_all_required_fields_cb06322f.hurl | 19 - ..._cors_security_configuration_8d947b43.hurl | 16 - cases/api_search_get_auth_chain_e66b7d53.hurl | 44 - ...get_missing_required_param_q_128363b8.hurl | 12 - ...p_api2_broken_authentication_6e192176.hurl | 12 - ...pi7_injection_path_traversal_30f18b95.hurl | 15 - ...et_owasp_api7_injection_sqli_b0d05c32.hurl | 15 - ...get_owasp_api7_injection_xss_b1a5ce9b.hurl | 15 - ...est_with_all_required_fields_65fdbcb4.hurl | 16 - ..._cors_security_configuration_e799f553.hurl | 16 - ...issing_required_param_branch_dd4faa6a.hurl | 12 - ...ssing_required_param_service_14b52fbb.hurl | 12 - ...p_api2_broken_authentication_5b840153.hurl | 12 - ...pi7_injection_path_traversal_217a31ae.hurl | 15 - ...et_owasp_api7_injection_sqli_3e62652b.hurl | 15 - ...get_owasp_api7_injection_xss_69cf35a6.hurl | 15 - ...est_with_all_required_fields_e159fefe.hurl | 15 - ...api8_cors_security_configura_ecd6daec.hurl | 16 - ...issing_required_param_branch_e71dd727.hurl | 12 - ...ssing_required_param_service_95c1cee7.hurl | 12 - ...p_api2_broken_authentication_9b5eb037.hurl | 12 - ...pi7_injection_path_traversal_106c80c0.hurl | 15 - ...et_owasp_api7_injection_sqli_ffc707f5.hurl | 15 - ...get_owasp_api7_injection_xss_cf42e9f4.hurl | 15 - ...est_with_all_required_fields_f8bdece6.hurl | 16 - ..._cors_security_configuration_d622eda3.hurl | 16 - cases/api_tokens_get_auth_chain_9d529cfb.hurl | 44 - ...p_api2_broken_authentication_dcecca87.hurl | 12 - ...est_with_all_required_fields_abcd14ab.hurl | 16 - ...ent_second_call_must_be_safe_ea338ec1.hurl | 33 - ..._id_delete_idor_id_0_zero_id_d0e0481e.hurl | 16 - ..._delete_idor_id_99999_alt_id_502920f7.hurl | 16 - ...te_missing_required_param_id_c2abfd5e.hurl | 12 - ...pi1_bola_unauthorized_access_2d207a0d.hurl | 12 - ...p_api2_broken_authentication_599ddef6.hurl | 12 - ..._level_authorization_missing_fbedb9f1.hurl | 13 - ...pi7_injection_path_traversal_85b86fe3.hurl | 15 - ...te_owasp_api7_injection_sqli_e54ea4ce.hurl | 15 - ...ete_owasp_api7_injection_xss_ebab5e69.hurl | 15 - ...est_with_all_required_fields_138640de.hurl | 16 - ..._cors_security_configuration_ba604e45.hurl | 16 - ..._cors_security_configuration_b009aaa0.hurl | 16 - ...ndary_name_invalid_below_min_107263c8.hurl | 23 - ...ield_boundary_name_valid_min_041bf0da.hurl | 23 - ...ent_second_call_must_be_safe_85621889.hurl | 47 - ..._string_violates_minlength_1_b579ade9.hurl | 19 - ...alid_scope_value_not_in_enum_a9cdb025.hurl | 19 - ...s_assignment_financial_probe_b896a4fe.hurl | 23 - ...ss_assignment_identity_probe_b46880dc.hurl | 23 - ...s_assignment_privilege_probe_2411ba2b.hurl | 23 - ...mass_assignment_status_probe_248852e9.hurl | 23 - ..._missing_required_field_name_5566a91f.hurl | 18 - ..._missing_required_field_name_75703d6a.hurl | 18 - ...missing_required_field_scope_6284c90d.hurl | 18 - ...missing_required_field_scope_aa18d499.hurl | 18 - ...t_mutation_name_empty_string_188465c8.hurl | 23 - ...me_integer_instead_of_string_30aabbdc.hurl | 23 - ...ost_mutation_name_null_value_816809db.hurl | 23 - ...e_oversized_string_300_chars_8c9976d8.hurl | 23 - ..._mutation_scope_empty_string_c8cd2aed.hurl | 23 - ...pe_integer_instead_of_string_745ea604.hurl | 23 - ...st_mutation_scope_null_value_75bc6e95.hurl | 23 - ...e_oversized_string_300_chars_4d189659.hurl | 23 - ...ax_plus_one_invalid_boundary_7b3217ba.hurl | 19 - ...t_name_at_max_valid_boundary_a0247f03.hurl | 22 - ...n_minus_one_invalid_boundary_d08f5a90.hurl | 19 - ...t_name_at_min_valid_boundary_1c063dd5.hurl | 22 - ...ens_post_null_injection_name_97bd0c77.hurl | 19 - ...ns_post_null_injection_scope_0b4d216c.hurl | 19 - ...p_api2_broken_authentication_9e6576d2.hurl | 12 - ...t_owasp_api6_mass_assignment_d9979992.hurl | 27 - ...pi7_injection_path_traversal_26975d5c.hurl | 18 - ...st_owasp_api7_injection_sqli_1df31a27.hurl | 18 - ...ost_owasp_api7_injection_xss_8157a3a5.hurl | 18 - ...equired_omission_name_absent_b998dc1a.hurl | 22 - ...quired_omission_scope_absent_fcb3e065.hurl | 22 - ...lation_name_missing_required_c2cef5a1.hurl | 18 - ...ema_violation_name_too_short_bf65e63e.hurl | 19 - ...violation_scope_invalid_enum_a6a38420.hurl | 19 - ...ation_scope_missing_required_ad285328.hurl | 18 - ...cion_name_wrong_type_boolean_bd1e61be.hurl | 19 - ...cion_name_wrong_type_integer_9bc60d9a.hurl | 19 - ...ion_scope_wrong_type_boolean_28d94662.hurl | 19 - ...ion_scope_wrong_type_integer_9bf5d669.hurl | 19 - ...e_fuzzing_name_bidi_override_33a5a9d7.hurl | 19 - ...de_fuzzing_name_control_char_fc869137.hurl | 19 - ...nicode_fuzzing_name_overlong_4faf49f0.hurl | 19 - ...t_unicode_fuzzing_name_zalgo_431d2bbf.hurl | 19 - ...code_fuzzing_name_zero_width_6f9f1e83.hurl | 19 - ..._fuzzing_scope_bidi_override_8643ca22.hurl | 19 - ...e_fuzzing_scope_control_char_0d728fca.hurl | 19 - ...icode_fuzzing_scope_overlong_8adfe998.hurl | 19 - ..._unicode_fuzzing_scope_zalgo_734aea93.hurl | 19 - ...ode_fuzzing_scope_zero_width_6b8f84d1.hurl | 19 - ...est_with_all_required_fields_6a65bf78.hurl | 28 - ...rong_content_type_text_plain_b0b71990.hurl | 19 - ...n_delete_api_admin_grants_id_e1324ddf.hurl | 43 - ...in_delete_api_admin_users_id_60268ad8.hurl | 43 - ...et_api_admin_teams_id_grants_f107e18d.hurl | 43 - ...t_api_admin_teams_id_members_90e7f90e.hurl | 43 - ..._api_admin_teams_id_services_bda7e5b2.hurl | 43 - ...st_api_admin_teams_id_grants_ba99a719.hurl | 55 - ...t_api_admin_teams_id_members_714b8b84.hurl | 50 - ...dmin_services_serviceid_team_110b6d72.hurl | 49 - ...chain_put_api_admin_users_id_3028e37b.hurl | 50 - ..._cors_security_configuration_65631595.hurl | 16 - .../api_upload_post_auth_chain_c60cf805.hurl | 53 - ...ax_plus_one_invalid_boundary_62157365.hurl | 21 - ...branch_at_max_valid_boundary_97d88ce9.hurl | 24 - ...n_minus_one_invalid_boundary_fa914b29.hurl | 21 - ...branch_at_min_valid_boundary_4ca9c46c.hurl | 24 - ...ary_branch_invalid_below_min_e5764a68.hurl | 25 - ...ld_boundary_branch_valid_min_b8ed4386.hurl | 25 - ...ry_service_invalid_below_min_a957f4b8.hurl | 25 - ...d_boundary_service_valid_min_db5c5368.hurl | 25 - ...peccontent_invalid_below_min_ac1b6e26.hurl | 25 - ...undary_speccontent_valid_min_82713518.hurl | 25 - ...ent_second_call_must_be_safe_dd638159.hurl | 51 - ..._string_violates_minlength_1_5eb7446c.hurl | 21 - ..._string_violates_minlength_1_8389dd21.hurl | 21 - ..._string_violates_minlength_1_86ff6bd8.hurl | 21 - ...s_assignment_financial_probe_9794cdb0.hurl | 25 - ...ss_assignment_identity_probe_398f4294.hurl | 25 - ...s_assignment_privilege_probe_eb8249c9.hurl | 25 - ...mass_assignment_status_probe_0310fa1a.hurl | 25 - ...issing_required_field_branch_33947120.hurl | 20 - ...issing_required_field_branch_d756c10c.hurl | 20 - ...ssing_required_field_service_89850cfa.hurl | 20 - ...ssing_required_field_service_8f85caae.hurl | 20 - ...g_required_field_speccontent_1de0eefc.hurl | 20 - ...g_required_field_speccontent_fccdadb2.hurl | 20 - ...mutation_branch_empty_string_cac690c1.hurl | 25 - ...ch_integer_instead_of_string_416a96c1.hurl | 25 - ...t_mutation_branch_null_value_9f510ed7.hurl | 25 - ...h_oversized_string_300_chars_75d60dab.hurl | 25 - ...ation_commitsha_empty_string_f30e852c.hurl | 25 - ...ha_integer_instead_of_string_b1212f34.hurl | 25 - ...utation_commitsha_null_value_0c1c92bd.hurl | 25 - ...a_oversized_string_300_chars_fdaf954a.hurl | 25 - ...utation_service_empty_string_6f0a4261.hurl | 25 - ..._mutation_service_null_value_7805eead.hurl | 25 - ...d_post_null_injection_branch_5151a7d3.hurl | 21 - ...ost_null_injection_commitsha_e9eaa8fd.hurl | 21 - ..._post_null_injection_service_b8cf0920.hurl | 21 - ...t_null_injection_speccontent_fef2ed50.hurl | 21 - ...p_api2_broken_authentication_4c9fd28e.hurl | 12 - ...t_owasp_api6_mass_assignment_bcf8922c.hurl | 29 - ...pi7_injection_path_traversal_553f4f51.hurl | 18 - ...st_owasp_api7_injection_sqli_b528a6e6.hurl | 18 - ...ost_owasp_api7_injection_xss_81a2a747.hurl | 18 - ...uired_omission_branch_absent_893f33e4.hurl | 24 - ...ired_omission_service_absent_f4726c9d.hurl | 24 - ..._omission_speccontent_absent_196e600f.hurl | 24 - ...tion_branch_missing_required_381d4381.hurl | 20 - ...a_violation_branch_too_short_76d8b912.hurl | 21 - ...ion_service_missing_required_72938c30.hurl | 20 - ..._violation_service_too_short_40be94ec.hurl | 21 - ...speccontent_missing_required_555257e2.hurl | 20 - ...lation_speccontent_too_short_af512611.hurl | 21 - ...ax_plus_one_invalid_boundary_ad5debd5.hurl | 21 - ...ervice_at_max_valid_boundary_3cd9de74.hurl | 24 - ...n_minus_one_invalid_boundary_c9639729.hurl | 21 - ...ervice_at_min_valid_boundary_fa5f2879.hurl | 24 - ...ax_plus_one_invalid_boundary_dbbfdc22.hurl | 21 - ...ontent_at_max_valid_boundary_201ba23b.hurl | 24 - ...n_minus_one_invalid_boundary_b6f8003e.hurl | 21 - ...ontent_at_min_valid_boundary_edc8ded2.hurl | 24 - ...on_branch_wrong_type_boolean_e00401a8.hurl | 21 - ...on_branch_wrong_type_integer_6a08feec.hurl | 21 - ...commitsha_wrong_type_boolean_16cf9e5b.hurl | 21 - ...commitsha_wrong_type_integer_b806224f.hurl | 21 - ...n_service_wrong_type_boolean_240bdc53.hurl | 21 - ...n_service_wrong_type_integer_07462c7f.hurl | 21 - ...eccontent_wrong_type_boolean_4a28e8ae.hurl | 21 - ...eccontent_wrong_type_integer_bbde20a6.hurl | 21 - ...fuzzing_branch_bidi_override_09b46ba6.hurl | 21 - ..._fuzzing_branch_control_char_eb8a46bc.hurl | 21 - ...code_fuzzing_branch_overlong_8ecf3f52.hurl | 21 - ...unicode_fuzzing_branch_zalgo_3c16d4b3.hurl | 21 - ...de_fuzzing_branch_zero_width_d4d96d5e.hurl | 21 - ...zing_commitsha_bidi_override_471fcaef.hurl | 21 - ...zzing_commitsha_control_char_1e3b28af.hurl | 21 - ...e_fuzzing_commitsha_overlong_d3d69da1.hurl | 21 - ...code_fuzzing_commitsha_zalgo_f298d13c.hurl | 21 - ...fuzzing_commitsha_zero_width_e4c96b76.hurl | 21 - ...uzzing_service_bidi_override_71d03103.hurl | 21 - ...fuzzing_service_control_char_76fd376c.hurl | 21 - ...ode_fuzzing_service_overlong_4e0cc0d2.hurl | 21 - ...nicode_fuzzing_service_zalgo_7d8cc30e.hurl | 21 - ...e_fuzzing_service_zero_width_f8f99bf7.hurl | 21 - ...ng_speccontent_bidi_override_131ad5f4.hurl | 21 - ...ing_speccontent_control_char_7ff8ca85.hurl | 21 - ...fuzzing_speccontent_overlong_40f1423f.hurl | 21 - ...de_fuzzing_speccontent_zalgo_6b2db722.hurl | 21 - ...zzing_speccontent_zero_width_7ac120c3.hurl | 21 - ...est_with_all_required_fields_e3da0de9.hurl | 30 - ...rong_content_type_text_plain_863dd501.hurl | 21 - ..._service_branch_openapi_json_8c25506c.hurl | 45 - ...dmin_services_serviceid_team_f88dc931.hurl | 51 - ..._cors_security_configuration_09111fdc.hurl | 16 - ...ent_second_call_must_be_safe_dc706f80.hurl | 47 - ...d_email_invalid_email_format_2286db52.hurl | 19 - ...s_assignment_financial_probe_5bcafac5.hurl | 23 - ...ss_assignment_identity_probe_4c0c3203.hurl | 23 - ...s_assignment_privilege_probe_f4f54666.hurl | 23 - ...mass_assignment_status_probe_f197447f.hurl | 23 - ...missing_required_field_email_4cc99b0c.hurl | 18 - ...missing_required_field_email_9b253ab6.hurl | 18 - ...sing_required_field_password_70187e79.hurl | 18 - ...sing_required_field_password_a6bbbeb7.hurl | 18 - ..._mutation_email_empty_string_81062c2f.hurl | 23 - ...il_integer_instead_of_string_d7ccf79e.hurl | 23 - ...n_email_invalid_email_format_6926df81.hurl | 23 - ...st_mutation_email_null_value_b5693707.hurl | 23 - ...l_oversized_string_300_chars_7f53df98.hurl | 23 - ...tation_password_empty_string_a0ca01b6.hurl | 23 - ...rd_integer_instead_of_string_f16c5d8d.hurl | 23 - ...mutation_password_null_value_b531d0ea.hurl | 23 - ...d_oversized_string_300_chars_acbb9354.hurl | 23 - ...in_post_null_injection_email_a1de0446.hurl | 19 - ...post_null_injection_password_191c3a5b.hurl | 19 - ...t_owasp_api6_mass_assignment_09c747ae.hurl | 27 - ...pi7_injection_path_traversal_c3fc26dc.hurl | 18 - ...st_owasp_api7_injection_sqli_504b6c9e.hurl | 18 - ...ost_owasp_api7_injection_xss_d41b3855.hurl | 18 - ...quired_omission_email_absent_3eaacfef.hurl | 22 - ...red_omission_password_absent_0a64a19d.hurl | 22 - ...n_email_invalid_format_email_891b32a4.hurl | 19 - ...ation_email_missing_required_46bb3d69.hurl | 18 - ...on_password_missing_required_5bddd51c.hurl | 18 - ...ion_email_wrong_type_boolean_91a4d98b.hurl | 19 - ...ion_email_wrong_type_integer_2e0174b6.hurl | 19 - ..._password_wrong_type_boolean_5c25d6d2.hurl | 19 - ..._password_wrong_type_integer_28167496.hurl | 19 - ..._fuzzing_email_bidi_override_08bd8265.hurl | 19 - ...e_fuzzing_email_control_char_ce646cde.hurl | 19 - ...icode_fuzzing_email_overlong_1951562a.hurl | 19 - ..._unicode_fuzzing_email_zalgo_1091cce6.hurl | 19 - ...ode_fuzzing_email_zero_width_e4c515d2.hurl | 19 - ...zzing_password_bidi_override_dc3d45d4.hurl | 19 - ...uzzing_password_control_char_3fbdbf7e.hurl | 19 - ...de_fuzzing_password_overlong_b2225a4c.hurl | 19 - ...icode_fuzzing_password_zalgo_7329e86c.hurl | 19 - ..._fuzzing_password_zero_width_4e879dad.hurl | 19 - ...est_with_all_required_fields_486e8c2a.hurl | 25 - ...rong_content_type_text_plain_ea0be7b9.hurl | 19 - ...n_delete_api_admin_grants_id_2db91768.hurl | 43 - ...in_delete_api_admin_users_id_8192e6ba.hurl | 43 - ...et_api_admin_teams_id_grants_4f853ed4.hurl | 43 - ...t_api_admin_teams_id_members_315cb6bf.hurl | 43 - ..._api_admin_teams_id_services_ccf62dd8.hurl | 43 - ...st_api_admin_teams_id_grants_ba58927e.hurl | 55 - ...t_api_admin_teams_id_members_b9578186.hurl | 50 - ...chain_put_api_admin_users_id_4e754ff4.hurl | 50 - ..._cors_security_configuration_86522697.hurl | 16 - ...ent_second_call_must_be_safe_cf0be90a.hurl | 33 - ...est_with_all_required_fields_a517ccf9.hurl | 16 - ..._cors_security_configuration_2f9039a1.hurl | 16 - ...uth_register_post_auth_chain_46922b8d.hurl | 51 - ...y_password_invalid_below_min_29d13f96.hurl | 23 - ..._boundary_password_valid_min_31e0ac94.hurl | 23 - ...ent_second_call_must_be_safe_d4349959.hurl | 47 - ...d_email_invalid_email_format_8449b518.hurl | 19 - ..._string_violates_minlength_8_cf64a6d3.hurl | 19 - ...s_assignment_financial_probe_9b577a9f.hurl | 23 - ...ss_assignment_identity_probe_be5d4ca2.hurl | 23 - ...s_assignment_privilege_probe_065d2087.hurl | 23 - ...mass_assignment_status_probe_cabe7291.hurl | 23 - ...missing_required_field_email_445d8b1f.hurl | 18 - ...missing_required_field_email_cae39bb3.hurl | 18 - ...sing_required_field_password_31707ae5.hurl | 18 - ...sing_required_field_password_72f7ecb7.hurl | 18 - ..._mutation_email_empty_string_b9e7832e.hurl | 23 - ...il_integer_instead_of_string_00b95383.hurl | 23 - ...n_email_invalid_email_format_7c859b9c.hurl | 23 - ...st_mutation_email_null_value_6da4f717.hurl | 23 - ...l_oversized_string_300_chars_3dfbbb02.hurl | 23 - ...tation_password_empty_string_f66d6ba8.hurl | 23 - ...rd_integer_instead_of_string_85af6488.hurl | 23 - ...mutation_password_null_value_8df134ff.hurl | 23 - ...d_oversized_string_300_chars_ffcd46cb.hurl | 23 - ...er_post_null_injection_email_031620b5.hurl | 19 - ...post_null_injection_password_dc0c76f3.hurl | 19 - ...p_api2_broken_authentication_e8a47f18.hurl | 12 - ...t_owasp_api6_mass_assignment_900b6a9f.hurl | 27 - ...pi7_injection_path_traversal_2f3c6761.hurl | 18 - ...st_owasp_api7_injection_sqli_ff6e6a6b.hurl | 18 - ...ost_owasp_api7_injection_xss_368fd7b5.hurl | 18 - ...ax_plus_one_invalid_boundary_0de23fb9.hurl | 19 - ...ssword_at_max_valid_boundary_b381fdb9.hurl | 22 - ...n_minus_one_invalid_boundary_15e47d10.hurl | 19 - ...ssword_at_min_valid_boundary_0f0b429e.hurl | 22 - ...quired_omission_email_absent_b724df31.hurl | 22 - ...red_omission_password_absent_3d6d9a7d.hurl | 22 - ...n_email_invalid_format_email_75e2908b.hurl | 19 - ...ation_email_missing_required_95b20a12.hurl | 18 - ...on_password_missing_required_88fb391a.hurl | 18 - ...violation_password_too_short_225366e2.hurl | 19 - ...ion_email_wrong_type_boolean_cff3b5ee.hurl | 19 - ...ion_email_wrong_type_integer_c40fa64f.hurl | 19 - ..._password_wrong_type_boolean_4af1b36a.hurl | 19 - ..._password_wrong_type_integer_4a32c12b.hurl | 19 - ..._fuzzing_email_bidi_override_cd50c303.hurl | 19 - ...e_fuzzing_email_control_char_619e4131.hurl | 19 - ...icode_fuzzing_email_overlong_aea85ac5.hurl | 19 - ..._unicode_fuzzing_email_zalgo_67eec10b.hurl | 19 - ...ode_fuzzing_email_zero_width_c30816fe.hurl | 19 - ...zzing_password_bidi_override_28ca4955.hurl | 19 - ...uzzing_password_control_char_cd54b4b0.hurl | 19 - ...de_fuzzing_password_overlong_3ac12861.hurl | 19 - ...icode_fuzzing_password_zalgo_ab0475dc.hurl | 19 - ..._fuzzing_password_zero_width_e4e8966c.hurl | 19 - ...est_with_all_required_fields_787a33be.hurl | 23 - ...rong_content_type_text_plain_9cf203de.hurl | 19 - ...n_delete_api_admin_grants_id_465a3cf5.hurl | 43 - ...in_delete_api_admin_users_id_b3bffa74.hurl | 43 - ...et_api_admin_teams_id_grants_a05de11b.hurl | 43 - ...t_api_admin_teams_id_members_b5dca30c.hurl | 43 - ..._api_admin_teams_id_services_344df791.hurl | 43 - ...st_api_admin_teams_id_grants_10533daf.hurl | 55 - ...t_api_admin_teams_id_members_98e576b1.hurl | 50 - ...chain_put_api_admin_users_id_0c6076ab.hurl | 50 - cases/index.json | 43397 ---------------- cmd/cases/index.json | 270 - ...ost_create_and_retrieve_user_8a91cfff.hurl | 32 - ...s_post_create_duplicate_user_62e19623.hurl | 40 - ...ate_user_with_existing_email_7c11147b.hurl | 40 - ..._create_user_and_retrieve_it_f9ba7a73.hurl | 33 - ...user_missing_required_fields_053ab84f.hurl | 17 - ...user_missing_required_fields_8b269035.hurl | 17 - ...user_missing_required_fields_d374ddbf.hurl | 18 - ...user_missing_required_fields_e321037a.hurl | 18 - ..._missing_required_name_field_20f71db2.hurl | 18 - ...successfully_with_valid_data_6bdcfc62.hurl | 19 - ...successfully_with_valid_data_d6d2f9b6.hurl | 19 - ...successfully_with_valid_data_ed41be39.hurl | 19 - ...ser_with_all_required_fields_ca607f38.hurl | 19 - ...te_user_with_duplicate_email_0be9ec08.hurl | 40 - ...te_user_with_duplicate_email_14bec37e.hurl | 40 - ...te_user_with_duplicate_email_16b5e1af.hurl | 19 - ...te_user_with_duplicate_email_2143a276.hurl | 40 - ...te_user_with_duplicate_email_4540500f.hurl | 40 - ...te_user_with_duplicate_email_847c5ec7.hurl | 40 - ...te_user_with_duplicate_email_855ae92d.hurl | 40 - ...te_user_with_duplicate_email_d50aa5de.hurl | 40 - ...te_user_with_duplicate_email_ec600d0b.hurl | 40 - ..._create_user_with_empty_body_563fc76d.hurl | 15 - ...user_with_empty_request_body_1f9b1832.hurl | 15 - ...user_with_empty_request_body_403e1b49.hurl | 15 - ...user_with_empty_request_body_5b591edb.hurl | 15 - ...user_with_empty_request_body_5d3eb006.hurl | 15 - ...user_with_empty_request_body_6d5b6c22.hurl | 15 - ...user_with_empty_request_body_ae7a9790.hurl | 15 - ...user_with_empty_request_body_b9201ec1.hurl | 15 - ...user_with_empty_request_body_d4ebbcfb.hurl | 15 - ...user_with_empty_request_body_dca30578.hurl | 15 - ...er_with_invalid_email_format_12d150e0.hurl | 19 - ...er_with_invalid_email_format_1b915f1c.hurl | 19 - ...er_with_invalid_email_format_3c84dd5d.hurl | 19 - ...er_with_invalid_email_format_4987e0c9.hurl | 19 - ...er_with_invalid_email_format_802bab4d.hurl | 19 - ...er_with_invalid_email_format_a76df09a.hurl | 19 - ...er_with_invalid_email_format_c4f2a558.hurl | 19 - ...er_with_invalid_email_format_c93fd0f2.hurl | 19 - ...er_with_invalid_email_format_e753478f.hurl | 19 - ...er_with_invalid_email_format_ebabbba7.hurl | 19 - ...er_with_invalid_email_format_ee2ea20f.hurl | 19 - ...ate_user_with_minimal_fields_4626dbf0.hurl | 17 - ...with_minimal_required_fields_272780ec.hurl | 18 - ...with_minimal_required_fields_6cad6219.hurl | 18 - ...with_minimal_required_fields_9bb38a6e.hurl | 18 - ...with_missing_required_fields_088af62f.hurl | 17 - ...with_missing_required_fields_3e271201.hurl | 18 - ...with_missing_required_fields_a1a407ac.hurl | 18 - ...with_missing_required_fields_cca11513.hurl | 15 - ...with_missing_required_fields_d11763fa.hurl | 18 - ...with_missing_required_fields_f2b440ff.hurl | 17 - ...user_with_password_too_short_6585f31e.hurl | 19 - ..._create_user_with_valid_data_0add7ad1.hurl | 19 - ..._create_user_with_valid_data_0b80c623.hurl | 19 - ..._create_user_with_valid_data_168ded86.hurl | 19 - ..._create_user_with_valid_data_1bc07161.hurl | 19 - ..._create_user_with_valid_data_23ae4070.hurl | 19 - ..._create_user_with_valid_data_2a7542be.hurl | 19 - ..._create_user_with_valid_data_405b1cc7.hurl | 19 - ..._create_user_with_valid_data_42336db4.hurl | 19 - ..._create_user_with_valid_data_66eaac33.hurl | 19 - ..._create_user_with_valid_data_7bd9e5f4.hurl | 19 - ..._create_user_with_valid_data_8d1e56af.hurl | 19 - ..._create_user_with_valid_data_d820dbc4.hurl | 19 - ..._create_user_with_valid_data_ef5c32e1.hurl | 19 - ..._create_user_with_valid_data_f4fc91e0.hurl | 19 - ...eate_user_with_weak_password_066b5eb6.hurl | 19 - ...eate_user_with_weak_password_4414257a.hurl | 19 - ...eate_user_with_weak_password_61182975.hurl | 19 - ...eate_user_with_weak_password_927b5196.hurl | 19 - ...eate_user_with_weak_password_ad27efeb.hurl | 19 - ...eate_user_with_weak_password_e00f7c68.hurl | 19 - ...eate_user_with_weak_password_e83267a6.hurl | 19 - ...eate_user_with_weak_password_f80ddbdb.hurl | 19 - ...without_authentication_token_dd3e5af5.hurl | 19 - ...ail_to_create_duplicate_user_027c26b3.hurl | 38 - ...ail_to_create_duplicate_user_9b4f9a72.hurl | 40 - ...ate_user_with_existing_email_6c2e4ea0.hurl | 40 - ...ate_user_with_existing_email_78c9e99f.hurl | 39 - ...ate_user_with_existing_email_b9e88eb8.hurl | 40 - ...te_user_with_duplicate_email_004d19bc.hurl | 40 - ...te_user_with_duplicate_email_865cada7.hurl | 40 - ...user_with_empty_request_body_84405873.hurl | 15 - ...user_with_empty_request_body_9787221a.hurl | 15 - ...user_with_empty_request_body_9fa1c233.hurl | 15 - ...user_with_empty_request_body_cea3990a.hurl | 15 - ...er_with_invalid_email_format_1ba1acf6.hurl | 19 - ...er_with_invalid_email_format_2bd6ea23.hurl | 19 - ...er_with_invalid_email_format_354a4ea6.hurl | 19 - ...er_with_invalid_email_format_5204b57a.hurl | 18 - ...er_with_invalid_email_format_71d8d257.hurl | 19 - ...er_with_invalid_email_format_984e56e9.hurl | 19 - ...er_with_invalid_email_format_a2bd888d.hurl | 19 - ...eate_user_with_missing_email_9984528c.hurl | 18 - ...eate_user_with_missing_email_e1e9b7f8.hurl | 18 - ...with_missing_required_fields_00b8cf47.hurl | 18 - ...with_missing_required_fields_8a424b35.hurl | 18 - ...with_missing_required_fields_8eba8f6c.hurl | 18 - ...with_missing_required_fields_9be782de.hurl | 18 - ...with_missing_required_fields_c122d03b.hurl | 15 - ...eate_user_with_weak_password_3cf31478.hurl | 19 - ...eate_user_with_weak_password_5278686c.hurl | 19 - ...eate_user_with_weak_password_91adc9f5.hurl | 19 - ...eate_user_with_weak_password_a8b3ff8c.hurl | 19 - ...eate_user_with_weak_password_ac0b807a.hurl | 19 - ..._user_without_authentication_127085f6.hurl | 19 - cmd/reports/dea-report.json | 7 - 1080 files changed, 3 insertions(+), 67435 deletions(-) delete mode 100644 cases/api_admin_audit_logs_get_auth_chain_4b81d9bb.hurl delete mode 100644 cases/api_admin_audit_logs_get_classification_tree_row_10_action_user_disabled_e73ed081.hurl delete mode 100644 cases/api_admin_audit_logs_get_classification_tree_row_11_action_team_created_a820fea5.hurl delete mode 100644 cases/api_admin_audit_logs_get_classification_tree_row_1_action_login_80f9a912.hurl delete mode 100644 cases/api_admin_audit_logs_get_classification_tree_row_2_action_spec_uploaded_ee7cf268.hurl delete mode 100644 cases/api_admin_audit_logs_get_classification_tree_row_3_action_spec_updated_df4697d4.hurl delete mode 100644 cases/api_admin_audit_logs_get_classification_tree_row_4_action_service_deleted_ba4c28cb.hurl delete mode 100644 cases/api_admin_audit_logs_get_classification_tree_row_5_action_grant_created_2874616a.hurl delete mode 100644 cases/api_admin_audit_logs_get_classification_tree_row_6_action_grant_revoked_4511e41f.hurl delete mode 100644 cases/api_admin_audit_logs_get_classification_tree_row_7_action_token_created_e290ff04.hurl delete mode 100644 cases/api_admin_audit_logs_get_classification_tree_row_8_action_token_revoked_5a6e9137.hurl delete mode 100644 cases/api_admin_audit_logs_get_classification_tree_row_9_action_user_created_e92e324e.hurl delete mode 100644 cases/api_admin_audit_logs_get_owasp_api2_broken_authentication_eb7a16db.hurl delete mode 100644 cases/api_admin_audit_logs_get_owasp_api5_function_level_authorization_missing_b02abc71.hurl delete mode 100644 cases/api_admin_audit_logs_get_owasp_api7_injection_path_traversal_a1c2c8cc.hurl delete mode 100644 cases/api_admin_audit_logs_get_owasp_api7_injection_sqli_605a4d60.hurl delete mode 100644 cases/api_admin_audit_logs_get_owasp_api7_injection_xss_0d70db14.hurl delete mode 100644 cases/api_admin_audit_logs_get_valid_request_with_all_required_fields_04940e9f.hurl delete mode 100644 cases/api_admin_audit_logs_options_owasp_api8_cors_security_configuration_744c12cf.hurl delete mode 100644 cases/api_admin_grants_id_delete_idempotent_second_call_must_be_safe_1f6fc417.hurl delete mode 100644 cases/api_admin_grants_id_delete_idor_id_0_zero_id_c0c54349.hurl delete mode 100644 cases/api_admin_grants_id_delete_idor_id_99999_alt_id_b20f3be6.hurl delete mode 100644 cases/api_admin_grants_id_delete_missing_required_param_id_57e2f5d8.hurl delete mode 100644 cases/api_admin_grants_id_delete_owasp_api1_bola_unauthorized_access_d8d75c69.hurl delete mode 100644 cases/api_admin_grants_id_delete_owasp_api2_broken_authentication_2b26b1b2.hurl delete mode 100644 cases/api_admin_grants_id_delete_owasp_api5_function_level_authorization_missing_640109d2.hurl delete mode 100644 cases/api_admin_grants_id_delete_owasp_api7_injection_path_traversal_5cfaf557.hurl delete mode 100644 cases/api_admin_grants_id_delete_owasp_api7_injection_sqli_3883f876.hurl delete mode 100644 cases/api_admin_grants_id_delete_owasp_api7_injection_xss_7e26f4e3.hurl delete mode 100644 cases/api_admin_grants_id_delete_valid_request_with_all_required_fields_03c20c58.hurl delete mode 100644 cases/api_admin_grants_id_options_owasp_api8_cors_security_configuration_ff243297.hurl delete mode 100644 cases/api_admin_services_serviceid_team_options_owasp_api8_cors_security_configuration_4b672517.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_idempotent_second_call_must_be_safe_dc1513dd.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_mass_assignment_financial_probe_297a0e33.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_mass_assignment_identity_probe_c9fe2f6f.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_mass_assignment_privilege_probe_c8fb1c8e.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_mass_assignment_status_probe_6072976c.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_missing_required_field_teamid_8397ba83.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_missing_required_field_teamid_bc585ae5.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_missing_required_param_serviceid_3dc3ff8a.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_mutation_teamid_empty_string_717311a7.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_mutation_teamid_integer_instead_of_string_cea11786.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_mutation_teamid_null_value_3c6b4929.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_mutation_teamid_oversized_string_300_chars_452218de.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_owasp_api1_bola_unauthorized_access_b7125bf5.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_owasp_api2_broken_authentication_6bc9b636.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_owasp_api3_bopla_property_level_access_26712b87.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_owasp_api5_function_level_authorization_mi_544e90d2.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_owasp_api6_mass_assignment_29a92605.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_owasp_api7_injection_path_traversal_b621722f.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_owasp_api7_injection_sqli_53f0e55f.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_owasp_api7_injection_xss_3ad867af.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_required_omission_teamid_absent_d24b98db.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_schema_violation_teamid_missing_required_c8b11e1e.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_semantic_annotation_nullable_field_teamid_f06bfa27.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_type_coercion_teamid_wrong_type_boolean_5b55ebea.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_type_coercion_teamid_wrong_type_integer_87eccc15.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_bidi_override_e30f1b9e.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_control_char_00caba6f.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_overlong_5dc313b9.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_zalgo_c1fa3472.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_zero_width_1c0a1d4a.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_valid_request_with_all_required_fields_c8662867.hurl delete mode 100644 cases/api_admin_services_serviceid_team_put_wrong_content_type_text_plain_16d39238.hurl delete mode 100644 cases/api_admin_teams_get_auth_chain_3977085e.hurl delete mode 100644 cases/api_admin_teams_get_owasp_api2_broken_authentication_1e347647.hurl delete mode 100644 cases/api_admin_teams_get_owasp_api5_function_level_authorization_missing_a9276ccc.hurl delete mode 100644 cases/api_admin_teams_get_valid_request_with_all_required_fields_978ae5a8.hurl delete mode 100644 cases/api_admin_teams_id_delete_idempotent_second_call_must_be_safe_2d2c1dda.hurl delete mode 100644 cases/api_admin_teams_id_delete_idor_id_0_zero_id_04e9a0f9.hurl delete mode 100644 cases/api_admin_teams_id_delete_idor_id_99999_alt_id_0d533645.hurl delete mode 100644 cases/api_admin_teams_id_delete_missing_required_param_id_d700a9bc.hurl delete mode 100644 cases/api_admin_teams_id_delete_owasp_api1_bola_unauthorized_access_a23b7745.hurl delete mode 100644 cases/api_admin_teams_id_delete_owasp_api2_broken_authentication_f7305717.hurl delete mode 100644 cases/api_admin_teams_id_delete_owasp_api5_function_level_authorization_missing_1f9d5ef0.hurl delete mode 100644 cases/api_admin_teams_id_delete_owasp_api7_injection_path_traversal_726d486c.hurl delete mode 100644 cases/api_admin_teams_id_delete_owasp_api7_injection_sqli_e0aa0be4.hurl delete mode 100644 cases/api_admin_teams_id_delete_owasp_api7_injection_xss_cdcba009.hurl delete mode 100644 cases/api_admin_teams_id_delete_valid_request_with_all_required_fields_2f56068b.hurl delete mode 100644 cases/api_admin_teams_id_grants_get_idor_id_0_zero_id_625bb61d.hurl delete mode 100644 cases/api_admin_teams_id_grants_get_idor_id_99999_alt_id_1e7138b3.hurl delete mode 100644 cases/api_admin_teams_id_grants_get_missing_required_param_id_aa4a85d2.hurl delete mode 100644 cases/api_admin_teams_id_grants_get_owasp_api1_bola_unauthorized_access_9c3bba1f.hurl delete mode 100644 cases/api_admin_teams_id_grants_get_owasp_api2_broken_authentication_2dae98a0.hurl delete mode 100644 cases/api_admin_teams_id_grants_get_owasp_api5_function_level_authorization_missing_8f5433a6.hurl delete mode 100644 cases/api_admin_teams_id_grants_get_owasp_api7_injection_path_traversal_b5400171.hurl delete mode 100644 cases/api_admin_teams_id_grants_get_owasp_api7_injection_sqli_a7917f13.hurl delete mode 100644 cases/api_admin_teams_id_grants_get_owasp_api7_injection_xss_269d7a97.hurl delete mode 100644 cases/api_admin_teams_id_grants_get_valid_request_with_all_required_fields_d5427a01.hurl delete mode 100644 cases/api_admin_teams_id_grants_options_owasp_api8_cors_security_configuration_8b59e761.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_idempotent_second_call_must_be_safe_810053e8.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_idor_id_0_zero_id_82f1376b.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_idor_id_99999_alt_id_14f8c7cc.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_mass_assignment_financial_probe_8b55910b.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_mass_assignment_identity_probe_74060ffe.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_mass_assignment_privilege_probe_eaaad8f0.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_mass_assignment_status_probe_54b93b94.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_missing_required_field_serviceid_33636c2c.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_missing_required_field_serviceid_62d899fa.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_missing_required_param_id_aee10eee.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_mutation_branches_null_value_3f1f0acd.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_mutation_branches_object_instead_of_array_c0bd2a08.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_mutation_branches_string_instead_of_array_963f2d23.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_mutation_expiresat_empty_string_2894700e.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_mutation_expiresat_integer_instead_of_string_c03df9f9.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_mutation_expiresat_invalid_date_format_6260c870.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_mutation_expiresat_null_value_759658e7.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_mutation_expiresat_oversized_string_300_chars_0ee96c4d.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_mutation_granteeteamid_empty_string_7d06efc6.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_mutation_granteeteamid_null_value_0064709a.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_null_injection_branches_e32391c6.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_null_injection_expiresat_df39db3e.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_null_injection_granteeteamid_63fd31b7.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_null_injection_granteeuserid_593b0773.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_null_injection_serviceid_2571eb1b.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_owasp_api1_bola_unauthorized_access_750fd5ab.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_owasp_api2_broken_authentication_a5db835c.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_owasp_api5_function_level_authorization_missing_4c520692.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_owasp_api6_mass_assignment_e74b3c2c.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_owasp_api7_injection_path_traversal_aa0b7128.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_owasp_api7_injection_sqli_ea6fd919.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_owasp_api7_injection_xss_c288f174.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_required_omission_serviceid_absent_eb992221.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_schema_violation_expiresat_invalid_format_date_ti_9509a04a.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_schema_violation_serviceid_missing_required_4b79a206.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_type_coercion_branches_wrong_type_string_291b984a.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_type_coercion_expiresat_wrong_type_boolean_d73bcfa6.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_type_coercion_expiresat_wrong_type_integer_4440c404.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_type_coercion_granteeteamid_wrong_type_boolean_8920e31f.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_type_coercion_granteeteamid_wrong_type_integer_50132b05.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_type_coercion_granteeuserid_wrong_type_boolean_1566fad3.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_type_coercion_granteeuserid_wrong_type_integer_3f9db72b.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_type_coercion_serviceid_wrong_type_boolean_f4852904.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_type_coercion_serviceid_wrong_type_integer_e98b7c31.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_bidi_override_691f2024.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_control_char_ed7d403f.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_overlong_e80f6e77.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_zalgo_e8fa18b3.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_zero_width_c67b22d4.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_bidi_override_d197e84d.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_control_char_d5595214.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_overlong_4df41e59.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_zalgo_603eeaa8.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_zero_width_28a0c8b4.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_bidi_override_57831769.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_control_char_bb1058c5.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_overlong_81f35d0c.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_zalgo_7682a2d7.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_zero_width_7f787ffd.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_bidi_override_894450de.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_control_char_aea6968a.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_overlong_ae4ea893.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_zalgo_3b372657.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_zero_width_c9798ccb.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_valid_request_with_all_required_fields_62bccfec.hurl delete mode 100644 cases/api_admin_teams_id_grants_post_wrong_content_type_text_plain_a9ed456f.hurl delete mode 100644 cases/api_admin_teams_id_grants_sequence_chain_delete_api_admin_grants_id_fae601d3.hurl delete mode 100644 cases/api_admin_teams_id_grants_sequence_chain_delete_api_admin_users_id_1e93f696.hurl delete mode 100644 cases/api_admin_teams_id_grants_sequence_chain_get_api_admin_teams_id_members_7710bdae.hurl delete mode 100644 cases/api_admin_teams_id_grants_sequence_chain_get_api_admin_teams_id_services_fd7cb142.hurl delete mode 100644 cases/api_admin_teams_id_grants_sequence_chain_post_api_admin_teams_id_members_136f3cd3.hurl delete mode 100644 cases/api_admin_teams_id_grants_sequence_chain_put_api_admin_services_serviceid_team_cafaccf6.hurl delete mode 100644 cases/api_admin_teams_id_grants_sequence_chain_put_api_admin_users_id_636e3912.hurl delete mode 100644 cases/api_admin_teams_id_members_get_idor_id_0_zero_id_8d769a8b.hurl delete mode 100644 cases/api_admin_teams_id_members_get_idor_id_99999_alt_id_4af55f13.hurl delete mode 100644 cases/api_admin_teams_id_members_get_missing_required_param_id_724cd05d.hurl delete mode 100644 cases/api_admin_teams_id_members_get_owasp_api1_bola_unauthorized_access_be93ffb9.hurl delete mode 100644 cases/api_admin_teams_id_members_get_owasp_api2_broken_authentication_942888a7.hurl delete mode 100644 cases/api_admin_teams_id_members_get_owasp_api7_injection_path_traversal_c5fcb2bd.hurl delete mode 100644 cases/api_admin_teams_id_members_get_owasp_api7_injection_sqli_05eacd8d.hurl delete mode 100644 cases/api_admin_teams_id_members_get_owasp_api7_injection_xss_9935c2df.hurl delete mode 100644 cases/api_admin_teams_id_members_get_valid_request_with_all_required_fields_f1d4a7ff.hurl delete mode 100644 cases/api_admin_teams_id_members_options_owasp_api8_cors_security_configuration_02ec7afc.hurl delete mode 100644 cases/api_admin_teams_id_members_post_idempotent_second_call_must_be_safe_fce8d8db.hurl delete mode 100644 cases/api_admin_teams_id_members_post_idor_id_0_zero_id_07948765.hurl delete mode 100644 cases/api_admin_teams_id_members_post_idor_id_99999_alt_id_d1a0e9c6.hurl delete mode 100644 cases/api_admin_teams_id_members_post_invalid_role_value_not_in_enum_54b6ea73.hurl delete mode 100644 cases/api_admin_teams_id_members_post_mass_assignment_financial_probe_31f44a55.hurl delete mode 100644 cases/api_admin_teams_id_members_post_mass_assignment_identity_probe_09f9b8eb.hurl delete mode 100644 cases/api_admin_teams_id_members_post_mass_assignment_privilege_probe_850dd902.hurl delete mode 100644 cases/api_admin_teams_id_members_post_mass_assignment_status_probe_edb444ec.hurl delete mode 100644 cases/api_admin_teams_id_members_post_missing_required_field_userid_4eda623b.hurl delete mode 100644 cases/api_admin_teams_id_members_post_missing_required_field_userid_aea81fb1.hurl delete mode 100644 cases/api_admin_teams_id_members_post_missing_required_param_id_e44fc900.hurl delete mode 100644 cases/api_admin_teams_id_members_post_mutation_role_empty_string_0cb69d90.hurl delete mode 100644 cases/api_admin_teams_id_members_post_mutation_role_integer_instead_of_string_dc8849f5.hurl delete mode 100644 cases/api_admin_teams_id_members_post_mutation_role_null_value_aff2608e.hurl delete mode 100644 cases/api_admin_teams_id_members_post_mutation_role_oversized_string_300_chars_977e71fa.hurl delete mode 100644 cases/api_admin_teams_id_members_post_mutation_userid_empty_string_b3beebbb.hurl delete mode 100644 cases/api_admin_teams_id_members_post_mutation_userid_integer_instead_of_string_d8212bc8.hurl delete mode 100644 cases/api_admin_teams_id_members_post_mutation_userid_null_value_8e4fd867.hurl delete mode 100644 cases/api_admin_teams_id_members_post_mutation_userid_oversized_string_300_chars_5739a85b.hurl delete mode 100644 cases/api_admin_teams_id_members_post_null_injection_role_a2c2e196.hurl delete mode 100644 cases/api_admin_teams_id_members_post_null_injection_userid_1b45482b.hurl delete mode 100644 cases/api_admin_teams_id_members_post_owasp_api1_bola_unauthorized_access_bc997516.hurl delete mode 100644 cases/api_admin_teams_id_members_post_owasp_api2_broken_authentication_d1200108.hurl delete mode 100644 cases/api_admin_teams_id_members_post_owasp_api6_mass_assignment_5a01a3ba.hurl delete mode 100644 cases/api_admin_teams_id_members_post_owasp_api7_injection_path_traversal_60a70815.hurl delete mode 100644 cases/api_admin_teams_id_members_post_owasp_api7_injection_sqli_5a3931f1.hurl delete mode 100644 cases/api_admin_teams_id_members_post_owasp_api7_injection_xss_dd4d8c19.hurl delete mode 100644 cases/api_admin_teams_id_members_post_required_omission_userid_absent_1da7a2c3.hurl delete mode 100644 cases/api_admin_teams_id_members_post_schema_violation_role_invalid_enum_1d2b8bb8.hurl delete mode 100644 cases/api_admin_teams_id_members_post_schema_violation_userid_missing_required_71efcd62.hurl delete mode 100644 cases/api_admin_teams_id_members_post_type_coercion_role_wrong_type_boolean_2a4f0269.hurl delete mode 100644 cases/api_admin_teams_id_members_post_type_coercion_role_wrong_type_integer_95fd239a.hurl delete mode 100644 cases/api_admin_teams_id_members_post_type_coercion_userid_wrong_type_boolean_8aeef740.hurl delete mode 100644 cases/api_admin_teams_id_members_post_type_coercion_userid_wrong_type_integer_76bfddd4.hurl delete mode 100644 cases/api_admin_teams_id_members_post_unicode_fuzzing_role_bidi_override_aa47e2dd.hurl delete mode 100644 cases/api_admin_teams_id_members_post_unicode_fuzzing_role_control_char_39e9a695.hurl delete mode 100644 cases/api_admin_teams_id_members_post_unicode_fuzzing_role_overlong_7473f431.hurl delete mode 100644 cases/api_admin_teams_id_members_post_unicode_fuzzing_role_zalgo_83be4bd5.hurl delete mode 100644 cases/api_admin_teams_id_members_post_unicode_fuzzing_role_zero_width_241bc1b4.hurl delete mode 100644 cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_bidi_override_e839caab.hurl delete mode 100644 cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_control_char_382c05ef.hurl delete mode 100644 cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_overlong_cbe2af65.hurl delete mode 100644 cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_zalgo_9cd03a11.hurl delete mode 100644 cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_zero_width_bdeeed04.hurl delete mode 100644 cases/api_admin_teams_id_members_post_valid_request_with_all_required_fields_17f7b78e.hurl delete mode 100644 cases/api_admin_teams_id_members_post_wrong_content_type_text_plain_0f904569.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_delete_idempotent_second_call_must_be_safe_e8a5f757.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_delete_idor_id_0_zero_id_eb538efa.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_delete_idor_id_99999_alt_id_c4642225.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_delete_missing_required_param_id_4661322e.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_delete_missing_required_param_userid_636a79c8.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_delete_owasp_api1_bola_unauthorized_access_042e8f38.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_delete_owasp_api2_broken_authentication_46113a78.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_path_traversal_511147be.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_sqli_0cf3a030.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_xss_a4c3899a.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_delete_valid_request_with_all_required_fields_8384ae85.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_options_owasp_api8_cors_security_configuration_86b21409.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_idempotent_second_call_must_be_safe_7fb55548.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_idor_id_0_zero_id_3ecaa43f.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_idor_id_99999_alt_id_5ee92e8d.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_invalid_role_value_not_in_enum_1385a015.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_mass_assignment_financial_probe_e346a0c6.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_mass_assignment_identity_probe_c5b345ac.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_mass_assignment_privilege_probe_830ae193.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_mass_assignment_status_probe_08a1d397.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_missing_required_field_role_02cdac38.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_missing_required_field_role_7f67bdd2.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_missing_required_param_id_c90499c8.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_missing_required_param_userid_a0b457a0.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_mutation_role_empty_string_9334c130.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_mutation_role_integer_instead_of_string_c930d5b2.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_mutation_role_null_value_8380cf38.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_mutation_role_oversized_string_300_chars_c4c6cb7f.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_null_injection_role_92d17333.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_owasp_api1_bola_unauthorized_access_37084d5c.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_owasp_api2_broken_authentication_19b34217.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_owasp_api3_bopla_property_level_access_4c06b345.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_owasp_api6_mass_assignment_ffe14e02.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_path_traversal_df6e5f44.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_sqli_16482ca3.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_xss_d065e277.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_required_omission_role_absent_b8039024.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_schema_violation_role_invalid_enum_128b22a3.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_schema_violation_role_missing_required_e51f7c6d.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_type_coercion_role_wrong_type_boolean_c33ffd8f.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_type_coercion_role_wrong_type_integer_23b49146.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_bidi_override_0b0faf09.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_control_char_a8d734a8.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_overlong_1e651ae0.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_zalgo_f7cf562e.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_zero_width_2815807e.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_valid_request_with_all_required_fields_b950209e.hurl delete mode 100644 cases/api_admin_teams_id_members_userid_put_wrong_content_type_text_plain_55f30d0f.hurl delete mode 100644 cases/api_admin_teams_id_options_owasp_api8_cors_security_configuration_6bbc18bd.hurl delete mode 100644 cases/api_admin_teams_id_put_idempotent_second_call_must_be_safe_1ca0ed36.hurl delete mode 100644 cases/api_admin_teams_id_put_idor_id_0_zero_id_3c4cc44b.hurl delete mode 100644 cases/api_admin_teams_id_put_idor_id_99999_alt_id_d4dddc4b.hurl delete mode 100644 cases/api_admin_teams_id_put_mass_assignment_financial_probe_4c631268.hurl delete mode 100644 cases/api_admin_teams_id_put_mass_assignment_identity_probe_ed4e87e7.hurl delete mode 100644 cases/api_admin_teams_id_put_mass_assignment_privilege_probe_1b5cbca5.hurl delete mode 100644 cases/api_admin_teams_id_put_mass_assignment_status_probe_c574427d.hurl delete mode 100644 cases/api_admin_teams_id_put_missing_required_param_id_09825850.hurl delete mode 100644 cases/api_admin_teams_id_put_mutation_description_empty_string_eb263846.hurl delete mode 100644 cases/api_admin_teams_id_put_mutation_description_integer_instead_of_string_f0d62caa.hurl delete mode 100644 cases/api_admin_teams_id_put_mutation_description_null_value_df8e9c3a.hurl delete mode 100644 cases/api_admin_teams_id_put_mutation_description_oversized_string_300_chars_68ace4a3.hurl delete mode 100644 cases/api_admin_teams_id_put_mutation_displayname_empty_string_13a9f6ae.hurl delete mode 100644 cases/api_admin_teams_id_put_mutation_displayname_integer_instead_of_string_05b44595.hurl delete mode 100644 cases/api_admin_teams_id_put_mutation_displayname_null_value_c587ff33.hurl delete mode 100644 cases/api_admin_teams_id_put_mutation_displayname_oversized_string_300_chars_7def0ad8.hurl delete mode 100644 cases/api_admin_teams_id_put_null_injection_description_794499ad.hurl delete mode 100644 cases/api_admin_teams_id_put_null_injection_displayname_6c433e61.hurl delete mode 100644 cases/api_admin_teams_id_put_owasp_api1_bola_unauthorized_access_50ace962.hurl delete mode 100644 cases/api_admin_teams_id_put_owasp_api2_broken_authentication_fea6c4f7.hurl delete mode 100644 cases/api_admin_teams_id_put_owasp_api3_bopla_property_level_access_d147b4f6.hurl delete mode 100644 cases/api_admin_teams_id_put_owasp_api5_function_level_authorization_missing_06b71a7c.hurl delete mode 100644 cases/api_admin_teams_id_put_owasp_api6_mass_assignment_6357ae57.hurl delete mode 100644 cases/api_admin_teams_id_put_owasp_api7_injection_path_traversal_894772da.hurl delete mode 100644 cases/api_admin_teams_id_put_owasp_api7_injection_sqli_c7f786e4.hurl delete mode 100644 cases/api_admin_teams_id_put_owasp_api7_injection_xss_d3681129.hurl delete mode 100644 cases/api_admin_teams_id_put_type_coercion_description_wrong_type_boolean_6dd640a7.hurl delete mode 100644 cases/api_admin_teams_id_put_type_coercion_description_wrong_type_integer_3296a87f.hurl delete mode 100644 cases/api_admin_teams_id_put_type_coercion_displayname_wrong_type_boolean_ccdc6ae5.hurl delete mode 100644 cases/api_admin_teams_id_put_type_coercion_displayname_wrong_type_integer_3ade9411.hurl delete mode 100644 cases/api_admin_teams_id_put_unicode_fuzzing_description_bidi_override_c42ef106.hurl delete mode 100644 cases/api_admin_teams_id_put_unicode_fuzzing_description_control_char_d9200d81.hurl delete mode 100644 cases/api_admin_teams_id_put_unicode_fuzzing_description_overlong_a87f58e7.hurl delete mode 100644 cases/api_admin_teams_id_put_unicode_fuzzing_description_zalgo_e354e0de.hurl delete mode 100644 cases/api_admin_teams_id_put_unicode_fuzzing_description_zero_width_1f9507e6.hurl delete mode 100644 cases/api_admin_teams_id_put_unicode_fuzzing_displayname_bidi_override_7c97c5e9.hurl delete mode 100644 cases/api_admin_teams_id_put_unicode_fuzzing_displayname_control_char_39195267.hurl delete mode 100644 cases/api_admin_teams_id_put_unicode_fuzzing_displayname_overlong_cb9e326e.hurl delete mode 100644 cases/api_admin_teams_id_put_unicode_fuzzing_displayname_zalgo_5add01e6.hurl delete mode 100644 cases/api_admin_teams_id_put_unicode_fuzzing_displayname_zero_width_a1cdc859.hurl delete mode 100644 cases/api_admin_teams_id_put_valid_request_with_all_required_fields_92de58a1.hurl delete mode 100644 cases/api_admin_teams_id_put_wrong_content_type_text_plain_a77a2981.hurl delete mode 100644 cases/api_admin_teams_id_services_get_idor_id_0_zero_id_405d2163.hurl delete mode 100644 cases/api_admin_teams_id_services_get_idor_id_99999_alt_id_09f2f077.hurl delete mode 100644 cases/api_admin_teams_id_services_get_missing_required_param_id_bbd8e250.hurl delete mode 100644 cases/api_admin_teams_id_services_get_owasp_api1_bola_unauthorized_access_ce61c6bf.hurl delete mode 100644 cases/api_admin_teams_id_services_get_owasp_api2_broken_authentication_29194ed9.hurl delete mode 100644 cases/api_admin_teams_id_services_get_owasp_api5_function_level_authorization_missing_edc7b8fe.hurl delete mode 100644 cases/api_admin_teams_id_services_get_owasp_api7_injection_path_traversal_961479c7.hurl delete mode 100644 cases/api_admin_teams_id_services_get_owasp_api7_injection_sqli_2e72efb4.hurl delete mode 100644 cases/api_admin_teams_id_services_get_owasp_api7_injection_xss_80ccb269.hurl delete mode 100644 cases/api_admin_teams_id_services_get_valid_request_with_all_required_fields_1b69193c.hurl delete mode 100644 cases/api_admin_teams_id_services_options_owasp_api8_cors_security_configuration_84a2058d.hurl delete mode 100644 cases/api_admin_teams_options_owasp_api8_cors_security_configuration_ad2f2f8a.hurl delete mode 100644 cases/api_admin_teams_post_auth_chain_4c68c418.hurl delete mode 100644 cases/api_admin_teams_post_field_boundary_name_invalid_below_min_f9b893d9.hurl delete mode 100644 cases/api_admin_teams_post_field_boundary_name_valid_min_787507a6.hurl delete mode 100644 cases/api_admin_teams_post_idempotent_second_call_must_be_safe_bee426f4.hurl delete mode 100644 cases/api_admin_teams_post_invalid_name_empty_string_violates_minlength_1_97aa6ff1.hurl delete mode 100644 cases/api_admin_teams_post_mass_assignment_financial_probe_3c2025cc.hurl delete mode 100644 cases/api_admin_teams_post_mass_assignment_identity_probe_82f380ef.hurl delete mode 100644 cases/api_admin_teams_post_mass_assignment_privilege_probe_ed2bac60.hurl delete mode 100644 cases/api_admin_teams_post_mass_assignment_status_probe_9b89bdf9.hurl delete mode 100644 cases/api_admin_teams_post_missing_required_field_name_11fe758b.hurl delete mode 100644 cases/api_admin_teams_post_missing_required_field_name_80c70bf8.hurl delete mode 100644 cases/api_admin_teams_post_mutation_description_empty_string_569a3993.hurl delete mode 100644 cases/api_admin_teams_post_mutation_description_integer_instead_of_string_4d295fcc.hurl delete mode 100644 cases/api_admin_teams_post_mutation_description_null_value_672e2bba.hurl delete mode 100644 cases/api_admin_teams_post_mutation_description_oversized_string_300_chars_20eb5b64.hurl delete mode 100644 cases/api_admin_teams_post_mutation_displayname_empty_string_34993282.hurl delete mode 100644 cases/api_admin_teams_post_mutation_displayname_integer_instead_of_string_c361779d.hurl delete mode 100644 cases/api_admin_teams_post_mutation_displayname_null_value_782f4da8.hurl delete mode 100644 cases/api_admin_teams_post_mutation_displayname_oversized_string_300_chars_b00969d7.hurl delete mode 100644 cases/api_admin_teams_post_mutation_name_empty_string_e4058fd4.hurl delete mode 100644 cases/api_admin_teams_post_mutation_name_null_value_ec9e6e43.hurl delete mode 100644 cases/api_admin_teams_post_name_at_max_plus_one_invalid_boundary_5330751c.hurl delete mode 100644 cases/api_admin_teams_post_name_at_max_valid_boundary_b9c84944.hurl delete mode 100644 cases/api_admin_teams_post_name_at_min_minus_one_invalid_boundary_2ccbadc2.hurl delete mode 100644 cases/api_admin_teams_post_name_at_min_valid_boundary_084178e7.hurl delete mode 100644 cases/api_admin_teams_post_null_injection_description_5294fe7b.hurl delete mode 100644 cases/api_admin_teams_post_null_injection_displayname_acaa7cdb.hurl delete mode 100644 cases/api_admin_teams_post_null_injection_name_abe4e3e2.hurl delete mode 100644 cases/api_admin_teams_post_owasp_api2_broken_authentication_0f5c6cec.hurl delete mode 100644 cases/api_admin_teams_post_owasp_api5_function_level_authorization_missing_2df9f5ad.hurl delete mode 100644 cases/api_admin_teams_post_owasp_api6_mass_assignment_e17876cf.hurl delete mode 100644 cases/api_admin_teams_post_owasp_api7_injection_path_traversal_a1f1c968.hurl delete mode 100644 cases/api_admin_teams_post_owasp_api7_injection_sqli_3e99ea9b.hurl delete mode 100644 cases/api_admin_teams_post_owasp_api7_injection_xss_a582e336.hurl delete mode 100644 cases/api_admin_teams_post_required_omission_name_absent_7a6a3b1a.hurl delete mode 100644 cases/api_admin_teams_post_schema_violation_name_missing_required_144ca893.hurl delete mode 100644 cases/api_admin_teams_post_schema_violation_name_too_short_2d1be97b.hurl delete mode 100644 cases/api_admin_teams_post_type_coercion_description_wrong_type_boolean_bf50b6f1.hurl delete mode 100644 cases/api_admin_teams_post_type_coercion_description_wrong_type_integer_1aea557e.hurl delete mode 100644 cases/api_admin_teams_post_type_coercion_displayname_wrong_type_boolean_97c4c8ca.hurl delete mode 100644 cases/api_admin_teams_post_type_coercion_displayname_wrong_type_integer_759d30e5.hurl delete mode 100644 cases/api_admin_teams_post_type_coercion_name_wrong_type_boolean_b516cdc6.hurl delete mode 100644 cases/api_admin_teams_post_type_coercion_name_wrong_type_integer_05c0d231.hurl delete mode 100644 cases/api_admin_teams_post_unicode_fuzzing_description_bidi_override_d96ca637.hurl delete mode 100644 cases/api_admin_teams_post_unicode_fuzzing_description_control_char_8656dd0b.hurl delete mode 100644 cases/api_admin_teams_post_unicode_fuzzing_description_overlong_432c6afa.hurl delete mode 100644 cases/api_admin_teams_post_unicode_fuzzing_description_zalgo_760794e2.hurl delete mode 100644 cases/api_admin_teams_post_unicode_fuzzing_description_zero_width_5161dc9c.hurl delete mode 100644 cases/api_admin_teams_post_unicode_fuzzing_displayname_bidi_override_693c8224.hurl delete mode 100644 cases/api_admin_teams_post_unicode_fuzzing_displayname_control_char_7ead4ab7.hurl delete mode 100644 cases/api_admin_teams_post_unicode_fuzzing_displayname_overlong_3d12d252.hurl delete mode 100644 cases/api_admin_teams_post_unicode_fuzzing_displayname_zalgo_6474b9c1.hurl delete mode 100644 cases/api_admin_teams_post_unicode_fuzzing_displayname_zero_width_8b028ce1.hurl delete mode 100644 cases/api_admin_teams_post_unicode_fuzzing_name_bidi_override_19447855.hurl delete mode 100644 cases/api_admin_teams_post_unicode_fuzzing_name_control_char_4e8b3875.hurl delete mode 100644 cases/api_admin_teams_post_unicode_fuzzing_name_overlong_ee78ddc5.hurl delete mode 100644 cases/api_admin_teams_post_unicode_fuzzing_name_zalgo_b42d8584.hurl delete mode 100644 cases/api_admin_teams_post_unicode_fuzzing_name_zero_width_76a6b2ca.hurl delete mode 100644 cases/api_admin_teams_post_valid_request_with_all_required_fields_17f73440.hurl delete mode 100644 cases/api_admin_teams_post_wrong_content_type_text_plain_bd5b4e9e.hurl delete mode 100644 cases/api_admin_teams_sequence_chain_delete_api_admin_grants_id_70b060a1.hurl delete mode 100644 cases/api_admin_teams_sequence_chain_delete_api_admin_users_id_f0f67b06.hurl delete mode 100644 cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_grants_6aeda09f.hurl delete mode 100644 cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_members_0cb6ef87.hurl delete mode 100644 cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_services_3642a068.hurl delete mode 100644 cases/api_admin_teams_sequence_chain_post_api_admin_teams_id_grants_1b66938a.hurl delete mode 100644 cases/api_admin_teams_sequence_chain_post_api_admin_teams_id_members_210690e6.hurl delete mode 100644 cases/api_admin_teams_sequence_chain_put_api_admin_services_serviceid_team_8cbdf061.hurl delete mode 100644 cases/api_admin_teams_sequence_chain_put_api_admin_users_id_2d5ea99d.hurl delete mode 100644 cases/api_admin_users_get_auth_chain_e4ef12fa.hurl delete mode 100644 cases/api_admin_users_get_owasp_api2_broken_authentication_aaffe36c.hurl delete mode 100644 cases/api_admin_users_get_owasp_api5_function_level_authorization_missing_3724bb26.hurl delete mode 100644 cases/api_admin_users_get_valid_request_with_all_required_fields_e7fb82c9.hurl delete mode 100644 cases/api_admin_users_id_delete_idempotent_second_call_must_be_safe_380dcf78.hurl delete mode 100644 cases/api_admin_users_id_delete_idor_id_0_zero_id_f8eac138.hurl delete mode 100644 cases/api_admin_users_id_delete_idor_id_99999_alt_id_f53c958f.hurl delete mode 100644 cases/api_admin_users_id_delete_missing_required_param_id_abfeb37c.hurl delete mode 100644 cases/api_admin_users_id_delete_owasp_api1_bola_unauthorized_access_073a78a5.hurl delete mode 100644 cases/api_admin_users_id_delete_owasp_api2_broken_authentication_5cc69e63.hurl delete mode 100644 cases/api_admin_users_id_delete_owasp_api5_function_level_authorization_missing_4c861285.hurl delete mode 100644 cases/api_admin_users_id_delete_owasp_api7_injection_path_traversal_9a54d420.hurl delete mode 100644 cases/api_admin_users_id_delete_owasp_api7_injection_sqli_35704eb4.hurl delete mode 100644 cases/api_admin_users_id_delete_owasp_api7_injection_xss_ae1228c7.hurl delete mode 100644 cases/api_admin_users_id_delete_valid_request_with_all_required_fields_fd2d7e20.hurl delete mode 100644 cases/api_admin_users_id_options_owasp_api8_cors_security_configuration_e0b5b44a.hurl delete mode 100644 cases/api_admin_users_id_put_idempotent_second_call_must_be_safe_383d2878.hurl delete mode 100644 cases/api_admin_users_id_put_idor_id_0_zero_id_1420839c.hurl delete mode 100644 cases/api_admin_users_id_put_idor_id_99999_alt_id_b306fbb7.hurl delete mode 100644 cases/api_admin_users_id_put_invalid_isactive_wrong_type_string_for_boolean_9a696767.hurl delete mode 100644 cases/api_admin_users_id_put_invalid_role_value_not_in_enum_be8b477d.hurl delete mode 100644 cases/api_admin_users_id_put_isactive_false_307b2101.hurl delete mode 100644 cases/api_admin_users_id_put_isactive_true_920617a8.hurl delete mode 100644 cases/api_admin_users_id_put_mass_assignment_financial_probe_9e2cf67b.hurl delete mode 100644 cases/api_admin_users_id_put_mass_assignment_identity_probe_4fb556e6.hurl delete mode 100644 cases/api_admin_users_id_put_mass_assignment_privilege_probe_a6a6cd31.hurl delete mode 100644 cases/api_admin_users_id_put_mass_assignment_status_probe_1054f864.hurl delete mode 100644 cases/api_admin_users_id_put_missing_required_param_id_fe77f880.hurl delete mode 100644 cases/api_admin_users_id_put_mutation_isactive_integer_instead_of_boolean_56c3f6cc.hurl delete mode 100644 cases/api_admin_users_id_put_mutation_isactive_null_value_48706298.hurl delete mode 100644 cases/api_admin_users_id_put_mutation_isactive_string_instead_of_boolean_c83a8b69.hurl delete mode 100644 cases/api_admin_users_id_put_mutation_role_empty_string_f4802a98.hurl delete mode 100644 cases/api_admin_users_id_put_mutation_role_integer_instead_of_string_1d2d0cbd.hurl delete mode 100644 cases/api_admin_users_id_put_mutation_role_null_value_091acd05.hurl delete mode 100644 cases/api_admin_users_id_put_mutation_role_oversized_string_300_chars_786de8b3.hurl delete mode 100644 cases/api_admin_users_id_put_null_injection_isactive_c8deaf48.hurl delete mode 100644 cases/api_admin_users_id_put_null_injection_role_e890383a.hurl delete mode 100644 cases/api_admin_users_id_put_owasp_api1_bola_unauthorized_access_91b47863.hurl delete mode 100644 cases/api_admin_users_id_put_owasp_api2_broken_authentication_3552a6c6.hurl delete mode 100644 cases/api_admin_users_id_put_owasp_api3_bopla_property_level_access_4ae5244a.hurl delete mode 100644 cases/api_admin_users_id_put_owasp_api5_function_level_authorization_missing_8f0d7884.hurl delete mode 100644 cases/api_admin_users_id_put_owasp_api6_mass_assignment_38dd166b.hurl delete mode 100644 cases/api_admin_users_id_put_owasp_api7_injection_path_traversal_e9f5a9c9.hurl delete mode 100644 cases/api_admin_users_id_put_owasp_api7_injection_sqli_c653b26d.hurl delete mode 100644 cases/api_admin_users_id_put_owasp_api7_injection_xss_51b9a625.hurl delete mode 100644 cases/api_admin_users_id_put_role_guest_d671319d.hurl delete mode 100644 cases/api_admin_users_id_put_role_super_admin_72c28c85.hurl delete mode 100644 cases/api_admin_users_id_put_role_team_member_c19312b9.hurl delete mode 100644 cases/api_admin_users_id_put_role_team_owner_c8807eae.hurl delete mode 100644 cases/api_admin_users_id_put_schema_violation_isactive_wrong_type_891572b6.hurl delete mode 100644 cases/api_admin_users_id_put_schema_violation_role_invalid_enum_3765a2be.hurl delete mode 100644 cases/api_admin_users_id_put_type_coercion_isactive_wrong_type_integer_308337db.hurl delete mode 100644 cases/api_admin_users_id_put_type_coercion_isactive_wrong_type_string_4a329fab.hurl delete mode 100644 cases/api_admin_users_id_put_type_coercion_role_wrong_type_boolean_c4d77768.hurl delete mode 100644 cases/api_admin_users_id_put_type_coercion_role_wrong_type_integer_60c61680.hurl delete mode 100644 cases/api_admin_users_id_put_unicode_fuzzing_role_bidi_override_a2217373.hurl delete mode 100644 cases/api_admin_users_id_put_unicode_fuzzing_role_control_char_be44c91e.hurl delete mode 100644 cases/api_admin_users_id_put_unicode_fuzzing_role_overlong_4c95b987.hurl delete mode 100644 cases/api_admin_users_id_put_unicode_fuzzing_role_zalgo_d015a170.hurl delete mode 100644 cases/api_admin_users_id_put_unicode_fuzzing_role_zero_width_b1e60615.hurl delete mode 100644 cases/api_admin_users_id_put_valid_request_with_all_required_fields_d7979f2a.hurl delete mode 100644 cases/api_admin_users_id_put_wrong_content_type_text_plain_69ba511c.hurl delete mode 100644 cases/api_admin_users_options_owasp_api8_cors_security_configuration_d0d06277.hurl delete mode 100644 cases/api_admin_webhooks_get_auth_chain_c741d9e1.hurl delete mode 100644 cases/api_admin_webhooks_get_owasp_api2_broken_authentication_ec46e5a8.hurl delete mode 100644 cases/api_admin_webhooks_get_owasp_api5_function_level_authorization_missing_a2ef426c.hurl delete mode 100644 cases/api_admin_webhooks_get_valid_request_with_all_required_fields_c3e5fa48.hurl delete mode 100644 cases/api_admin_webhooks_id_delete_idempotent_second_call_must_be_safe_854a404a.hurl delete mode 100644 cases/api_admin_webhooks_id_delete_idor_id_00000000_0000_0000_0000_000000000000_nil_uu_2c9e3616.hurl delete mode 100644 cases/api_admin_webhooks_id_delete_idor_id_00000000_0000_0000_0000_000000000001_alt_uu_101b67d9.hurl delete mode 100644 cases/api_admin_webhooks_id_delete_missing_required_param_id_25ba00ae.hurl delete mode 100644 cases/api_admin_webhooks_id_delete_owasp_api2_broken_authentication_23cf0c86.hurl delete mode 100644 cases/api_admin_webhooks_id_delete_owasp_api5_function_level_authorization_missing_01a13cd8.hurl delete mode 100644 cases/api_admin_webhooks_id_delete_owasp_api7_injection_path_traversal_bdc77229.hurl delete mode 100644 cases/api_admin_webhooks_id_delete_owasp_api7_injection_sqli_7e499729.hurl delete mode 100644 cases/api_admin_webhooks_id_delete_owasp_api7_injection_xss_06da467b.hurl delete mode 100644 cases/api_admin_webhooks_id_delete_valid_request_with_all_required_fields_f50edea5.hurl delete mode 100644 cases/api_admin_webhooks_id_options_owasp_api8_cors_security_configuration_c34b22b5.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_idor_id_00000000_0000_0000_0000_000000000000_nil_uui_93edf6a3.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_idor_id_00000000_0000_0000_0000_000000000001_alt_uui_e5555fc8.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_invalid_isactive_wrong_type_string_for_boolean_fbeea8b1.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_mass_assignment_financial_probe_ed85e04f.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_mass_assignment_identity_probe_1274d148.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_mass_assignment_privilege_probe_d0ddffec.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_mass_assignment_status_probe_16deab72.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_missing_required_param_id_8a80112e.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_mutation_events_null_value_2d09c873.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_mutation_events_object_instead_of_array_309789e7.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_mutation_events_string_instead_of_array_9439ce9e.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_mutation_isactive_integer_instead_of_boolean_161755de.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_mutation_isactive_null_value_c42eb537.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_mutation_isactive_string_instead_of_boolean_be6cb74f.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_mutation_name_empty_string_48b3b8ee.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_mutation_name_integer_instead_of_string_ec8ffbaa.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_mutation_name_null_value_07005fc1.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_mutation_name_oversized_string_300_chars_bc9e284b.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_null_injection_events_e5f0413f.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_null_injection_isactive_f681cd0b.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_null_injection_name_abff0001.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_null_injection_url_6597f138.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_owasp_api10_ssrf_432c0bdd.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_owasp_api2_broken_authentication_3a1afdb6.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_owasp_api3_bopla_property_level_access_d7a97bb7.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_owasp_api5_function_level_authorization_missing_6c16dac4.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_owasp_api7_injection_path_traversal_b84f711a.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_owasp_api7_injection_sqli_e249a62c.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_owasp_api7_injection_xss_e86a894c.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_schema_violation_isactive_wrong_type_a0047765.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_type_coercion_events_wrong_type_string_ce35cd41.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_type_coercion_isactive_wrong_type_integer_4c590e85.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_type_coercion_isactive_wrong_type_string_db8dd398.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_type_coercion_name_wrong_type_boolean_e2d843b1.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_type_coercion_name_wrong_type_integer_849247d2.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_type_coercion_url_wrong_type_boolean_d9bfd2d8.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_type_coercion_url_wrong_type_integer_5b388493.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_bidi_override_61073126.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_control_char_9fed73af.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_overlong_ff322daa.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_zalgo_a31d1299.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_zero_width_6bdb26ba.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_bidi_override_36430217.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_control_char_ed68863e.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_overlong_d7318097.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_zalgo_0a72a45e.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_zero_width_61e8a563.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_valid_request_with_all_required_fields_415f32a9.hurl delete mode 100644 cases/api_admin_webhooks_id_patch_wrong_content_type_text_plain_94225ad6.hurl delete mode 100644 cases/api_admin_webhooks_id_test_options_owasp_api8_cors_security_configuration_19ddcfe4.hurl delete mode 100644 cases/api_admin_webhooks_id_test_post_idempotent_second_call_must_be_safe_ff996bd3.hurl delete mode 100644 cases/api_admin_webhooks_id_test_post_idor_id_00000000_0000_0000_0000_000000000000_nil_33f46434.hurl delete mode 100644 cases/api_admin_webhooks_id_test_post_idor_id_00000000_0000_0000_0000_000000000001_alt_eb0b8c82.hurl delete mode 100644 cases/api_admin_webhooks_id_test_post_missing_required_param_id_8f3b353e.hurl delete mode 100644 cases/api_admin_webhooks_id_test_post_owasp_api2_broken_authentication_7054030e.hurl delete mode 100644 cases/api_admin_webhooks_id_test_post_owasp_api5_function_level_authorization_missing_908d0d93.hurl delete mode 100644 cases/api_admin_webhooks_id_test_post_owasp_api7_injection_path_traversal_6c16c87b.hurl delete mode 100644 cases/api_admin_webhooks_id_test_post_owasp_api7_injection_sqli_7a0227b0.hurl delete mode 100644 cases/api_admin_webhooks_id_test_post_owasp_api7_injection_xss_e8743ba7.hurl delete mode 100644 cases/api_admin_webhooks_id_test_post_valid_request_with_all_required_fields_ae0a2dc3.hurl delete mode 100644 cases/api_admin_webhooks_options_owasp_api8_cors_security_configuration_3f16f7ab.hurl delete mode 100644 cases/api_admin_webhooks_post_auth_chain_f4c0b7fc.hurl delete mode 100644 cases/api_admin_webhooks_post_field_boundary_name_invalid_below_min_7b9e5b4d.hurl delete mode 100644 cases/api_admin_webhooks_post_field_boundary_name_valid_min_85b28596.hurl delete mode 100644 cases/api_admin_webhooks_post_idempotent_second_call_must_be_safe_06e188f6.hurl delete mode 100644 cases/api_admin_webhooks_post_invalid_events_empty_array_violates_minitems_1_41ef09da.hurl delete mode 100644 cases/api_admin_webhooks_post_invalid_name_empty_string_violates_minlength_1_86292ddb.hurl delete mode 100644 cases/api_admin_webhooks_post_mass_assignment_financial_probe_241955ee.hurl delete mode 100644 cases/api_admin_webhooks_post_mass_assignment_identity_probe_30b18c5f.hurl delete mode 100644 cases/api_admin_webhooks_post_mass_assignment_privilege_probe_f5c743f7.hurl delete mode 100644 cases/api_admin_webhooks_post_mass_assignment_status_probe_33b56375.hurl delete mode 100644 cases/api_admin_webhooks_post_missing_required_field_events_d6a5b0c7.hurl delete mode 100644 cases/api_admin_webhooks_post_missing_required_field_events_dfcc1c56.hurl delete mode 100644 cases/api_admin_webhooks_post_missing_required_field_name_45423b82.hurl delete mode 100644 cases/api_admin_webhooks_post_missing_required_field_name_6c83435b.hurl delete mode 100644 cases/api_admin_webhooks_post_missing_required_field_url_6ed0d9f4.hurl delete mode 100644 cases/api_admin_webhooks_post_missing_required_field_url_f322285b.hurl delete mode 100644 cases/api_admin_webhooks_post_mutation_events_null_value_2c34fbf1.hurl delete mode 100644 cases/api_admin_webhooks_post_mutation_events_object_instead_of_array_4a653004.hurl delete mode 100644 cases/api_admin_webhooks_post_mutation_events_string_instead_of_array_19783d1d.hurl delete mode 100644 cases/api_admin_webhooks_post_mutation_name_empty_string_f615d2a9.hurl delete mode 100644 cases/api_admin_webhooks_post_mutation_name_integer_instead_of_string_cf6c122c.hurl delete mode 100644 cases/api_admin_webhooks_post_mutation_name_null_value_b75000cd.hurl delete mode 100644 cases/api_admin_webhooks_post_mutation_name_oversized_string_300_chars_5be879ce.hurl delete mode 100644 cases/api_admin_webhooks_post_mutation_providertype_empty_string_9b991c26.hurl delete mode 100644 cases/api_admin_webhooks_post_mutation_providertype_integer_instead_of_string_83e13d1b.hurl delete mode 100644 cases/api_admin_webhooks_post_mutation_providertype_null_value_595d67fc.hurl delete mode 100644 cases/api_admin_webhooks_post_name_at_max_plus_one_invalid_boundary_94214268.hurl delete mode 100644 cases/api_admin_webhooks_post_name_at_max_valid_boundary_d8fb6781.hurl delete mode 100644 cases/api_admin_webhooks_post_name_at_min_minus_one_invalid_boundary_5b4327aa.hurl delete mode 100644 cases/api_admin_webhooks_post_name_at_min_valid_boundary_72f21135.hurl delete mode 100644 cases/api_admin_webhooks_post_null_injection_events_35254559.hurl delete mode 100644 cases/api_admin_webhooks_post_null_injection_name_169dbf8c.hurl delete mode 100644 cases/api_admin_webhooks_post_null_injection_providertype_d40094c4.hurl delete mode 100644 cases/api_admin_webhooks_post_null_injection_teamid_4f42ea82.hurl delete mode 100644 cases/api_admin_webhooks_post_null_injection_url_52359f32.hurl delete mode 100644 cases/api_admin_webhooks_post_owasp_api10_ssrf_fa3b21f3.hurl delete mode 100644 cases/api_admin_webhooks_post_owasp_api2_broken_authentication_f690ca7e.hurl delete mode 100644 cases/api_admin_webhooks_post_owasp_api5_function_level_authorization_missing_d8d5bdac.hurl delete mode 100644 cases/api_admin_webhooks_post_owasp_api6_mass_assignment_1b59ba48.hurl delete mode 100644 cases/api_admin_webhooks_post_owasp_api7_injection_path_traversal_a39cab42.hurl delete mode 100644 cases/api_admin_webhooks_post_owasp_api7_injection_sqli_03accab7.hurl delete mode 100644 cases/api_admin_webhooks_post_owasp_api7_injection_xss_a1a1e257.hurl delete mode 100644 cases/api_admin_webhooks_post_required_omission_events_absent_09946d4c.hurl delete mode 100644 cases/api_admin_webhooks_post_required_omission_name_absent_d0373487.hurl delete mode 100644 cases/api_admin_webhooks_post_required_omission_url_absent_6d3bc221.hurl delete mode 100644 cases/api_admin_webhooks_post_schema_violation_events_missing_required_e4df148d.hurl delete mode 100644 cases/api_admin_webhooks_post_schema_violation_events_too_few_items_a0bdf58b.hurl delete mode 100644 cases/api_admin_webhooks_post_schema_violation_name_missing_required_7b8cab12.hurl delete mode 100644 cases/api_admin_webhooks_post_schema_violation_name_too_short_b49ea6fa.hurl delete mode 100644 cases/api_admin_webhooks_post_schema_violation_url_missing_required_4d32f3c3.hurl delete mode 100644 cases/api_admin_webhooks_post_type_coercion_events_wrong_type_string_07b6f191.hurl delete mode 100644 cases/api_admin_webhooks_post_type_coercion_name_wrong_type_boolean_49b71fc3.hurl delete mode 100644 cases/api_admin_webhooks_post_type_coercion_name_wrong_type_integer_39c60504.hurl delete mode 100644 cases/api_admin_webhooks_post_type_coercion_providertype_wrong_type_boolean_2f2c0975.hurl delete mode 100644 cases/api_admin_webhooks_post_type_coercion_providertype_wrong_type_integer_e227c019.hurl delete mode 100644 cases/api_admin_webhooks_post_type_coercion_teamid_wrong_type_boolean_b27447cc.hurl delete mode 100644 cases/api_admin_webhooks_post_type_coercion_teamid_wrong_type_integer_5db01d88.hurl delete mode 100644 cases/api_admin_webhooks_post_type_coercion_url_wrong_type_boolean_2d482d43.hurl delete mode 100644 cases/api_admin_webhooks_post_type_coercion_url_wrong_type_integer_ea2aab8e.hurl delete mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_name_bidi_override_07e9eae2.hurl delete mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_name_control_char_5943393b.hurl delete mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_name_overlong_bee28f66.hurl delete mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_name_zalgo_a7f8f480.hurl delete mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_name_zero_width_2a6bf0cb.hurl delete mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_providertype_bidi_override_8724a676.hurl delete mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_providertype_control_char_dc945e0e.hurl delete mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_providertype_overlong_2cc3a01a.hurl delete mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_providertype_zalgo_07152569.hurl delete mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_providertype_zero_width_e32282d7.hurl delete mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_teamid_bidi_override_0c229c2d.hurl delete mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_teamid_control_char_f031554f.hurl delete mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_teamid_overlong_7de8af57.hurl delete mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_teamid_zalgo_bba333a6.hurl delete mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_teamid_zero_width_3128deb0.hurl delete mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_url_bidi_override_caf839d6.hurl delete mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_url_control_char_c4479bd1.hurl delete mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_url_overlong_132333e4.hurl delete mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_url_zalgo_6343c227.hurl delete mode 100644 cases/api_admin_webhooks_post_unicode_fuzzing_url_zero_width_d101973c.hurl delete mode 100644 cases/api_admin_webhooks_post_valid_request_with_all_required_fields_42a4fab4.hurl delete mode 100644 cases/api_admin_webhooks_post_wrong_content_type_text_plain_7a40055b.hurl delete mode 100644 cases/api_admin_webhooks_sequence_chain_delete_api_admin_grants_id_8ef3fbbb.hurl delete mode 100644 cases/api_admin_webhooks_sequence_chain_delete_api_admin_users_id_763b85b6.hurl delete mode 100644 cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_grants_83289d9f.hurl delete mode 100644 cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_members_969a9fae.hurl delete mode 100644 cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_services_ce956549.hurl delete mode 100644 cases/api_admin_webhooks_sequence_chain_post_api_admin_teams_id_grants_02ba968a.hurl delete mode 100644 cases/api_admin_webhooks_sequence_chain_post_api_admin_teams_id_members_393f686a.hurl delete mode 100644 cases/api_admin_webhooks_sequence_chain_put_api_admin_services_serviceid_team_256209eb.hurl delete mode 100644 cases/api_admin_webhooks_sequence_chain_put_api_admin_users_id_88a6983e.hurl delete mode 100644 cases/api_catalog_get_auth_chain_bde6cda3.hurl delete mode 100644 cases/api_catalog_get_owasp_api2_broken_authentication_e1fa3406.hurl delete mode 100644 cases/api_catalog_get_valid_request_with_all_required_fields_c9b53fc1.hurl delete mode 100644 cases/api_catalog_options_owasp_api8_cors_security_configuration_e3ff3623.hurl delete mode 100644 cases/api_catalog_serviceid_delete_idempotent_second_call_must_be_safe_84233d9e.hurl delete mode 100644 cases/api_catalog_serviceid_delete_idor_serviceid_00000000_0000_0000_0000_000000000000_c4621de0.hurl delete mode 100644 cases/api_catalog_serviceid_delete_idor_serviceid_00000000_0000_0000_0000_000000000001_e72a9984.hurl delete mode 100644 cases/api_catalog_serviceid_delete_missing_required_param_serviceid_3209e4f6.hurl delete mode 100644 cases/api_catalog_serviceid_delete_owasp_api2_broken_authentication_be467598.hurl delete mode 100644 cases/api_catalog_serviceid_delete_owasp_api5_function_level_authorization_missing_c88f572b.hurl delete mode 100644 cases/api_catalog_serviceid_delete_owasp_api7_injection_path_traversal_c37e4439.hurl delete mode 100644 cases/api_catalog_serviceid_delete_owasp_api7_injection_sqli_d27beca6.hurl delete mode 100644 cases/api_catalog_serviceid_delete_owasp_api7_injection_xss_bfdae539.hurl delete mode 100644 cases/api_catalog_serviceid_delete_valid_request_with_all_required_fields_b2745533.hurl delete mode 100644 cases/api_catalog_serviceid_options_owasp_api8_cors_security_configuration_dc211e18.hurl delete mode 100644 cases/api_diff_get_auth_chain_6af54553.hurl delete mode 100644 cases/api_diff_get_missing_required_param_from_436315da.hurl delete mode 100644 cases/api_diff_get_missing_required_param_to_592a212d.hurl delete mode 100644 cases/api_diff_get_owasp_api2_broken_authentication_f6e6d81e.hurl delete mode 100644 cases/api_diff_get_owasp_api7_injection_path_traversal_d2e88748.hurl delete mode 100644 cases/api_diff_get_owasp_api7_injection_sqli_2add12cf.hurl delete mode 100644 cases/api_diff_get_owasp_api7_injection_xss_1fb05370.hurl delete mode 100644 cases/api_diff_get_valid_request_with_all_required_fields_f98b2b82.hurl delete mode 100644 cases/api_diff_options_owasp_api8_cors_security_configuration_95a63795.hurl delete mode 100644 cases/api_me_get_auth_chain_646f48bb.hurl delete mode 100644 cases/api_me_get_owasp_api2_broken_authentication_16f4aef5.hurl delete mode 100644 cases/api_me_get_valid_request_with_all_required_fields_cb06322f.hurl delete mode 100644 cases/api_me_options_owasp_api8_cors_security_configuration_8d947b43.hurl delete mode 100644 cases/api_search_get_auth_chain_e66b7d53.hurl delete mode 100644 cases/api_search_get_missing_required_param_q_128363b8.hurl delete mode 100644 cases/api_search_get_owasp_api2_broken_authentication_6e192176.hurl delete mode 100644 cases/api_search_get_owasp_api7_injection_path_traversal_30f18b95.hurl delete mode 100644 cases/api_search_get_owasp_api7_injection_sqli_b0d05c32.hurl delete mode 100644 cases/api_search_get_owasp_api7_injection_xss_b1a5ce9b.hurl delete mode 100644 cases/api_search_get_valid_request_with_all_required_fields_65fdbcb4.hurl delete mode 100644 cases/api_search_options_owasp_api8_cors_security_configuration_e799f553.hurl delete mode 100644 cases/api_specs_service_branch_openapi_json_get_missing_required_param_branch_dd4faa6a.hurl delete mode 100644 cases/api_specs_service_branch_openapi_json_get_missing_required_param_service_14b52fbb.hurl delete mode 100644 cases/api_specs_service_branch_openapi_json_get_owasp_api2_broken_authentication_5b840153.hurl delete mode 100644 cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_path_traversal_217a31ae.hurl delete mode 100644 cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_sqli_3e62652b.hurl delete mode 100644 cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_xss_69cf35a6.hurl delete mode 100644 cases/api_specs_service_branch_openapi_json_get_valid_request_with_all_required_fields_e159fefe.hurl delete mode 100644 cases/api_specs_service_branch_openapi_json_options_owasp_api8_cors_security_configura_ecd6daec.hurl delete mode 100644 cases/api_specs_service_versions_get_missing_required_param_branch_e71dd727.hurl delete mode 100644 cases/api_specs_service_versions_get_missing_required_param_service_95c1cee7.hurl delete mode 100644 cases/api_specs_service_versions_get_owasp_api2_broken_authentication_9b5eb037.hurl delete mode 100644 cases/api_specs_service_versions_get_owasp_api7_injection_path_traversal_106c80c0.hurl delete mode 100644 cases/api_specs_service_versions_get_owasp_api7_injection_sqli_ffc707f5.hurl delete mode 100644 cases/api_specs_service_versions_get_owasp_api7_injection_xss_cf42e9f4.hurl delete mode 100644 cases/api_specs_service_versions_get_valid_request_with_all_required_fields_f8bdece6.hurl delete mode 100644 cases/api_specs_service_versions_options_owasp_api8_cors_security_configuration_d622eda3.hurl delete mode 100644 cases/api_tokens_get_auth_chain_9d529cfb.hurl delete mode 100644 cases/api_tokens_get_owasp_api2_broken_authentication_dcecca87.hurl delete mode 100644 cases/api_tokens_get_valid_request_with_all_required_fields_abcd14ab.hurl delete mode 100644 cases/api_tokens_id_delete_idempotent_second_call_must_be_safe_ea338ec1.hurl delete mode 100644 cases/api_tokens_id_delete_idor_id_0_zero_id_d0e0481e.hurl delete mode 100644 cases/api_tokens_id_delete_idor_id_99999_alt_id_502920f7.hurl delete mode 100644 cases/api_tokens_id_delete_missing_required_param_id_c2abfd5e.hurl delete mode 100644 cases/api_tokens_id_delete_owasp_api1_bola_unauthorized_access_2d207a0d.hurl delete mode 100644 cases/api_tokens_id_delete_owasp_api2_broken_authentication_599ddef6.hurl delete mode 100644 cases/api_tokens_id_delete_owasp_api5_function_level_authorization_missing_fbedb9f1.hurl delete mode 100644 cases/api_tokens_id_delete_owasp_api7_injection_path_traversal_85b86fe3.hurl delete mode 100644 cases/api_tokens_id_delete_owasp_api7_injection_sqli_e54ea4ce.hurl delete mode 100644 cases/api_tokens_id_delete_owasp_api7_injection_xss_ebab5e69.hurl delete mode 100644 cases/api_tokens_id_delete_valid_request_with_all_required_fields_138640de.hurl delete mode 100644 cases/api_tokens_id_options_owasp_api8_cors_security_configuration_ba604e45.hurl delete mode 100644 cases/api_tokens_options_owasp_api8_cors_security_configuration_b009aaa0.hurl delete mode 100644 cases/api_tokens_post_field_boundary_name_invalid_below_min_107263c8.hurl delete mode 100644 cases/api_tokens_post_field_boundary_name_valid_min_041bf0da.hurl delete mode 100644 cases/api_tokens_post_idempotent_second_call_must_be_safe_85621889.hurl delete mode 100644 cases/api_tokens_post_invalid_name_empty_string_violates_minlength_1_b579ade9.hurl delete mode 100644 cases/api_tokens_post_invalid_scope_value_not_in_enum_a9cdb025.hurl delete mode 100644 cases/api_tokens_post_mass_assignment_financial_probe_b896a4fe.hurl delete mode 100644 cases/api_tokens_post_mass_assignment_identity_probe_b46880dc.hurl delete mode 100644 cases/api_tokens_post_mass_assignment_privilege_probe_2411ba2b.hurl delete mode 100644 cases/api_tokens_post_mass_assignment_status_probe_248852e9.hurl delete mode 100644 cases/api_tokens_post_missing_required_field_name_5566a91f.hurl delete mode 100644 cases/api_tokens_post_missing_required_field_name_75703d6a.hurl delete mode 100644 cases/api_tokens_post_missing_required_field_scope_6284c90d.hurl delete mode 100644 cases/api_tokens_post_missing_required_field_scope_aa18d499.hurl delete mode 100644 cases/api_tokens_post_mutation_name_empty_string_188465c8.hurl delete mode 100644 cases/api_tokens_post_mutation_name_integer_instead_of_string_30aabbdc.hurl delete mode 100644 cases/api_tokens_post_mutation_name_null_value_816809db.hurl delete mode 100644 cases/api_tokens_post_mutation_name_oversized_string_300_chars_8c9976d8.hurl delete mode 100644 cases/api_tokens_post_mutation_scope_empty_string_c8cd2aed.hurl delete mode 100644 cases/api_tokens_post_mutation_scope_integer_instead_of_string_745ea604.hurl delete mode 100644 cases/api_tokens_post_mutation_scope_null_value_75bc6e95.hurl delete mode 100644 cases/api_tokens_post_mutation_scope_oversized_string_300_chars_4d189659.hurl delete mode 100644 cases/api_tokens_post_name_at_max_plus_one_invalid_boundary_7b3217ba.hurl delete mode 100644 cases/api_tokens_post_name_at_max_valid_boundary_a0247f03.hurl delete mode 100644 cases/api_tokens_post_name_at_min_minus_one_invalid_boundary_d08f5a90.hurl delete mode 100644 cases/api_tokens_post_name_at_min_valid_boundary_1c063dd5.hurl delete mode 100644 cases/api_tokens_post_null_injection_name_97bd0c77.hurl delete mode 100644 cases/api_tokens_post_null_injection_scope_0b4d216c.hurl delete mode 100644 cases/api_tokens_post_owasp_api2_broken_authentication_9e6576d2.hurl delete mode 100644 cases/api_tokens_post_owasp_api6_mass_assignment_d9979992.hurl delete mode 100644 cases/api_tokens_post_owasp_api7_injection_path_traversal_26975d5c.hurl delete mode 100644 cases/api_tokens_post_owasp_api7_injection_sqli_1df31a27.hurl delete mode 100644 cases/api_tokens_post_owasp_api7_injection_xss_8157a3a5.hurl delete mode 100644 cases/api_tokens_post_required_omission_name_absent_b998dc1a.hurl delete mode 100644 cases/api_tokens_post_required_omission_scope_absent_fcb3e065.hurl delete mode 100644 cases/api_tokens_post_schema_violation_name_missing_required_c2cef5a1.hurl delete mode 100644 cases/api_tokens_post_schema_violation_name_too_short_bf65e63e.hurl delete mode 100644 cases/api_tokens_post_schema_violation_scope_invalid_enum_a6a38420.hurl delete mode 100644 cases/api_tokens_post_schema_violation_scope_missing_required_ad285328.hurl delete mode 100644 cases/api_tokens_post_type_coercion_name_wrong_type_boolean_bd1e61be.hurl delete mode 100644 cases/api_tokens_post_type_coercion_name_wrong_type_integer_9bc60d9a.hurl delete mode 100644 cases/api_tokens_post_type_coercion_scope_wrong_type_boolean_28d94662.hurl delete mode 100644 cases/api_tokens_post_type_coercion_scope_wrong_type_integer_9bf5d669.hurl delete mode 100644 cases/api_tokens_post_unicode_fuzzing_name_bidi_override_33a5a9d7.hurl delete mode 100644 cases/api_tokens_post_unicode_fuzzing_name_control_char_fc869137.hurl delete mode 100644 cases/api_tokens_post_unicode_fuzzing_name_overlong_4faf49f0.hurl delete mode 100644 cases/api_tokens_post_unicode_fuzzing_name_zalgo_431d2bbf.hurl delete mode 100644 cases/api_tokens_post_unicode_fuzzing_name_zero_width_6f9f1e83.hurl delete mode 100644 cases/api_tokens_post_unicode_fuzzing_scope_bidi_override_8643ca22.hurl delete mode 100644 cases/api_tokens_post_unicode_fuzzing_scope_control_char_0d728fca.hurl delete mode 100644 cases/api_tokens_post_unicode_fuzzing_scope_overlong_8adfe998.hurl delete mode 100644 cases/api_tokens_post_unicode_fuzzing_scope_zalgo_734aea93.hurl delete mode 100644 cases/api_tokens_post_unicode_fuzzing_scope_zero_width_6b8f84d1.hurl delete mode 100644 cases/api_tokens_post_valid_request_with_all_required_fields_6a65bf78.hurl delete mode 100644 cases/api_tokens_post_wrong_content_type_text_plain_b0b71990.hurl delete mode 100644 cases/api_tokens_sequence_chain_delete_api_admin_grants_id_e1324ddf.hurl delete mode 100644 cases/api_tokens_sequence_chain_delete_api_admin_users_id_60268ad8.hurl delete mode 100644 cases/api_tokens_sequence_chain_get_api_admin_teams_id_grants_f107e18d.hurl delete mode 100644 cases/api_tokens_sequence_chain_get_api_admin_teams_id_members_90e7f90e.hurl delete mode 100644 cases/api_tokens_sequence_chain_get_api_admin_teams_id_services_bda7e5b2.hurl delete mode 100644 cases/api_tokens_sequence_chain_post_api_admin_teams_id_grants_ba99a719.hurl delete mode 100644 cases/api_tokens_sequence_chain_post_api_admin_teams_id_members_714b8b84.hurl delete mode 100644 cases/api_tokens_sequence_chain_put_api_admin_services_serviceid_team_110b6d72.hurl delete mode 100644 cases/api_tokens_sequence_chain_put_api_admin_users_id_3028e37b.hurl delete mode 100644 cases/api_upload_options_owasp_api8_cors_security_configuration_65631595.hurl delete mode 100644 cases/api_upload_post_auth_chain_c60cf805.hurl delete mode 100644 cases/api_upload_post_branch_at_max_plus_one_invalid_boundary_62157365.hurl delete mode 100644 cases/api_upload_post_branch_at_max_valid_boundary_97d88ce9.hurl delete mode 100644 cases/api_upload_post_branch_at_min_minus_one_invalid_boundary_fa914b29.hurl delete mode 100644 cases/api_upload_post_branch_at_min_valid_boundary_4ca9c46c.hurl delete mode 100644 cases/api_upload_post_field_boundary_branch_invalid_below_min_e5764a68.hurl delete mode 100644 cases/api_upload_post_field_boundary_branch_valid_min_b8ed4386.hurl delete mode 100644 cases/api_upload_post_field_boundary_service_invalid_below_min_a957f4b8.hurl delete mode 100644 cases/api_upload_post_field_boundary_service_valid_min_db5c5368.hurl delete mode 100644 cases/api_upload_post_field_boundary_speccontent_invalid_below_min_ac1b6e26.hurl delete mode 100644 cases/api_upload_post_field_boundary_speccontent_valid_min_82713518.hurl delete mode 100644 cases/api_upload_post_idempotent_second_call_must_be_safe_dd638159.hurl delete mode 100644 cases/api_upload_post_invalid_branch_empty_string_violates_minlength_1_5eb7446c.hurl delete mode 100644 cases/api_upload_post_invalid_service_empty_string_violates_minlength_1_8389dd21.hurl delete mode 100644 cases/api_upload_post_invalid_speccontent_empty_string_violates_minlength_1_86ff6bd8.hurl delete mode 100644 cases/api_upload_post_mass_assignment_financial_probe_9794cdb0.hurl delete mode 100644 cases/api_upload_post_mass_assignment_identity_probe_398f4294.hurl delete mode 100644 cases/api_upload_post_mass_assignment_privilege_probe_eb8249c9.hurl delete mode 100644 cases/api_upload_post_mass_assignment_status_probe_0310fa1a.hurl delete mode 100644 cases/api_upload_post_missing_required_field_branch_33947120.hurl delete mode 100644 cases/api_upload_post_missing_required_field_branch_d756c10c.hurl delete mode 100644 cases/api_upload_post_missing_required_field_service_89850cfa.hurl delete mode 100644 cases/api_upload_post_missing_required_field_service_8f85caae.hurl delete mode 100644 cases/api_upload_post_missing_required_field_speccontent_1de0eefc.hurl delete mode 100644 cases/api_upload_post_missing_required_field_speccontent_fccdadb2.hurl delete mode 100644 cases/api_upload_post_mutation_branch_empty_string_cac690c1.hurl delete mode 100644 cases/api_upload_post_mutation_branch_integer_instead_of_string_416a96c1.hurl delete mode 100644 cases/api_upload_post_mutation_branch_null_value_9f510ed7.hurl delete mode 100644 cases/api_upload_post_mutation_branch_oversized_string_300_chars_75d60dab.hurl delete mode 100644 cases/api_upload_post_mutation_commitsha_empty_string_f30e852c.hurl delete mode 100644 cases/api_upload_post_mutation_commitsha_integer_instead_of_string_b1212f34.hurl delete mode 100644 cases/api_upload_post_mutation_commitsha_null_value_0c1c92bd.hurl delete mode 100644 cases/api_upload_post_mutation_commitsha_oversized_string_300_chars_fdaf954a.hurl delete mode 100644 cases/api_upload_post_mutation_service_empty_string_6f0a4261.hurl delete mode 100644 cases/api_upload_post_mutation_service_null_value_7805eead.hurl delete mode 100644 cases/api_upload_post_null_injection_branch_5151a7d3.hurl delete mode 100644 cases/api_upload_post_null_injection_commitsha_e9eaa8fd.hurl delete mode 100644 cases/api_upload_post_null_injection_service_b8cf0920.hurl delete mode 100644 cases/api_upload_post_null_injection_speccontent_fef2ed50.hurl delete mode 100644 cases/api_upload_post_owasp_api2_broken_authentication_4c9fd28e.hurl delete mode 100644 cases/api_upload_post_owasp_api6_mass_assignment_bcf8922c.hurl delete mode 100644 cases/api_upload_post_owasp_api7_injection_path_traversal_553f4f51.hurl delete mode 100644 cases/api_upload_post_owasp_api7_injection_sqli_b528a6e6.hurl delete mode 100644 cases/api_upload_post_owasp_api7_injection_xss_81a2a747.hurl delete mode 100644 cases/api_upload_post_required_omission_branch_absent_893f33e4.hurl delete mode 100644 cases/api_upload_post_required_omission_service_absent_f4726c9d.hurl delete mode 100644 cases/api_upload_post_required_omission_speccontent_absent_196e600f.hurl delete mode 100644 cases/api_upload_post_schema_violation_branch_missing_required_381d4381.hurl delete mode 100644 cases/api_upload_post_schema_violation_branch_too_short_76d8b912.hurl delete mode 100644 cases/api_upload_post_schema_violation_service_missing_required_72938c30.hurl delete mode 100644 cases/api_upload_post_schema_violation_service_too_short_40be94ec.hurl delete mode 100644 cases/api_upload_post_schema_violation_speccontent_missing_required_555257e2.hurl delete mode 100644 cases/api_upload_post_schema_violation_speccontent_too_short_af512611.hurl delete mode 100644 cases/api_upload_post_service_at_max_plus_one_invalid_boundary_ad5debd5.hurl delete mode 100644 cases/api_upload_post_service_at_max_valid_boundary_3cd9de74.hurl delete mode 100644 cases/api_upload_post_service_at_min_minus_one_invalid_boundary_c9639729.hurl delete mode 100644 cases/api_upload_post_service_at_min_valid_boundary_fa5f2879.hurl delete mode 100644 cases/api_upload_post_speccontent_at_max_plus_one_invalid_boundary_dbbfdc22.hurl delete mode 100644 cases/api_upload_post_speccontent_at_max_valid_boundary_201ba23b.hurl delete mode 100644 cases/api_upload_post_speccontent_at_min_minus_one_invalid_boundary_b6f8003e.hurl delete mode 100644 cases/api_upload_post_speccontent_at_min_valid_boundary_edc8ded2.hurl delete mode 100644 cases/api_upload_post_type_coercion_branch_wrong_type_boolean_e00401a8.hurl delete mode 100644 cases/api_upload_post_type_coercion_branch_wrong_type_integer_6a08feec.hurl delete mode 100644 cases/api_upload_post_type_coercion_commitsha_wrong_type_boolean_16cf9e5b.hurl delete mode 100644 cases/api_upload_post_type_coercion_commitsha_wrong_type_integer_b806224f.hurl delete mode 100644 cases/api_upload_post_type_coercion_service_wrong_type_boolean_240bdc53.hurl delete mode 100644 cases/api_upload_post_type_coercion_service_wrong_type_integer_07462c7f.hurl delete mode 100644 cases/api_upload_post_type_coercion_speccontent_wrong_type_boolean_4a28e8ae.hurl delete mode 100644 cases/api_upload_post_type_coercion_speccontent_wrong_type_integer_bbde20a6.hurl delete mode 100644 cases/api_upload_post_unicode_fuzzing_branch_bidi_override_09b46ba6.hurl delete mode 100644 cases/api_upload_post_unicode_fuzzing_branch_control_char_eb8a46bc.hurl delete mode 100644 cases/api_upload_post_unicode_fuzzing_branch_overlong_8ecf3f52.hurl delete mode 100644 cases/api_upload_post_unicode_fuzzing_branch_zalgo_3c16d4b3.hurl delete mode 100644 cases/api_upload_post_unicode_fuzzing_branch_zero_width_d4d96d5e.hurl delete mode 100644 cases/api_upload_post_unicode_fuzzing_commitsha_bidi_override_471fcaef.hurl delete mode 100644 cases/api_upload_post_unicode_fuzzing_commitsha_control_char_1e3b28af.hurl delete mode 100644 cases/api_upload_post_unicode_fuzzing_commitsha_overlong_d3d69da1.hurl delete mode 100644 cases/api_upload_post_unicode_fuzzing_commitsha_zalgo_f298d13c.hurl delete mode 100644 cases/api_upload_post_unicode_fuzzing_commitsha_zero_width_e4c96b76.hurl delete mode 100644 cases/api_upload_post_unicode_fuzzing_service_bidi_override_71d03103.hurl delete mode 100644 cases/api_upload_post_unicode_fuzzing_service_control_char_76fd376c.hurl delete mode 100644 cases/api_upload_post_unicode_fuzzing_service_overlong_4e0cc0d2.hurl delete mode 100644 cases/api_upload_post_unicode_fuzzing_service_zalgo_7d8cc30e.hurl delete mode 100644 cases/api_upload_post_unicode_fuzzing_service_zero_width_f8f99bf7.hurl delete mode 100644 cases/api_upload_post_unicode_fuzzing_speccontent_bidi_override_131ad5f4.hurl delete mode 100644 cases/api_upload_post_unicode_fuzzing_speccontent_control_char_7ff8ca85.hurl delete mode 100644 cases/api_upload_post_unicode_fuzzing_speccontent_overlong_40f1423f.hurl delete mode 100644 cases/api_upload_post_unicode_fuzzing_speccontent_zalgo_6b2db722.hurl delete mode 100644 cases/api_upload_post_unicode_fuzzing_speccontent_zero_width_7ac120c3.hurl delete mode 100644 cases/api_upload_post_valid_request_with_all_required_fields_e3da0de9.hurl delete mode 100644 cases/api_upload_post_wrong_content_type_text_plain_863dd501.hurl delete mode 100644 cases/api_upload_sequence_chain_get_api_specs_service_branch_openapi_json_8c25506c.hurl delete mode 100644 cases/api_upload_sequence_chain_put_api_admin_services_serviceid_team_f88dc931.hurl delete mode 100644 cases/auth_login_options_owasp_api8_cors_security_configuration_09111fdc.hurl delete mode 100644 cases/auth_login_post_idempotent_second_call_must_be_safe_dc706f80.hurl delete mode 100644 cases/auth_login_post_invalid_email_invalid_email_format_2286db52.hurl delete mode 100644 cases/auth_login_post_mass_assignment_financial_probe_5bcafac5.hurl delete mode 100644 cases/auth_login_post_mass_assignment_identity_probe_4c0c3203.hurl delete mode 100644 cases/auth_login_post_mass_assignment_privilege_probe_f4f54666.hurl delete mode 100644 cases/auth_login_post_mass_assignment_status_probe_f197447f.hurl delete mode 100644 cases/auth_login_post_missing_required_field_email_4cc99b0c.hurl delete mode 100644 cases/auth_login_post_missing_required_field_email_9b253ab6.hurl delete mode 100644 cases/auth_login_post_missing_required_field_password_70187e79.hurl delete mode 100644 cases/auth_login_post_missing_required_field_password_a6bbbeb7.hurl delete mode 100644 cases/auth_login_post_mutation_email_empty_string_81062c2f.hurl delete mode 100644 cases/auth_login_post_mutation_email_integer_instead_of_string_d7ccf79e.hurl delete mode 100644 cases/auth_login_post_mutation_email_invalid_email_format_6926df81.hurl delete mode 100644 cases/auth_login_post_mutation_email_null_value_b5693707.hurl delete mode 100644 cases/auth_login_post_mutation_email_oversized_string_300_chars_7f53df98.hurl delete mode 100644 cases/auth_login_post_mutation_password_empty_string_a0ca01b6.hurl delete mode 100644 cases/auth_login_post_mutation_password_integer_instead_of_string_f16c5d8d.hurl delete mode 100644 cases/auth_login_post_mutation_password_null_value_b531d0ea.hurl delete mode 100644 cases/auth_login_post_mutation_password_oversized_string_300_chars_acbb9354.hurl delete mode 100644 cases/auth_login_post_null_injection_email_a1de0446.hurl delete mode 100644 cases/auth_login_post_null_injection_password_191c3a5b.hurl delete mode 100644 cases/auth_login_post_owasp_api6_mass_assignment_09c747ae.hurl delete mode 100644 cases/auth_login_post_owasp_api7_injection_path_traversal_c3fc26dc.hurl delete mode 100644 cases/auth_login_post_owasp_api7_injection_sqli_504b6c9e.hurl delete mode 100644 cases/auth_login_post_owasp_api7_injection_xss_d41b3855.hurl delete mode 100644 cases/auth_login_post_required_omission_email_absent_3eaacfef.hurl delete mode 100644 cases/auth_login_post_required_omission_password_absent_0a64a19d.hurl delete mode 100644 cases/auth_login_post_schema_violation_email_invalid_format_email_891b32a4.hurl delete mode 100644 cases/auth_login_post_schema_violation_email_missing_required_46bb3d69.hurl delete mode 100644 cases/auth_login_post_schema_violation_password_missing_required_5bddd51c.hurl delete mode 100644 cases/auth_login_post_type_coercion_email_wrong_type_boolean_91a4d98b.hurl delete mode 100644 cases/auth_login_post_type_coercion_email_wrong_type_integer_2e0174b6.hurl delete mode 100644 cases/auth_login_post_type_coercion_password_wrong_type_boolean_5c25d6d2.hurl delete mode 100644 cases/auth_login_post_type_coercion_password_wrong_type_integer_28167496.hurl delete mode 100644 cases/auth_login_post_unicode_fuzzing_email_bidi_override_08bd8265.hurl delete mode 100644 cases/auth_login_post_unicode_fuzzing_email_control_char_ce646cde.hurl delete mode 100644 cases/auth_login_post_unicode_fuzzing_email_overlong_1951562a.hurl delete mode 100644 cases/auth_login_post_unicode_fuzzing_email_zalgo_1091cce6.hurl delete mode 100644 cases/auth_login_post_unicode_fuzzing_email_zero_width_e4c515d2.hurl delete mode 100644 cases/auth_login_post_unicode_fuzzing_password_bidi_override_dc3d45d4.hurl delete mode 100644 cases/auth_login_post_unicode_fuzzing_password_control_char_3fbdbf7e.hurl delete mode 100644 cases/auth_login_post_unicode_fuzzing_password_overlong_b2225a4c.hurl delete mode 100644 cases/auth_login_post_unicode_fuzzing_password_zalgo_7329e86c.hurl delete mode 100644 cases/auth_login_post_unicode_fuzzing_password_zero_width_4e879dad.hurl delete mode 100644 cases/auth_login_post_valid_request_with_all_required_fields_486e8c2a.hurl delete mode 100644 cases/auth_login_post_wrong_content_type_text_plain_ea0be7b9.hurl delete mode 100644 cases/auth_login_sequence_chain_delete_api_admin_grants_id_2db91768.hurl delete mode 100644 cases/auth_login_sequence_chain_delete_api_admin_users_id_8192e6ba.hurl delete mode 100644 cases/auth_login_sequence_chain_get_api_admin_teams_id_grants_4f853ed4.hurl delete mode 100644 cases/auth_login_sequence_chain_get_api_admin_teams_id_members_315cb6bf.hurl delete mode 100644 cases/auth_login_sequence_chain_get_api_admin_teams_id_services_ccf62dd8.hurl delete mode 100644 cases/auth_login_sequence_chain_post_api_admin_teams_id_grants_ba58927e.hurl delete mode 100644 cases/auth_login_sequence_chain_post_api_admin_teams_id_members_b9578186.hurl delete mode 100644 cases/auth_login_sequence_chain_put_api_admin_users_id_4e754ff4.hurl delete mode 100644 cases/auth_logout_options_owasp_api8_cors_security_configuration_86522697.hurl delete mode 100644 cases/auth_logout_post_idempotent_second_call_must_be_safe_cf0be90a.hurl delete mode 100644 cases/auth_logout_post_valid_request_with_all_required_fields_a517ccf9.hurl delete mode 100644 cases/auth_register_options_owasp_api8_cors_security_configuration_2f9039a1.hurl delete mode 100644 cases/auth_register_post_auth_chain_46922b8d.hurl delete mode 100644 cases/auth_register_post_field_boundary_password_invalid_below_min_29d13f96.hurl delete mode 100644 cases/auth_register_post_field_boundary_password_valid_min_31e0ac94.hurl delete mode 100644 cases/auth_register_post_idempotent_second_call_must_be_safe_d4349959.hurl delete mode 100644 cases/auth_register_post_invalid_email_invalid_email_format_8449b518.hurl delete mode 100644 cases/auth_register_post_invalid_password_empty_string_violates_minlength_8_cf64a6d3.hurl delete mode 100644 cases/auth_register_post_mass_assignment_financial_probe_9b577a9f.hurl delete mode 100644 cases/auth_register_post_mass_assignment_identity_probe_be5d4ca2.hurl delete mode 100644 cases/auth_register_post_mass_assignment_privilege_probe_065d2087.hurl delete mode 100644 cases/auth_register_post_mass_assignment_status_probe_cabe7291.hurl delete mode 100644 cases/auth_register_post_missing_required_field_email_445d8b1f.hurl delete mode 100644 cases/auth_register_post_missing_required_field_email_cae39bb3.hurl delete mode 100644 cases/auth_register_post_missing_required_field_password_31707ae5.hurl delete mode 100644 cases/auth_register_post_missing_required_field_password_72f7ecb7.hurl delete mode 100644 cases/auth_register_post_mutation_email_empty_string_b9e7832e.hurl delete mode 100644 cases/auth_register_post_mutation_email_integer_instead_of_string_00b95383.hurl delete mode 100644 cases/auth_register_post_mutation_email_invalid_email_format_7c859b9c.hurl delete mode 100644 cases/auth_register_post_mutation_email_null_value_6da4f717.hurl delete mode 100644 cases/auth_register_post_mutation_email_oversized_string_300_chars_3dfbbb02.hurl delete mode 100644 cases/auth_register_post_mutation_password_empty_string_f66d6ba8.hurl delete mode 100644 cases/auth_register_post_mutation_password_integer_instead_of_string_85af6488.hurl delete mode 100644 cases/auth_register_post_mutation_password_null_value_8df134ff.hurl delete mode 100644 cases/auth_register_post_mutation_password_oversized_string_300_chars_ffcd46cb.hurl delete mode 100644 cases/auth_register_post_null_injection_email_031620b5.hurl delete mode 100644 cases/auth_register_post_null_injection_password_dc0c76f3.hurl delete mode 100644 cases/auth_register_post_owasp_api2_broken_authentication_e8a47f18.hurl delete mode 100644 cases/auth_register_post_owasp_api6_mass_assignment_900b6a9f.hurl delete mode 100644 cases/auth_register_post_owasp_api7_injection_path_traversal_2f3c6761.hurl delete mode 100644 cases/auth_register_post_owasp_api7_injection_sqli_ff6e6a6b.hurl delete mode 100644 cases/auth_register_post_owasp_api7_injection_xss_368fd7b5.hurl delete mode 100644 cases/auth_register_post_password_at_max_plus_one_invalid_boundary_0de23fb9.hurl delete mode 100644 cases/auth_register_post_password_at_max_valid_boundary_b381fdb9.hurl delete mode 100644 cases/auth_register_post_password_at_min_minus_one_invalid_boundary_15e47d10.hurl delete mode 100644 cases/auth_register_post_password_at_min_valid_boundary_0f0b429e.hurl delete mode 100644 cases/auth_register_post_required_omission_email_absent_b724df31.hurl delete mode 100644 cases/auth_register_post_required_omission_password_absent_3d6d9a7d.hurl delete mode 100644 cases/auth_register_post_schema_violation_email_invalid_format_email_75e2908b.hurl delete mode 100644 cases/auth_register_post_schema_violation_email_missing_required_95b20a12.hurl delete mode 100644 cases/auth_register_post_schema_violation_password_missing_required_88fb391a.hurl delete mode 100644 cases/auth_register_post_schema_violation_password_too_short_225366e2.hurl delete mode 100644 cases/auth_register_post_type_coercion_email_wrong_type_boolean_cff3b5ee.hurl delete mode 100644 cases/auth_register_post_type_coercion_email_wrong_type_integer_c40fa64f.hurl delete mode 100644 cases/auth_register_post_type_coercion_password_wrong_type_boolean_4af1b36a.hurl delete mode 100644 cases/auth_register_post_type_coercion_password_wrong_type_integer_4a32c12b.hurl delete mode 100644 cases/auth_register_post_unicode_fuzzing_email_bidi_override_cd50c303.hurl delete mode 100644 cases/auth_register_post_unicode_fuzzing_email_control_char_619e4131.hurl delete mode 100644 cases/auth_register_post_unicode_fuzzing_email_overlong_aea85ac5.hurl delete mode 100644 cases/auth_register_post_unicode_fuzzing_email_zalgo_67eec10b.hurl delete mode 100644 cases/auth_register_post_unicode_fuzzing_email_zero_width_c30816fe.hurl delete mode 100644 cases/auth_register_post_unicode_fuzzing_password_bidi_override_28ca4955.hurl delete mode 100644 cases/auth_register_post_unicode_fuzzing_password_control_char_cd54b4b0.hurl delete mode 100644 cases/auth_register_post_unicode_fuzzing_password_overlong_3ac12861.hurl delete mode 100644 cases/auth_register_post_unicode_fuzzing_password_zalgo_ab0475dc.hurl delete mode 100644 cases/auth_register_post_unicode_fuzzing_password_zero_width_e4e8966c.hurl delete mode 100644 cases/auth_register_post_valid_request_with_all_required_fields_787a33be.hurl delete mode 100644 cases/auth_register_post_wrong_content_type_text_plain_9cf203de.hurl delete mode 100644 cases/auth_register_sequence_chain_delete_api_admin_grants_id_465a3cf5.hurl delete mode 100644 cases/auth_register_sequence_chain_delete_api_admin_users_id_b3bffa74.hurl delete mode 100644 cases/auth_register_sequence_chain_get_api_admin_teams_id_grants_a05de11b.hurl delete mode 100644 cases/auth_register_sequence_chain_get_api_admin_teams_id_members_b5dca30c.hurl delete mode 100644 cases/auth_register_sequence_chain_get_api_admin_teams_id_services_344df791.hurl delete mode 100644 cases/auth_register_sequence_chain_post_api_admin_teams_id_grants_10533daf.hurl delete mode 100644 cases/auth_register_sequence_chain_post_api_admin_teams_id_members_98e576b1.hurl delete mode 100644 cases/auth_register_sequence_chain_put_api_admin_users_id_0c6076ab.hurl delete mode 100644 cases/index.json delete mode 100644 cmd/cases/index.json delete mode 100644 cmd/cases/users_post_create_and_retrieve_user_8a91cfff.hurl delete mode 100644 cmd/cases/users_post_create_duplicate_user_62e19623.hurl delete mode 100644 cmd/cases/users_post_create_duplicate_user_with_existing_email_7c11147b.hurl delete mode 100644 cmd/cases/users_post_create_user_and_retrieve_it_f9ba7a73.hurl delete mode 100644 cmd/cases/users_post_create_user_missing_required_fields_053ab84f.hurl delete mode 100644 cmd/cases/users_post_create_user_missing_required_fields_8b269035.hurl delete mode 100644 cmd/cases/users_post_create_user_missing_required_fields_d374ddbf.hurl delete mode 100644 cmd/cases/users_post_create_user_missing_required_fields_e321037a.hurl delete mode 100644 cmd/cases/users_post_create_user_missing_required_name_field_20f71db2.hurl delete mode 100644 cmd/cases/users_post_create_user_successfully_with_valid_data_6bdcfc62.hurl delete mode 100644 cmd/cases/users_post_create_user_successfully_with_valid_data_d6d2f9b6.hurl delete mode 100644 cmd/cases/users_post_create_user_successfully_with_valid_data_ed41be39.hurl delete mode 100644 cmd/cases/users_post_create_user_with_all_required_fields_ca607f38.hurl delete mode 100644 cmd/cases/users_post_create_user_with_duplicate_email_0be9ec08.hurl delete mode 100644 cmd/cases/users_post_create_user_with_duplicate_email_14bec37e.hurl delete mode 100644 cmd/cases/users_post_create_user_with_duplicate_email_16b5e1af.hurl delete mode 100644 cmd/cases/users_post_create_user_with_duplicate_email_2143a276.hurl delete mode 100644 cmd/cases/users_post_create_user_with_duplicate_email_4540500f.hurl delete mode 100644 cmd/cases/users_post_create_user_with_duplicate_email_847c5ec7.hurl delete mode 100644 cmd/cases/users_post_create_user_with_duplicate_email_855ae92d.hurl delete mode 100644 cmd/cases/users_post_create_user_with_duplicate_email_d50aa5de.hurl delete mode 100644 cmd/cases/users_post_create_user_with_duplicate_email_ec600d0b.hurl delete mode 100644 cmd/cases/users_post_create_user_with_empty_body_563fc76d.hurl delete mode 100644 cmd/cases/users_post_create_user_with_empty_request_body_1f9b1832.hurl delete mode 100644 cmd/cases/users_post_create_user_with_empty_request_body_403e1b49.hurl delete mode 100644 cmd/cases/users_post_create_user_with_empty_request_body_5b591edb.hurl delete mode 100644 cmd/cases/users_post_create_user_with_empty_request_body_5d3eb006.hurl delete mode 100644 cmd/cases/users_post_create_user_with_empty_request_body_6d5b6c22.hurl delete mode 100644 cmd/cases/users_post_create_user_with_empty_request_body_ae7a9790.hurl delete mode 100644 cmd/cases/users_post_create_user_with_empty_request_body_b9201ec1.hurl delete mode 100644 cmd/cases/users_post_create_user_with_empty_request_body_d4ebbcfb.hurl delete mode 100644 cmd/cases/users_post_create_user_with_empty_request_body_dca30578.hurl delete mode 100644 cmd/cases/users_post_create_user_with_invalid_email_format_12d150e0.hurl delete mode 100644 cmd/cases/users_post_create_user_with_invalid_email_format_1b915f1c.hurl delete mode 100644 cmd/cases/users_post_create_user_with_invalid_email_format_3c84dd5d.hurl delete mode 100644 cmd/cases/users_post_create_user_with_invalid_email_format_4987e0c9.hurl delete mode 100644 cmd/cases/users_post_create_user_with_invalid_email_format_802bab4d.hurl delete mode 100644 cmd/cases/users_post_create_user_with_invalid_email_format_a76df09a.hurl delete mode 100644 cmd/cases/users_post_create_user_with_invalid_email_format_c4f2a558.hurl delete mode 100644 cmd/cases/users_post_create_user_with_invalid_email_format_c93fd0f2.hurl delete mode 100644 cmd/cases/users_post_create_user_with_invalid_email_format_e753478f.hurl delete mode 100644 cmd/cases/users_post_create_user_with_invalid_email_format_ebabbba7.hurl delete mode 100644 cmd/cases/users_post_create_user_with_invalid_email_format_ee2ea20f.hurl delete mode 100644 cmd/cases/users_post_create_user_with_minimal_fields_4626dbf0.hurl delete mode 100644 cmd/cases/users_post_create_user_with_minimal_required_fields_272780ec.hurl delete mode 100644 cmd/cases/users_post_create_user_with_minimal_required_fields_6cad6219.hurl delete mode 100644 cmd/cases/users_post_create_user_with_minimal_required_fields_9bb38a6e.hurl delete mode 100644 cmd/cases/users_post_create_user_with_missing_required_fields_088af62f.hurl delete mode 100644 cmd/cases/users_post_create_user_with_missing_required_fields_3e271201.hurl delete mode 100644 cmd/cases/users_post_create_user_with_missing_required_fields_a1a407ac.hurl delete mode 100644 cmd/cases/users_post_create_user_with_missing_required_fields_cca11513.hurl delete mode 100644 cmd/cases/users_post_create_user_with_missing_required_fields_d11763fa.hurl delete mode 100644 cmd/cases/users_post_create_user_with_missing_required_fields_f2b440ff.hurl delete mode 100644 cmd/cases/users_post_create_user_with_password_too_short_6585f31e.hurl delete mode 100644 cmd/cases/users_post_create_user_with_valid_data_0add7ad1.hurl delete mode 100644 cmd/cases/users_post_create_user_with_valid_data_0b80c623.hurl delete mode 100644 cmd/cases/users_post_create_user_with_valid_data_168ded86.hurl delete mode 100644 cmd/cases/users_post_create_user_with_valid_data_1bc07161.hurl delete mode 100644 cmd/cases/users_post_create_user_with_valid_data_23ae4070.hurl delete mode 100644 cmd/cases/users_post_create_user_with_valid_data_2a7542be.hurl delete mode 100644 cmd/cases/users_post_create_user_with_valid_data_405b1cc7.hurl delete mode 100644 cmd/cases/users_post_create_user_with_valid_data_42336db4.hurl delete mode 100644 cmd/cases/users_post_create_user_with_valid_data_66eaac33.hurl delete mode 100644 cmd/cases/users_post_create_user_with_valid_data_7bd9e5f4.hurl delete mode 100644 cmd/cases/users_post_create_user_with_valid_data_8d1e56af.hurl delete mode 100644 cmd/cases/users_post_create_user_with_valid_data_d820dbc4.hurl delete mode 100644 cmd/cases/users_post_create_user_with_valid_data_ef5c32e1.hurl delete mode 100644 cmd/cases/users_post_create_user_with_valid_data_f4fc91e0.hurl delete mode 100644 cmd/cases/users_post_create_user_with_weak_password_066b5eb6.hurl delete mode 100644 cmd/cases/users_post_create_user_with_weak_password_4414257a.hurl delete mode 100644 cmd/cases/users_post_create_user_with_weak_password_61182975.hurl delete mode 100644 cmd/cases/users_post_create_user_with_weak_password_927b5196.hurl delete mode 100644 cmd/cases/users_post_create_user_with_weak_password_ad27efeb.hurl delete mode 100644 cmd/cases/users_post_create_user_with_weak_password_e00f7c68.hurl delete mode 100644 cmd/cases/users_post_create_user_with_weak_password_e83267a6.hurl delete mode 100644 cmd/cases/users_post_create_user_with_weak_password_f80ddbdb.hurl delete mode 100644 cmd/cases/users_post_create_user_without_authentication_token_dd3e5af5.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_duplicate_user_027c26b3.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_duplicate_user_9b4f9a72.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_6c2e4ea0.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_78c9e99f.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_b9e88eb8.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_duplicate_email_004d19bc.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_duplicate_email_865cada7.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_empty_request_body_84405873.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_empty_request_body_9787221a.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_empty_request_body_9fa1c233.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_empty_request_body_cea3990a.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_1ba1acf6.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_2bd6ea23.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_354a4ea6.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_5204b57a.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_71d8d257.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_984e56e9.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_a2bd888d.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_missing_email_9984528c.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_missing_email_e1e9b7f8.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_00b8cf47.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_8a424b35.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_8eba8f6c.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_9be782de.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_c122d03b.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_weak_password_3cf31478.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_weak_password_5278686c.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_weak_password_91adc9f5.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_weak_password_a8b3ff8c.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_with_weak_password_ac0b807a.hurl delete mode 100644 cmd/cases/users_post_fail_to_create_user_without_authentication_127085f6.hurl delete mode 100644 cmd/reports/dea-report.json diff --git a/.gitignore b/.gitignore index a3792ca..17a2cdd 100644 --- a/.gitignore +++ b/.gitignore @@ -41,3 +41,6 @@ docs/design/ # Build output bin/ + +# Generated test case output (caseforge gen default output dir) +cases/ diff --git a/cases/api_admin_audit_logs_get_auth_chain_4b81d9bb.hurl b/cases/api_admin_audit_logs_get_auth_chain_4b81d9bb.hurl deleted file mode 100644 index 84fe91b..0000000 --- a/cases/api_admin_audit_logs_get_auth_chain_4b81d9bb.hurl +++ /dev/null @@ -1,44 +0,0 @@ -# ══════════════════════════════════════════════════ -# auth chain: GET /api/admin/audit-logs -# case_id=TC-4b81d9bb -# case_name=auth chain: GET /api/admin/audit-logs -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── authenticate via POST /api/tokens [setup] ── -# step_id=step-auth -# step_type=setup -# title=authenticate via POST /api/tokens - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Jakob Jensen", - "scope": "write" -} -``` - -HTTP * - -[Captures] -authToken: jsonpath "$.token" - -[Asserts] -status < 300 - -# ── GET /api/admin/audit-logs with auth token [test] ── -# step_id=step-test -# step_type=test -# title=GET /api/admin/audit-logs with auth token -# depends_on=step-auth - -GET {{base_url}}/api/admin/audit-logs -Authorization: Bearer {{authToken}} - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_audit_logs_get_classification_tree_row_10_action_user_disabled_e73ed081.hurl b/cases/api_admin_audit_logs_get_classification_tree_row_10_action_user_disabled_e73ed081.hurl deleted file mode 100644 index e2f2619..0000000 --- a/cases/api_admin_audit_logs_get_classification_tree_row_10_action_user_disabled_e73ed081.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── GET /api/admin/audit-logs - classification tree row 10: [action=user_disabled] ── -# case_id=TC-e73ed081 -# case_name=GET /api/admin/audit-logs - classification tree row 10: [action=user_disabled] -# step_id=step-main -# step_type=test -# technique=classification_tree -# priority=P2 - -GET {{base_url}}/api/admin/audit-logs?action=user_disabled - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_audit_logs_get_classification_tree_row_11_action_team_created_a820fea5.hurl b/cases/api_admin_audit_logs_get_classification_tree_row_11_action_team_created_a820fea5.hurl deleted file mode 100644 index a58826e..0000000 --- a/cases/api_admin_audit_logs_get_classification_tree_row_11_action_team_created_a820fea5.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── GET /api/admin/audit-logs - classification tree row 11: [action=team_created] ── -# case_id=TC-a820fea5 -# case_name=GET /api/admin/audit-logs - classification tree row 11: [action=team_created] -# step_id=step-main -# step_type=test -# technique=classification_tree -# priority=P2 - -GET {{base_url}}/api/admin/audit-logs?action=team_created - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_audit_logs_get_classification_tree_row_1_action_login_80f9a912.hurl b/cases/api_admin_audit_logs_get_classification_tree_row_1_action_login_80f9a912.hurl deleted file mode 100644 index 2897e7c..0000000 --- a/cases/api_admin_audit_logs_get_classification_tree_row_1_action_login_80f9a912.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── GET /api/admin/audit-logs - classification tree row 1: [action=login] ── -# case_id=TC-80f9a912 -# case_name=GET /api/admin/audit-logs - classification tree row 1: [action=login] -# step_id=step-main -# step_type=test -# technique=classification_tree -# priority=P2 - -GET {{base_url}}/api/admin/audit-logs?action=login - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_audit_logs_get_classification_tree_row_2_action_spec_uploaded_ee7cf268.hurl b/cases/api_admin_audit_logs_get_classification_tree_row_2_action_spec_uploaded_ee7cf268.hurl deleted file mode 100644 index f0771ef..0000000 --- a/cases/api_admin_audit_logs_get_classification_tree_row_2_action_spec_uploaded_ee7cf268.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── GET /api/admin/audit-logs - classification tree row 2: [action=spec_uploaded] ── -# case_id=TC-ee7cf268 -# case_name=GET /api/admin/audit-logs - classification tree row 2: [action=spec_uploaded] -# step_id=step-main -# step_type=test -# technique=classification_tree -# priority=P2 - -GET {{base_url}}/api/admin/audit-logs?action=spec_uploaded - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_audit_logs_get_classification_tree_row_3_action_spec_updated_df4697d4.hurl b/cases/api_admin_audit_logs_get_classification_tree_row_3_action_spec_updated_df4697d4.hurl deleted file mode 100644 index 7a651e3..0000000 --- a/cases/api_admin_audit_logs_get_classification_tree_row_3_action_spec_updated_df4697d4.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── GET /api/admin/audit-logs - classification tree row 3: [action=spec_updated] ── -# case_id=TC-df4697d4 -# case_name=GET /api/admin/audit-logs - classification tree row 3: [action=spec_updated] -# step_id=step-main -# step_type=test -# technique=classification_tree -# priority=P2 - -GET {{base_url}}/api/admin/audit-logs?action=spec_updated - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_audit_logs_get_classification_tree_row_4_action_service_deleted_ba4c28cb.hurl b/cases/api_admin_audit_logs_get_classification_tree_row_4_action_service_deleted_ba4c28cb.hurl deleted file mode 100644 index 140c867..0000000 --- a/cases/api_admin_audit_logs_get_classification_tree_row_4_action_service_deleted_ba4c28cb.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── GET /api/admin/audit-logs - classification tree row 4: [action=service_deleted] ── -# case_id=TC-ba4c28cb -# case_name=GET /api/admin/audit-logs - classification tree row 4: [action=service_deleted] -# step_id=step-main -# step_type=test -# technique=classification_tree -# priority=P2 - -GET {{base_url}}/api/admin/audit-logs?action=service_deleted - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_audit_logs_get_classification_tree_row_5_action_grant_created_2874616a.hurl b/cases/api_admin_audit_logs_get_classification_tree_row_5_action_grant_created_2874616a.hurl deleted file mode 100644 index b74d1ea..0000000 --- a/cases/api_admin_audit_logs_get_classification_tree_row_5_action_grant_created_2874616a.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── GET /api/admin/audit-logs - classification tree row 5: [action=grant_created] ── -# case_id=TC-2874616a -# case_name=GET /api/admin/audit-logs - classification tree row 5: [action=grant_created] -# step_id=step-main -# step_type=test -# technique=classification_tree -# priority=P2 - -GET {{base_url}}/api/admin/audit-logs?action=grant_created - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_audit_logs_get_classification_tree_row_6_action_grant_revoked_4511e41f.hurl b/cases/api_admin_audit_logs_get_classification_tree_row_6_action_grant_revoked_4511e41f.hurl deleted file mode 100644 index bcaba70..0000000 --- a/cases/api_admin_audit_logs_get_classification_tree_row_6_action_grant_revoked_4511e41f.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── GET /api/admin/audit-logs - classification tree row 6: [action=grant_revoked] ── -# case_id=TC-4511e41f -# case_name=GET /api/admin/audit-logs - classification tree row 6: [action=grant_revoked] -# step_id=step-main -# step_type=test -# technique=classification_tree -# priority=P2 - -GET {{base_url}}/api/admin/audit-logs?action=grant_revoked - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_audit_logs_get_classification_tree_row_7_action_token_created_e290ff04.hurl b/cases/api_admin_audit_logs_get_classification_tree_row_7_action_token_created_e290ff04.hurl deleted file mode 100644 index 20b4c48..0000000 --- a/cases/api_admin_audit_logs_get_classification_tree_row_7_action_token_created_e290ff04.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── GET /api/admin/audit-logs - classification tree row 7: [action=token_created] ── -# case_id=TC-e290ff04 -# case_name=GET /api/admin/audit-logs - classification tree row 7: [action=token_created] -# step_id=step-main -# step_type=test -# technique=classification_tree -# priority=P2 - -GET {{base_url}}/api/admin/audit-logs?action=token_created - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_audit_logs_get_classification_tree_row_8_action_token_revoked_5a6e9137.hurl b/cases/api_admin_audit_logs_get_classification_tree_row_8_action_token_revoked_5a6e9137.hurl deleted file mode 100644 index 28d1333..0000000 --- a/cases/api_admin_audit_logs_get_classification_tree_row_8_action_token_revoked_5a6e9137.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── GET /api/admin/audit-logs - classification tree row 8: [action=token_revoked] ── -# case_id=TC-5a6e9137 -# case_name=GET /api/admin/audit-logs - classification tree row 8: [action=token_revoked] -# step_id=step-main -# step_type=test -# technique=classification_tree -# priority=P2 - -GET {{base_url}}/api/admin/audit-logs?action=token_revoked - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_audit_logs_get_classification_tree_row_9_action_user_created_e92e324e.hurl b/cases/api_admin_audit_logs_get_classification_tree_row_9_action_user_created_e92e324e.hurl deleted file mode 100644 index b2cd331..0000000 --- a/cases/api_admin_audit_logs_get_classification_tree_row_9_action_user_created_e92e324e.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── GET /api/admin/audit-logs - classification tree row 9: [action=user_created] ── -# case_id=TC-e92e324e -# case_name=GET /api/admin/audit-logs - classification tree row 9: [action=user_created] -# step_id=step-main -# step_type=test -# technique=classification_tree -# priority=P2 - -GET {{base_url}}/api/admin/audit-logs?action=user_created - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_audit_logs_get_owasp_api2_broken_authentication_eb7a16db.hurl b/cases/api_admin_audit_logs_get_owasp_api2_broken_authentication_eb7a16db.hurl deleted file mode 100644 index a7fb862..0000000 --- a/cases/api_admin_audit_logs_get_owasp_api2_broken_authentication_eb7a16db.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] GET /api/admin/audit-logs — broken authentication ── -# case_id=TC-eb7a16db -# case_name=[OWASP-API2] GET /api/admin/audit-logs — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/admin/audit-logs - -HTTP 401 - diff --git a/cases/api_admin_audit_logs_get_owasp_api5_function_level_authorization_missing_b02abc71.hurl b/cases/api_admin_audit_logs_get_owasp_api5_function_level_authorization_missing_b02abc71.hurl deleted file mode 100644 index 3538df6..0000000 --- a/cases/api_admin_audit_logs_get_owasp_api5_function_level_authorization_missing_b02abc71.hurl +++ /dev/null @@ -1,13 +0,0 @@ -# ── [OWASP-API5] GET /api/admin/audit-logs — function-level authorization missing ── -# case_id=TC-b02abc71 -# case_name=[OWASP-API5] GET /api/admin/audit-logs — function-level authorization missing -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -GET {{base_url}}/api/admin/audit-logs -Authorization: Bearer {{user_token}} - -HTTP 403 - diff --git a/cases/api_admin_audit_logs_get_owasp_api7_injection_path_traversal_a1c2c8cc.hurl b/cases/api_admin_audit_logs_get_owasp_api7_injection_path_traversal_a1c2c8cc.hurl deleted file mode 100644 index 836d154..0000000 --- a/cases/api_admin_audit_logs_get_owasp_api7_injection_path_traversal_a1c2c8cc.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/admin/audit-logs — injection (path-traversal) ── -# case_id=TC-a1c2c8cc -# case_name=[OWASP-API7] GET /api/admin/audit-logs — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/admin/audit-logs?action=..%2F..%2F..%2Fetc%2Fpasswd -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_audit_logs_get_owasp_api7_injection_sqli_605a4d60.hurl b/cases/api_admin_audit_logs_get_owasp_api7_injection_sqli_605a4d60.hurl deleted file mode 100644 index b62205a..0000000 --- a/cases/api_admin_audit_logs_get_owasp_api7_injection_sqli_605a4d60.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/admin/audit-logs — injection (sqli) ── -# case_id=TC-605a4d60 -# case_name=[OWASP-API7] GET /api/admin/audit-logs — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/admin/audit-logs?action=%27+OR+1%3D1-- -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_audit_logs_get_owasp_api7_injection_xss_0d70db14.hurl b/cases/api_admin_audit_logs_get_owasp_api7_injection_xss_0d70db14.hurl deleted file mode 100644 index f698bc5..0000000 --- a/cases/api_admin_audit_logs_get_owasp_api7_injection_xss_0d70db14.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/admin/audit-logs — injection (xss) ── -# case_id=TC-0d70db14 -# case_name=[OWASP-API7] GET /api/admin/audit-logs — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/admin/audit-logs?action=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_audit_logs_get_valid_request_with_all_required_fields_04940e9f.hurl b/cases/api_admin_audit_logs_get_valid_request_with_all_required_fields_04940e9f.hurl deleted file mode 100644 index 144abd1..0000000 --- a/cases/api_admin_audit_logs_get_valid_request_with_all_required_fields_04940e9f.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── GET /api/admin/audit-logs - valid request with all required fields ── -# case_id=TC-04940e9f -# case_name=GET /api/admin/audit-logs - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -GET {{base_url}}/api/admin/audit-logs - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.total" exists -jsonpath "$.logs" exists -jsonpath "$.page" exists -jsonpath "$.pageSize" exists - diff --git a/cases/api_admin_audit_logs_options_owasp_api8_cors_security_configuration_744c12cf.hurl b/cases/api_admin_audit_logs_options_owasp_api8_cors_security_configuration_744c12cf.hurl deleted file mode 100644 index 813473a..0000000 --- a/cases/api_admin_audit_logs_options_owasp_api8_cors_security_configuration_744c12cf.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/admin/audit-logs — CORS security configuration ── -# case_id=TC-744c12cf -# case_name=[OWASP-API8] OPTIONS /api/admin/audit-logs — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/admin/audit-logs -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_admin_grants_id_delete_idempotent_second_call_must_be_safe_1f6fc417.hurl b/cases/api_admin_grants_id_delete_idempotent_second_call_must_be_safe_1f6fc417.hurl deleted file mode 100644 index f12fd73..0000000 --- a/cases/api_admin_grants_id_delete_idempotent_second_call_must_be_safe_1f6fc417.hurl +++ /dev/null @@ -1,33 +0,0 @@ -# ══════════════════════════════════════════════════ -# DELETE /api/admin/grants/{id} - idempotent: second call must be safe -# case_id=TC-1f6fc417 -# case_name=DELETE /api/admin/grants/{id} - idempotent: second call must be safe -# case_kind=chain -# priority=P2 -# ══════════════════════════════════════════════════ - -# ── DELETE /api/admin/grants/{id} — first call [setup] ── -# step_id=step-setup -# step_type=setup -# title=DELETE /api/admin/grants/{id} — first call - -DELETE {{base_url}}/api/admin/grants/{id} - -HTTP 200 - -[Asserts] -duration < 2000 - -# ── DELETE /api/admin/grants/{id} — identical second call must be safe [test] ── -# step_id=step-test -# step_type=test -# title=DELETE /api/admin/grants/{id} — identical second call must be safe -# depends_on=step-setup - -DELETE {{base_url}}/api/admin/grants/{id} - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_grants_id_delete_idor_id_0_zero_id_c0c54349.hurl b/cases/api_admin_grants_id_delete_idor_id_0_zero_id_c0c54349.hurl deleted file mode 100644 index 4b6c98d..0000000 --- a/cases/api_admin_grants_id_delete_idor_id_0_zero_id_c0c54349.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── DELETE /api/admin/grants/{id} - IDOR id=0 (zero_id) ── -# case_id=TC-c0c54349 -# case_name=DELETE /api/admin/grants/{id} - IDOR id=0 (zero_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -DELETE {{base_url}}/api/admin/grants/0 - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_grants_id_delete_idor_id_99999_alt_id_b20f3be6.hurl b/cases/api_admin_grants_id_delete_idor_id_99999_alt_id_b20f3be6.hurl deleted file mode 100644 index 6b93892..0000000 --- a/cases/api_admin_grants_id_delete_idor_id_99999_alt_id_b20f3be6.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── DELETE /api/admin/grants/{id} - IDOR id=99999 (alt_id) ── -# case_id=TC-b20f3be6 -# case_name=DELETE /api/admin/grants/{id} - IDOR id=99999 (alt_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -DELETE {{base_url}}/api/admin/grants/99999 - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_grants_id_delete_missing_required_param_id_57e2f5d8.hurl b/cases/api_admin_grants_id_delete_missing_required_param_id_57e2f5d8.hurl deleted file mode 100644 index 73851e2..0000000 --- a/cases/api_admin_grants_id_delete_missing_required_param_id_57e2f5d8.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── DELETE /api/admin/grants/{id} - missing required param "id" ── -# case_id=TC-57e2f5d8 -# case_name=DELETE /api/admin/grants/{id} - missing required param "id" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -DELETE {{base_url}}/api/admin/grants/1 - -HTTP 422 - diff --git a/cases/api_admin_grants_id_delete_owasp_api1_bola_unauthorized_access_d8d75c69.hurl b/cases/api_admin_grants_id_delete_owasp_api1_bola_unauthorized_access_d8d75c69.hurl deleted file mode 100644 index ff859e4..0000000 --- a/cases/api_admin_grants_id_delete_owasp_api1_bola_unauthorized_access_d8d75c69.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API1] DELETE /api/admin/grants/{id} — BOLA unauthorized access ── -# case_id=TC-d8d75c69 -# case_name=[OWASP-API1] DELETE /api/admin/grants/{id} — BOLA unauthorized access -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/grants/{{other_resource_id}} - -HTTP 403 - diff --git a/cases/api_admin_grants_id_delete_owasp_api2_broken_authentication_2b26b1b2.hurl b/cases/api_admin_grants_id_delete_owasp_api2_broken_authentication_2b26b1b2.hurl deleted file mode 100644 index ce75d61..0000000 --- a/cases/api_admin_grants_id_delete_owasp_api2_broken_authentication_2b26b1b2.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] DELETE /api/admin/grants/{id} — broken authentication ── -# case_id=TC-2b26b1b2 -# case_name=[OWASP-API2] DELETE /api/admin/grants/{id} — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/grants/{id} - -HTTP 401 - diff --git a/cases/api_admin_grants_id_delete_owasp_api5_function_level_authorization_missing_640109d2.hurl b/cases/api_admin_grants_id_delete_owasp_api5_function_level_authorization_missing_640109d2.hurl deleted file mode 100644 index d0c97db..0000000 --- a/cases/api_admin_grants_id_delete_owasp_api5_function_level_authorization_missing_640109d2.hurl +++ /dev/null @@ -1,13 +0,0 @@ -# ── [OWASP-API5] DELETE /api/admin/grants/{id} — function-level authorization missing ── -# case_id=TC-640109d2 -# case_name=[OWASP-API5] DELETE /api/admin/grants/{id} — function-level authorization missing -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -DELETE {{base_url}}/api/admin/grants/{id} -Authorization: Bearer {{user_token}} - -HTTP 403 - diff --git a/cases/api_admin_grants_id_delete_owasp_api7_injection_path_traversal_5cfaf557.hurl b/cases/api_admin_grants_id_delete_owasp_api7_injection_path_traversal_5cfaf557.hurl deleted file mode 100644 index 03df5cf..0000000 --- a/cases/api_admin_grants_id_delete_owasp_api7_injection_path_traversal_5cfaf557.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] DELETE /api/admin/grants/{id} — injection (path-traversal) ── -# case_id=TC-5cfaf557 -# case_name=[OWASP-API7] DELETE /api/admin/grants/{id} — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/grants/..%2F..%2F..%2Fetc%2Fpasswd -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_grants_id_delete_owasp_api7_injection_sqli_3883f876.hurl b/cases/api_admin_grants_id_delete_owasp_api7_injection_sqli_3883f876.hurl deleted file mode 100644 index e126d51..0000000 --- a/cases/api_admin_grants_id_delete_owasp_api7_injection_sqli_3883f876.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] DELETE /api/admin/grants/{id} — injection (sqli) ── -# case_id=TC-3883f876 -# case_name=[OWASP-API7] DELETE /api/admin/grants/{id} — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/grants/%27%20OR%201=1-- -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_grants_id_delete_owasp_api7_injection_xss_7e26f4e3.hurl b/cases/api_admin_grants_id_delete_owasp_api7_injection_xss_7e26f4e3.hurl deleted file mode 100644 index 6a54b46..0000000 --- a/cases/api_admin_grants_id_delete_owasp_api7_injection_xss_7e26f4e3.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] DELETE /api/admin/grants/{id} — injection (xss) ── -# case_id=TC-7e26f4e3 -# case_name=[OWASP-API7] DELETE /api/admin/grants/{id} — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/grants/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_grants_id_delete_valid_request_with_all_required_fields_03c20c58.hurl b/cases/api_admin_grants_id_delete_valid_request_with_all_required_fields_03c20c58.hurl deleted file mode 100644 index d812bb9..0000000 --- a/cases/api_admin_grants_id_delete_valid_request_with_all_required_fields_03c20c58.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── DELETE /api/admin/grants/{id} - valid request with all required fields ── -# case_id=TC-03c20c58 -# case_name=DELETE /api/admin/grants/{id} - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -DELETE {{base_url}}/api/admin/grants/{id} - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.ok" exists - diff --git a/cases/api_admin_grants_id_options_owasp_api8_cors_security_configuration_ff243297.hurl b/cases/api_admin_grants_id_options_owasp_api8_cors_security_configuration_ff243297.hurl deleted file mode 100644 index 8a23661..0000000 --- a/cases/api_admin_grants_id_options_owasp_api8_cors_security_configuration_ff243297.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/admin/grants/{id} — CORS security configuration ── -# case_id=TC-ff243297 -# case_name=[OWASP-API8] OPTIONS /api/admin/grants/{id} — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/admin/grants/{id} -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_admin_services_serviceid_team_options_owasp_api8_cors_security_configuration_4b672517.hurl b/cases/api_admin_services_serviceid_team_options_owasp_api8_cors_security_configuration_4b672517.hurl deleted file mode 100644 index cf19f4d..0000000 --- a/cases/api_admin_services_serviceid_team_options_owasp_api8_cors_security_configuration_4b672517.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/admin/services/{serviceId}/team — CORS security configuration ── -# case_id=TC-4b672517 -# case_name=[OWASP-API8] OPTIONS /api/admin/services/{serviceId}/team — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/admin/services/{serviceId}/team -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_admin_services_serviceid_team_put_idempotent_second_call_must_be_safe_dc1513dd.hurl b/cases/api_admin_services_serviceid_team_put_idempotent_second_call_must_be_safe_dc1513dd.hurl deleted file mode 100644 index a5a56c9..0000000 --- a/cases/api_admin_services_serviceid_team_put_idempotent_second_call_must_be_safe_dc1513dd.hurl +++ /dev/null @@ -1,45 +0,0 @@ -# ══════════════════════════════════════════════════ -# PUT /api/admin/services/{serviceId}/team - idempotent: second call must be safe -# case_id=TC-dc1513dd -# case_name=PUT /api/admin/services/{serviceId}/team - idempotent: second call must be safe -# case_kind=chain -# priority=P2 -# ══════════════════════════════════════════════════ - -# ── PUT /api/admin/services/{serviceId}/team — first call [setup] ── -# step_id=step-setup -# step_type=setup -# title=PUT /api/admin/services/{serviceId}/team — first call - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{ - "teamId": "b954d030-15a4-4bc5-a0ad-c5e46e96e0a7" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - -# ── PUT /api/admin/services/{serviceId}/team — identical second call must be safe [test] ── -# step_id=step-test -# step_type=test -# title=PUT /api/admin/services/{serviceId}/team — identical second call must be safe -# depends_on=step-setup - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{ - "teamId": "b954d030-15a4-4bc5-a0ad-c5e46e96e0a7" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_services_serviceid_team_put_mass_assignment_financial_probe_297a0e33.hurl b/cases/api_admin_services_serviceid_team_put_mass_assignment_financial_probe_297a0e33.hurl deleted file mode 100644 index efaf9ad..0000000 --- a/cases/api_admin_services_serviceid_team_put_mass_assignment_financial_probe_297a0e33.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/services/{serviceId}/team - [mass_assignment] financial probe ── -# case_id=TC-297a0e33 -# case_name=PUT /api/admin/services/{serviceId}/team - [mass_assignment] financial probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{ - "balance": 1, - "credits": 1, - "discount": 0, - "price": 1, - "teamId": "205575fc-05ed-461e-8bb1-47206ee3fe2a" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_services_serviceid_team_put_mass_assignment_identity_probe_c9fe2f6f.hurl b/cases/api_admin_services_serviceid_team_put_mass_assignment_identity_probe_c9fe2f6f.hurl deleted file mode 100644 index 08498af..0000000 --- a/cases/api_admin_services_serviceid_team_put_mass_assignment_identity_probe_c9fe2f6f.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/services/{serviceId}/team - [mass_assignment] identity probe ── -# case_id=TC-c9fe2f6f -# case_name=PUT /api/admin/services/{serviceId}/team - [mass_assignment] identity probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{ - "createdBy": "__probe__", - "ownerId": "__probe__", - "teamId": "205575fc-05ed-461e-8bb1-47206ee3fe2a", - "userId": "__probe__", - "user_id": "__probe__" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_services_serviceid_team_put_mass_assignment_privilege_probe_c8fb1c8e.hurl b/cases/api_admin_services_serviceid_team_put_mass_assignment_privilege_probe_c8fb1c8e.hurl deleted file mode 100644 index 8d9b746..0000000 --- a/cases/api_admin_services_serviceid_team_put_mass_assignment_privilege_probe_c8fb1c8e.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/services/{serviceId}/team - [mass_assignment] privilege probe ── -# case_id=TC-c8fb1c8e -# case_name=PUT /api/admin/services/{serviceId}/team - [mass_assignment] privilege probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{ - "admin": true, - "isAdmin": true, - "is_admin": true, - "role": "__probe__", - "teamId": "205575fc-05ed-461e-8bb1-47206ee3fe2a" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_services_serviceid_team_put_mass_assignment_status_probe_6072976c.hurl b/cases/api_admin_services_serviceid_team_put_mass_assignment_status_probe_6072976c.hurl deleted file mode 100644 index ba650f7..0000000 --- a/cases/api_admin_services_serviceid_team_put_mass_assignment_status_probe_6072976c.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/services/{serviceId}/team - [mass_assignment] status probe ── -# case_id=TC-6072976c -# case_name=PUT /api/admin/services/{serviceId}/team - [mass_assignment] status probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{ - "approved": true, - "banned": false, - "disabled": false, - "teamId": "205575fc-05ed-461e-8bb1-47206ee3fe2a", - "verified": true -} -``` - -HTTP 400 - diff --git a/cases/api_admin_services_serviceid_team_put_missing_required_field_teamid_8397ba83.hurl b/cases/api_admin_services_serviceid_team_put_missing_required_field_teamid_8397ba83.hurl deleted file mode 100644 index 3664afc..0000000 --- a/cases/api_admin_services_serviceid_team_put_missing_required_field_teamid_8397ba83.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── PUT /api/admin/services/{serviceId}/team - missing required field "teamId" ── -# case_id=TC-8397ba83 -# case_name=PUT /api/admin/services/{serviceId}/team - missing required field "teamId" -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P1 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{} -``` - -HTTP 422 - diff --git a/cases/api_admin_services_serviceid_team_put_missing_required_field_teamid_bc585ae5.hurl b/cases/api_admin_services_serviceid_team_put_missing_required_field_teamid_bc585ae5.hurl deleted file mode 100644 index c5db4ed..0000000 --- a/cases/api_admin_services_serviceid_team_put_missing_required_field_teamid_bc585ae5.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── PUT /api/admin/services/{serviceId}/team - missing required field "teamId" ── -# case_id=TC-bc585ae5 -# case_name=PUT /api/admin/services/{serviceId}/team - missing required field "teamId" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{} -``` - -HTTP 422 - diff --git a/cases/api_admin_services_serviceid_team_put_missing_required_param_serviceid_3dc3ff8a.hurl b/cases/api_admin_services_serviceid_team_put_missing_required_param_serviceid_3dc3ff8a.hurl deleted file mode 100644 index b3697b0..0000000 --- a/cases/api_admin_services_serviceid_team_put_missing_required_param_serviceid_3dc3ff8a.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── PUT /api/admin/services/{serviceId}/team - missing required param "serviceId" ── -# case_id=TC-3dc3ff8a -# case_name=PUT /api/admin/services/{serviceId}/team - missing required param "serviceId" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -PUT {{base_url}}/api/admin/services/1/team - -HTTP 422 - diff --git a/cases/api_admin_services_serviceid_team_put_mutation_teamid_empty_string_717311a7.hurl b/cases/api_admin_services_serviceid_team_put_mutation_teamid_empty_string_717311a7.hurl deleted file mode 100644 index d690a97..0000000 --- a/cases/api_admin_services_serviceid_team_put_mutation_teamid_empty_string_717311a7.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/services/{serviceId}/team - mutation: teamId empty string ── -# case_id=TC-717311a7 -# case_name=PUT /api/admin/services/{serviceId}/team - mutation: teamId empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{ - "teamId": "" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_services_serviceid_team_put_mutation_teamid_integer_instead_of_string_cea11786.hurl b/cases/api_admin_services_serviceid_team_put_mutation_teamid_integer_instead_of_string_cea11786.hurl deleted file mode 100644 index f186cda..0000000 --- a/cases/api_admin_services_serviceid_team_put_mutation_teamid_integer_instead_of_string_cea11786.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/services/{serviceId}/team - mutation: teamId integer instead of string ── -# case_id=TC-cea11786 -# case_name=PUT /api/admin/services/{serviceId}/team - mutation: teamId integer instead of string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{ - "teamId": 12345 -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_services_serviceid_team_put_mutation_teamid_null_value_3c6b4929.hurl b/cases/api_admin_services_serviceid_team_put_mutation_teamid_null_value_3c6b4929.hurl deleted file mode 100644 index 4bde0f8..0000000 --- a/cases/api_admin_services_serviceid_team_put_mutation_teamid_null_value_3c6b4929.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/services/{serviceId}/team - mutation: teamId null value ── -# case_id=TC-3c6b4929 -# case_name=PUT /api/admin/services/{serviceId}/team - mutation: teamId null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{ - "teamId": null -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_services_serviceid_team_put_mutation_teamid_oversized_string_300_chars_452218de.hurl b/cases/api_admin_services_serviceid_team_put_mutation_teamid_oversized_string_300_chars_452218de.hurl deleted file mode 100644 index 1e905cb..0000000 --- a/cases/api_admin_services_serviceid_team_put_mutation_teamid_oversized_string_300_chars_452218de.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/services/{serviceId}/team - mutation: teamId oversized string (300 chars) ── -# case_id=TC-452218de -# case_name=PUT /api/admin/services/{serviceId}/team - mutation: teamId oversized string (300 chars) -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{ - "teamId": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_services_serviceid_team_put_owasp_api1_bola_unauthorized_access_b7125bf5.hurl b/cases/api_admin_services_serviceid_team_put_owasp_api1_bola_unauthorized_access_b7125bf5.hurl deleted file mode 100644 index 502d6f2..0000000 --- a/cases/api_admin_services_serviceid_team_put_owasp_api1_bola_unauthorized_access_b7125bf5.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API1] PUT /api/admin/services/{serviceId}/team — BOLA unauthorized access ── -# case_id=TC-b7125bf5 -# case_name=[OWASP-API1] PUT /api/admin/services/{serviceId}/team — BOLA unauthorized access -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/services/{{other_resource_id}}/team - -HTTP 403 - diff --git a/cases/api_admin_services_serviceid_team_put_owasp_api2_broken_authentication_6bc9b636.hurl b/cases/api_admin_services_serviceid_team_put_owasp_api2_broken_authentication_6bc9b636.hurl deleted file mode 100644 index 4f04953..0000000 --- a/cases/api_admin_services_serviceid_team_put_owasp_api2_broken_authentication_6bc9b636.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] PUT /api/admin/services/{serviceId}/team — broken authentication ── -# case_id=TC-6bc9b636 -# case_name=[OWASP-API2] PUT /api/admin/services/{serviceId}/team — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/services/{serviceId}/team - -HTTP 401 - diff --git a/cases/api_admin_services_serviceid_team_put_owasp_api3_bopla_property_level_access_26712b87.hurl b/cases/api_admin_services_serviceid_team_put_owasp_api3_bopla_property_level_access_26712b87.hurl deleted file mode 100644 index d8cc1a0..0000000 --- a/cases/api_admin_services_serviceid_team_put_owasp_api3_bopla_property_level_access_26712b87.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── [OWASP-API3] PUT /api/admin/services/{serviceId}/team — BOPLA property-level access ── -# case_id=TC-26712b87 -# case_name=[OWASP-API3] PUT /api/admin/services/{serviceId}/team — BOPLA property-level access -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{ - "is_admin": true, - "role": "admin", - "teamId": "da2ce66b-ccba-4bc0-b582-c8fa43a6926f" -} -``` - -HTTP 200 - -[Asserts] -jsonpath "$.is_admin" != true -jsonpath "$.role" != "admin" - diff --git a/cases/api_admin_services_serviceid_team_put_owasp_api5_function_level_authorization_mi_544e90d2.hurl b/cases/api_admin_services_serviceid_team_put_owasp_api5_function_level_authorization_mi_544e90d2.hurl deleted file mode 100644 index 93d40ca..0000000 --- a/cases/api_admin_services_serviceid_team_put_owasp_api5_function_level_authorization_mi_544e90d2.hurl +++ /dev/null @@ -1,13 +0,0 @@ -# ── [OWASP-API5] PUT /api/admin/services/{serviceId}/team — function-level authorization missing ── -# case_id=TC-544e90d2 -# case_name=[OWASP-API5] PUT /api/admin/services/{serviceId}/team — function-level authorization missing -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Authorization: Bearer {{user_token}} - -HTTP 403 - diff --git a/cases/api_admin_services_serviceid_team_put_owasp_api6_mass_assignment_29a92605.hurl b/cases/api_admin_services_serviceid_team_put_owasp_api6_mass_assignment_29a92605.hurl deleted file mode 100644 index cbafe9b..0000000 --- a/cases/api_admin_services_serviceid_team_put_owasp_api6_mass_assignment_29a92605.hurl +++ /dev/null @@ -1,26 +0,0 @@ -# ── [OWASP-API6] PUT /api/admin/services/{serviceId}/team — mass assignment ── -# case_id=TC-29a92605 -# case_name=[OWASP-API6] PUT /api/admin/services/{serviceId}/team — mass assignment -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{ - "createdAt": "2000-01-01T00:00:00Z", - "id": 99999, - "teamId": "d9bf3e10-6529-49aa-b714-03fd1a939f04", - "updatedAt": "2000-01-01T00:00:00Z" -} -``` - -HTTP 200 - -[Asserts] -jsonpath "$.id" != 99999 -jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" -jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" - diff --git a/cases/api_admin_services_serviceid_team_put_owasp_api7_injection_path_traversal_b621722f.hurl b/cases/api_admin_services_serviceid_team_put_owasp_api7_injection_path_traversal_b621722f.hurl deleted file mode 100644 index d4c6b97..0000000 --- a/cases/api_admin_services_serviceid_team_put_owasp_api7_injection_path_traversal_b621722f.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] PUT /api/admin/services/{serviceId}/team — injection (path-traversal) ── -# case_id=TC-b621722f -# case_name=[OWASP-API7] PUT /api/admin/services/{serviceId}/team — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/services/..%2F..%2F..%2Fetc%2Fpasswd/team -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_services_serviceid_team_put_owasp_api7_injection_sqli_53f0e55f.hurl b/cases/api_admin_services_serviceid_team_put_owasp_api7_injection_sqli_53f0e55f.hurl deleted file mode 100644 index c9b2261..0000000 --- a/cases/api_admin_services_serviceid_team_put_owasp_api7_injection_sqli_53f0e55f.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] PUT /api/admin/services/{serviceId}/team — injection (sqli) ── -# case_id=TC-53f0e55f -# case_name=[OWASP-API7] PUT /api/admin/services/{serviceId}/team — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/services/%27%20OR%201=1--/team -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_services_serviceid_team_put_owasp_api7_injection_xss_3ad867af.hurl b/cases/api_admin_services_serviceid_team_put_owasp_api7_injection_xss_3ad867af.hurl deleted file mode 100644 index 2a1fb63..0000000 --- a/cases/api_admin_services_serviceid_team_put_owasp_api7_injection_xss_3ad867af.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] PUT /api/admin/services/{serviceId}/team — injection (xss) ── -# case_id=TC-3ad867af -# case_name=[OWASP-API7] PUT /api/admin/services/{serviceId}/team — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/services/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/team -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_services_serviceid_team_put_required_omission_teamid_absent_d24b98db.hurl b/cases/api_admin_services_serviceid_team_put_required_omission_teamid_absent_d24b98db.hurl deleted file mode 100644 index 6dd6487..0000000 --- a/cases/api_admin_services_serviceid_team_put_required_omission_teamid_absent_d24b98db.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── PUT /api/admin/services/{serviceId}/team - [required_omission] teamId absent ── -# case_id=TC-d24b98db -# case_name=PUT /api/admin/services/{serviceId}/team - [required_omission] teamId absent -# step_id=step-main -# step_type=test -# technique=required_omission -# priority=P2 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_services_serviceid_team_put_schema_violation_teamid_missing_required_c8b11e1e.hurl b/cases/api_admin_services_serviceid_team_put_schema_violation_teamid_missing_required_c8b11e1e.hurl deleted file mode 100644 index 7bd0ce1..0000000 --- a/cases/api_admin_services_serviceid_team_put_schema_violation_teamid_missing_required_c8b11e1e.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── PUT /api/admin/services/{serviceId}/team - [schema_violation] teamId_missing_required ── -# case_id=TC-c8b11e1e -# case_name=PUT /api/admin/services/{serviceId}/team - [schema_violation] teamId_missing_required -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{} -``` - -HTTP 422 - diff --git a/cases/api_admin_services_serviceid_team_put_semantic_annotation_nullable_field_teamid_f06bfa27.hurl b/cases/api_admin_services_serviceid_team_put_semantic_annotation_nullable_field_teamid_f06bfa27.hurl deleted file mode 100644 index b2e2844..0000000 --- a/cases/api_admin_services_serviceid_team_put_semantic_annotation_nullable_field_teamid_f06bfa27.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/services/{serviceId}/team - [semantic_annotation] nullable field "teamId" accepts null ── -# case_id=TC-f06bfa27 -# case_name=PUT /api/admin/services/{serviceId}/team - [semantic_annotation] nullable field "teamId" accepts null -# step_id=step-main -# step_type=test -# technique=semantic_annotation -# priority=P1 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{ - "teamId": null -} -``` - -HTTP * - -[Asserts] -status >= 200 -status < 300 - diff --git a/cases/api_admin_services_serviceid_team_put_type_coercion_teamid_wrong_type_boolean_5b55ebea.hurl b/cases/api_admin_services_serviceid_team_put_type_coercion_teamid_wrong_type_boolean_5b55ebea.hurl deleted file mode 100644 index bace9e7..0000000 --- a/cases/api_admin_services_serviceid_team_put_type_coercion_teamid_wrong_type_boolean_5b55ebea.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── PUT /api/admin/services/{serviceId}/team - [type_coercion] teamId wrong_type_boolean ── -# case_id=TC-5b55ebea -# case_name=PUT /api/admin/services/{serviceId}/team - [type_coercion] teamId wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{ - "teamId": true -} -``` - -HTTP 422 - diff --git a/cases/api_admin_services_serviceid_team_put_type_coercion_teamid_wrong_type_integer_87eccc15.hurl b/cases/api_admin_services_serviceid_team_put_type_coercion_teamid_wrong_type_integer_87eccc15.hurl deleted file mode 100644 index d51b980..0000000 --- a/cases/api_admin_services_serviceid_team_put_type_coercion_teamid_wrong_type_integer_87eccc15.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── PUT /api/admin/services/{serviceId}/team - [type_coercion] teamId wrong_type_integer ── -# case_id=TC-87eccc15 -# case_name=PUT /api/admin/services/{serviceId}/team - [type_coercion] teamId wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{ - "teamId": 123 -} -``` - -HTTP 422 - diff --git a/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_bidi_override_e30f1b9e.hurl b/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_bidi_override_e30f1b9e.hurl deleted file mode 100644 index 1afd590..0000000 --- a/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_bidi_override_e30f1b9e.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId bidi_override ── -# case_id=TC-e30f1b9e -# case_name=PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{ - "teamId": "‮hello" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_control_char_00caba6f.hurl b/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_control_char_00caba6f.hurl deleted file mode 100644 index b81f354..0000000 --- a/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_control_char_00caba6f.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId control_char ── -# case_id=TC-00caba6f -# case_name=PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{ - "teamId": "hello\u0000world" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_overlong_5dc313b9.hurl b/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_overlong_5dc313b9.hurl deleted file mode 100644 index f0612a8..0000000 --- a/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_overlong_5dc313b9.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId overlong ── -# case_id=TC-5dc313b9 -# case_name=PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{ - "teamId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_zalgo_c1fa3472.hurl b/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_zalgo_c1fa3472.hurl deleted file mode 100644 index f384407..0000000 --- a/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_zalgo_c1fa3472.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId zalgo ── -# case_id=TC-c1fa3472 -# case_name=PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{ - "teamId": "z̀́̂̃̄̅̆̇a" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_zero_width_1c0a1d4a.hurl b/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_zero_width_1c0a1d4a.hurl deleted file mode 100644 index 48a718c..0000000 --- a/cases/api_admin_services_serviceid_team_put_unicode_fuzzing_teamid_zero_width_1c0a1d4a.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId zero_width ── -# case_id=TC-1c0a1d4a -# case_name=PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{ - "teamId": "​hello" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_services_serviceid_team_put_valid_request_with_all_required_fields_c8662867.hurl b/cases/api_admin_services_serviceid_team_put_valid_request_with_all_required_fields_c8662867.hurl deleted file mode 100644 index db65e76..0000000 --- a/cases/api_admin_services_serviceid_team_put_valid_request_with_all_required_fields_c8662867.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/services/{serviceId}/team - valid request with all required fields ── -# case_id=TC-c8662867 -# case_name=PUT /api/admin/services/{serviceId}/team - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: application/json -```json -{ - "teamId": "8439a10e-558d-4569-b260-f0f36a116d83" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.ok" exists - diff --git a/cases/api_admin_services_serviceid_team_put_wrong_content_type_text_plain_16d39238.hurl b/cases/api_admin_services_serviceid_team_put_wrong_content_type_text_plain_16d39238.hurl deleted file mode 100644 index 1a49a96..0000000 --- a/cases/api_admin_services_serviceid_team_put_wrong_content_type_text_plain_16d39238.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── PUT /api/admin/services/{serviceId}/team - wrong content-type (text/plain) ── -# case_id=TC-16d39238 -# case_name=PUT /api/admin/services/{serviceId}/team - wrong content-type (text/plain) -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -PUT {{base_url}}/api/admin/services/{serviceId}/team -Content-Type: text/plain -```json -{ - "teamId": "bc1c5a2f-34be-4a46-bc1a-a3abfe061eb1" -} -``` - -HTTP 415 - diff --git a/cases/api_admin_teams_get_auth_chain_3977085e.hurl b/cases/api_admin_teams_get_auth_chain_3977085e.hurl deleted file mode 100644 index e3f7c17..0000000 --- a/cases/api_admin_teams_get_auth_chain_3977085e.hurl +++ /dev/null @@ -1,44 +0,0 @@ -# ══════════════════════════════════════════════════ -# auth chain: GET /api/admin/teams -# case_id=TC-3977085e -# case_name=auth chain: GET /api/admin/teams -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── authenticate via POST /api/tokens [setup] ── -# step_id=step-auth -# step_type=setup -# title=authenticate via POST /api/tokens - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Jakob Jensen", - "scope": "write" -} -``` - -HTTP * - -[Captures] -authToken: jsonpath "$.token" - -[Asserts] -status < 300 - -# ── GET /api/admin/teams with auth token [test] ── -# step_id=step-test -# step_type=test -# title=GET /api/admin/teams with auth token -# depends_on=step-auth - -GET {{base_url}}/api/admin/teams -Authorization: Bearer {{authToken}} - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_teams_get_owasp_api2_broken_authentication_1e347647.hurl b/cases/api_admin_teams_get_owasp_api2_broken_authentication_1e347647.hurl deleted file mode 100644 index b77244c..0000000 --- a/cases/api_admin_teams_get_owasp_api2_broken_authentication_1e347647.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] GET /api/admin/teams — broken authentication ── -# case_id=TC-1e347647 -# case_name=[OWASP-API2] GET /api/admin/teams — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/admin/teams - -HTTP 401 - diff --git a/cases/api_admin_teams_get_owasp_api5_function_level_authorization_missing_a9276ccc.hurl b/cases/api_admin_teams_get_owasp_api5_function_level_authorization_missing_a9276ccc.hurl deleted file mode 100644 index 7c05771..0000000 --- a/cases/api_admin_teams_get_owasp_api5_function_level_authorization_missing_a9276ccc.hurl +++ /dev/null @@ -1,13 +0,0 @@ -# ── [OWASP-API5] GET /api/admin/teams — function-level authorization missing ── -# case_id=TC-a9276ccc -# case_name=[OWASP-API5] GET /api/admin/teams — function-level authorization missing -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -GET {{base_url}}/api/admin/teams -Authorization: Bearer {{user_token}} - -HTTP 403 - diff --git a/cases/api_admin_teams_get_valid_request_with_all_required_fields_978ae5a8.hurl b/cases/api_admin_teams_get_valid_request_with_all_required_fields_978ae5a8.hurl deleted file mode 100644 index ca8dc17..0000000 --- a/cases/api_admin_teams_get_valid_request_with_all_required_fields_978ae5a8.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── GET /api/admin/teams - valid request with all required fields ── -# case_id=TC-978ae5a8 -# case_name=GET /api/admin/teams - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -GET {{base_url}}/api/admin/teams - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.teams" exists - diff --git a/cases/api_admin_teams_id_delete_idempotent_second_call_must_be_safe_2d2c1dda.hurl b/cases/api_admin_teams_id_delete_idempotent_second_call_must_be_safe_2d2c1dda.hurl deleted file mode 100644 index bbde34d..0000000 --- a/cases/api_admin_teams_id_delete_idempotent_second_call_must_be_safe_2d2c1dda.hurl +++ /dev/null @@ -1,33 +0,0 @@ -# ══════════════════════════════════════════════════ -# DELETE /api/admin/teams/{id} - idempotent: second call must be safe -# case_id=TC-2d2c1dda -# case_name=DELETE /api/admin/teams/{id} - idempotent: second call must be safe -# case_kind=chain -# priority=P2 -# ══════════════════════════════════════════════════ - -# ── DELETE /api/admin/teams/{id} — first call [setup] ── -# step_id=step-setup -# step_type=setup -# title=DELETE /api/admin/teams/{id} — first call - -DELETE {{base_url}}/api/admin/teams/{id} - -HTTP 200 - -[Asserts] -duration < 2000 - -# ── DELETE /api/admin/teams/{id} — identical second call must be safe [test] ── -# step_id=step-test -# step_type=test -# title=DELETE /api/admin/teams/{id} — identical second call must be safe -# depends_on=step-setup - -DELETE {{base_url}}/api/admin/teams/{id} - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_teams_id_delete_idor_id_0_zero_id_04e9a0f9.hurl b/cases/api_admin_teams_id_delete_idor_id_0_zero_id_04e9a0f9.hurl deleted file mode 100644 index 116e9ae..0000000 --- a/cases/api_admin_teams_id_delete_idor_id_0_zero_id_04e9a0f9.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── DELETE /api/admin/teams/{id} - IDOR id=0 (zero_id) ── -# case_id=TC-04e9a0f9 -# case_name=DELETE /api/admin/teams/{id} - IDOR id=0 (zero_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -DELETE {{base_url}}/api/admin/teams/0 - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_delete_idor_id_99999_alt_id_0d533645.hurl b/cases/api_admin_teams_id_delete_idor_id_99999_alt_id_0d533645.hurl deleted file mode 100644 index 4903b3d..0000000 --- a/cases/api_admin_teams_id_delete_idor_id_99999_alt_id_0d533645.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── DELETE /api/admin/teams/{id} - IDOR id=99999 (alt_id) ── -# case_id=TC-0d533645 -# case_name=DELETE /api/admin/teams/{id} - IDOR id=99999 (alt_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -DELETE {{base_url}}/api/admin/teams/99999 - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_delete_missing_required_param_id_d700a9bc.hurl b/cases/api_admin_teams_id_delete_missing_required_param_id_d700a9bc.hurl deleted file mode 100644 index c11f10b..0000000 --- a/cases/api_admin_teams_id_delete_missing_required_param_id_d700a9bc.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── DELETE /api/admin/teams/{id} - missing required param "id" ── -# case_id=TC-d700a9bc -# case_name=DELETE /api/admin/teams/{id} - missing required param "id" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -DELETE {{base_url}}/api/admin/teams/1 - -HTTP 422 - diff --git a/cases/api_admin_teams_id_delete_owasp_api1_bola_unauthorized_access_a23b7745.hurl b/cases/api_admin_teams_id_delete_owasp_api1_bola_unauthorized_access_a23b7745.hurl deleted file mode 100644 index e30613c..0000000 --- a/cases/api_admin_teams_id_delete_owasp_api1_bola_unauthorized_access_a23b7745.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API1] DELETE /api/admin/teams/{id} — BOLA unauthorized access ── -# case_id=TC-a23b7745 -# case_name=[OWASP-API1] DELETE /api/admin/teams/{id} — BOLA unauthorized access -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/teams/{{other_resource_id}} - -HTTP 403 - diff --git a/cases/api_admin_teams_id_delete_owasp_api2_broken_authentication_f7305717.hurl b/cases/api_admin_teams_id_delete_owasp_api2_broken_authentication_f7305717.hurl deleted file mode 100644 index b3cd78d..0000000 --- a/cases/api_admin_teams_id_delete_owasp_api2_broken_authentication_f7305717.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] DELETE /api/admin/teams/{id} — broken authentication ── -# case_id=TC-f7305717 -# case_name=[OWASP-API2] DELETE /api/admin/teams/{id} — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/teams/{id} - -HTTP 401 - diff --git a/cases/api_admin_teams_id_delete_owasp_api5_function_level_authorization_missing_1f9d5ef0.hurl b/cases/api_admin_teams_id_delete_owasp_api5_function_level_authorization_missing_1f9d5ef0.hurl deleted file mode 100644 index 87f19f6..0000000 --- a/cases/api_admin_teams_id_delete_owasp_api5_function_level_authorization_missing_1f9d5ef0.hurl +++ /dev/null @@ -1,13 +0,0 @@ -# ── [OWASP-API5] DELETE /api/admin/teams/{id} — function-level authorization missing ── -# case_id=TC-1f9d5ef0 -# case_name=[OWASP-API5] DELETE /api/admin/teams/{id} — function-level authorization missing -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -DELETE {{base_url}}/api/admin/teams/{id} -Authorization: Bearer {{user_token}} - -HTTP 403 - diff --git a/cases/api_admin_teams_id_delete_owasp_api7_injection_path_traversal_726d486c.hurl b/cases/api_admin_teams_id_delete_owasp_api7_injection_path_traversal_726d486c.hurl deleted file mode 100644 index f1970a3..0000000 --- a/cases/api_admin_teams_id_delete_owasp_api7_injection_path_traversal_726d486c.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] DELETE /api/admin/teams/{id} — injection (path-traversal) ── -# case_id=TC-726d486c -# case_name=[OWASP-API7] DELETE /api/admin/teams/{id} — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_delete_owasp_api7_injection_sqli_e0aa0be4.hurl b/cases/api_admin_teams_id_delete_owasp_api7_injection_sqli_e0aa0be4.hurl deleted file mode 100644 index 44d66ed..0000000 --- a/cases/api_admin_teams_id_delete_owasp_api7_injection_sqli_e0aa0be4.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] DELETE /api/admin/teams/{id} — injection (sqli) ── -# case_id=TC-e0aa0be4 -# case_name=[OWASP-API7] DELETE /api/admin/teams/{id} — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/teams/%27%20OR%201=1-- -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_delete_owasp_api7_injection_xss_cdcba009.hurl b/cases/api_admin_teams_id_delete_owasp_api7_injection_xss_cdcba009.hurl deleted file mode 100644 index bbdaa81..0000000 --- a/cases/api_admin_teams_id_delete_owasp_api7_injection_xss_cdcba009.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] DELETE /api/admin/teams/{id} — injection (xss) ── -# case_id=TC-cdcba009 -# case_name=[OWASP-API7] DELETE /api/admin/teams/{id} — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_delete_valid_request_with_all_required_fields_2f56068b.hurl b/cases/api_admin_teams_id_delete_valid_request_with_all_required_fields_2f56068b.hurl deleted file mode 100644 index 3a41d1c..0000000 --- a/cases/api_admin_teams_id_delete_valid_request_with_all_required_fields_2f56068b.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── DELETE /api/admin/teams/{id} - valid request with all required fields ── -# case_id=TC-2f56068b -# case_name=DELETE /api/admin/teams/{id} - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -DELETE {{base_url}}/api/admin/teams/{id} - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.ok" exists - diff --git a/cases/api_admin_teams_id_grants_get_idor_id_0_zero_id_625bb61d.hurl b/cases/api_admin_teams_id_grants_get_idor_id_0_zero_id_625bb61d.hurl deleted file mode 100644 index 5628c84..0000000 --- a/cases/api_admin_teams_id_grants_get_idor_id_0_zero_id_625bb61d.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── GET /api/admin/teams/{id}/grants - IDOR id=0 (zero_id) ── -# case_id=TC-625bb61d -# case_name=GET /api/admin/teams/{id}/grants - IDOR id=0 (zero_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -GET {{base_url}}/api/admin/teams/0/grants - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_grants_get_idor_id_99999_alt_id_1e7138b3.hurl b/cases/api_admin_teams_id_grants_get_idor_id_99999_alt_id_1e7138b3.hurl deleted file mode 100644 index 757b721..0000000 --- a/cases/api_admin_teams_id_grants_get_idor_id_99999_alt_id_1e7138b3.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── GET /api/admin/teams/{id}/grants - IDOR id=99999 (alt_id) ── -# case_id=TC-1e7138b3 -# case_name=GET /api/admin/teams/{id}/grants - IDOR id=99999 (alt_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -GET {{base_url}}/api/admin/teams/99999/grants - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_grants_get_missing_required_param_id_aa4a85d2.hurl b/cases/api_admin_teams_id_grants_get_missing_required_param_id_aa4a85d2.hurl deleted file mode 100644 index f6a7370..0000000 --- a/cases/api_admin_teams_id_grants_get_missing_required_param_id_aa4a85d2.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── GET /api/admin/teams/{id}/grants - missing required param "id" ── -# case_id=TC-aa4a85d2 -# case_name=GET /api/admin/teams/{id}/grants - missing required param "id" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -GET {{base_url}}/api/admin/teams/1/grants - -HTTP 422 - diff --git a/cases/api_admin_teams_id_grants_get_owasp_api1_bola_unauthorized_access_9c3bba1f.hurl b/cases/api_admin_teams_id_grants_get_owasp_api1_bola_unauthorized_access_9c3bba1f.hurl deleted file mode 100644 index d45f315..0000000 --- a/cases/api_admin_teams_id_grants_get_owasp_api1_bola_unauthorized_access_9c3bba1f.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API1] GET /api/admin/teams/{id}/grants — BOLA unauthorized access ── -# case_id=TC-9c3bba1f -# case_name=[OWASP-API1] GET /api/admin/teams/{id}/grants — BOLA unauthorized access -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/admin/teams/{{other_resource_id}}/grants - -HTTP 403 - diff --git a/cases/api_admin_teams_id_grants_get_owasp_api2_broken_authentication_2dae98a0.hurl b/cases/api_admin_teams_id_grants_get_owasp_api2_broken_authentication_2dae98a0.hurl deleted file mode 100644 index f2219a7..0000000 --- a/cases/api_admin_teams_id_grants_get_owasp_api2_broken_authentication_2dae98a0.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] GET /api/admin/teams/{id}/grants — broken authentication ── -# case_id=TC-2dae98a0 -# case_name=[OWASP-API2] GET /api/admin/teams/{id}/grants — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/admin/teams/{id}/grants - -HTTP 401 - diff --git a/cases/api_admin_teams_id_grants_get_owasp_api5_function_level_authorization_missing_8f5433a6.hurl b/cases/api_admin_teams_id_grants_get_owasp_api5_function_level_authorization_missing_8f5433a6.hurl deleted file mode 100644 index e59744e..0000000 --- a/cases/api_admin_teams_id_grants_get_owasp_api5_function_level_authorization_missing_8f5433a6.hurl +++ /dev/null @@ -1,13 +0,0 @@ -# ── [OWASP-API5] GET /api/admin/teams/{id}/grants — function-level authorization missing ── -# case_id=TC-8f5433a6 -# case_name=[OWASP-API5] GET /api/admin/teams/{id}/grants — function-level authorization missing -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -GET {{base_url}}/api/admin/teams/{id}/grants -Authorization: Bearer {{user_token}} - -HTTP 403 - diff --git a/cases/api_admin_teams_id_grants_get_owasp_api7_injection_path_traversal_b5400171.hurl b/cases/api_admin_teams_id_grants_get_owasp_api7_injection_path_traversal_b5400171.hurl deleted file mode 100644 index 9a2241b..0000000 --- a/cases/api_admin_teams_id_grants_get_owasp_api7_injection_path_traversal_b5400171.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/admin/teams/{id}/grants — injection (path-traversal) ── -# case_id=TC-b5400171 -# case_name=[OWASP-API7] GET /api/admin/teams/{id}/grants — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/grants -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_get_owasp_api7_injection_sqli_a7917f13.hurl b/cases/api_admin_teams_id_grants_get_owasp_api7_injection_sqli_a7917f13.hurl deleted file mode 100644 index e9543b7..0000000 --- a/cases/api_admin_teams_id_grants_get_owasp_api7_injection_sqli_a7917f13.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/admin/teams/{id}/grants — injection (sqli) ── -# case_id=TC-a7917f13 -# case_name=[OWASP-API7] GET /api/admin/teams/{id}/grants — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/admin/teams/%27%20OR%201=1--/grants -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_get_owasp_api7_injection_xss_269d7a97.hurl b/cases/api_admin_teams_id_grants_get_owasp_api7_injection_xss_269d7a97.hurl deleted file mode 100644 index be40f0c..0000000 --- a/cases/api_admin_teams_id_grants_get_owasp_api7_injection_xss_269d7a97.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/admin/teams/{id}/grants — injection (xss) ── -# case_id=TC-269d7a97 -# case_name=[OWASP-API7] GET /api/admin/teams/{id}/grants — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/grants -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_get_valid_request_with_all_required_fields_d5427a01.hurl b/cases/api_admin_teams_id_grants_get_valid_request_with_all_required_fields_d5427a01.hurl deleted file mode 100644 index e07df1f..0000000 --- a/cases/api_admin_teams_id_grants_get_valid_request_with_all_required_fields_d5427a01.hurl +++ /dev/null @@ -1,17 +0,0 @@ -# ── GET /api/admin/teams/{id}/grants - valid request with all required fields ── -# case_id=TC-d5427a01 -# case_name=GET /api/admin/teams/{id}/grants - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -GET {{base_url}}/api/admin/teams/{id}/grants - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.outgoing" exists -jsonpath "$.incoming" exists - diff --git a/cases/api_admin_teams_id_grants_options_owasp_api8_cors_security_configuration_8b59e761.hurl b/cases/api_admin_teams_id_grants_options_owasp_api8_cors_security_configuration_8b59e761.hurl deleted file mode 100644 index 406c6a0..0000000 --- a/cases/api_admin_teams_id_grants_options_owasp_api8_cors_security_configuration_8b59e761.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/admin/teams/{id}/grants — CORS security configuration ── -# case_id=TC-8b59e761 -# case_name=[OWASP-API8] OPTIONS /api/admin/teams/{id}/grants — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/admin/teams/{id}/grants -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_admin_teams_id_grants_post_idempotent_second_call_must_be_safe_810053e8.hurl b/cases/api_admin_teams_id_grants_post_idempotent_second_call_must_be_safe_810053e8.hurl deleted file mode 100644 index d1c9ca7..0000000 --- a/cases/api_admin_teams_id_grants_post_idempotent_second_call_must_be_safe_810053e8.hurl +++ /dev/null @@ -1,57 +0,0 @@ -# ══════════════════════════════════════════════════ -# POST /api/admin/teams/{id}/grants - idempotent: second call must be safe -# case_id=TC-810053e8 -# case_name=POST /api/admin/teams/{id}/grants - idempotent: second call must be safe -# case_kind=chain -# priority=P2 -# ══════════════════════════════════════════════════ - -# ── POST /api/admin/teams/{id}/grants — first call [setup] ── -# step_id=step-setup -# step_type=setup -# title=POST /api/admin/teams/{id}/grants — first call - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "mercy" - ], - "expiresAt": "1999-12-17T23:28:47Z", - "granteeTeamId": "65e38a66-d932-4217-b7b6-b9d191c81aaf", - "granteeUserId": "41f62f9a-dcd8-4b25-86af-1c3d9ec30857", - "serviceId": "4926c858-e08e-4a3f-bf7b-0bb8e4309181" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - -# ── POST /api/admin/teams/{id}/grants — identical second call must be safe [test] ── -# step_id=step-test -# step_type=test -# title=POST /api/admin/teams/{id}/grants — identical second call must be safe -# depends_on=step-setup - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "mercy" - ], - "expiresAt": "1999-12-17T23:28:47Z", - "granteeTeamId": "65e38a66-d932-4217-b7b6-b9d191c81aaf", - "granteeUserId": "41f62f9a-dcd8-4b25-86af-1c3d9ec30857", - "serviceId": "4926c858-e08e-4a3f-bf7b-0bb8e4309181" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_teams_id_grants_post_idor_id_0_zero_id_82f1376b.hurl b/cases/api_admin_teams_id_grants_post_idor_id_0_zero_id_82f1376b.hurl deleted file mode 100644 index 13da31c..0000000 --- a/cases/api_admin_teams_id_grants_post_idor_id_0_zero_id_82f1376b.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - IDOR id=0 (zero_id) ── -# case_id=TC-82f1376b -# case_name=POST /api/admin/teams/{id}/grants - IDOR id=0 (zero_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -POST {{base_url}}/api/admin/teams/0/grants - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_grants_post_idor_id_99999_alt_id_14f8c7cc.hurl b/cases/api_admin_teams_id_grants_post_idor_id_99999_alt_id_14f8c7cc.hurl deleted file mode 100644 index e6d5e8a..0000000 --- a/cases/api_admin_teams_id_grants_post_idor_id_99999_alt_id_14f8c7cc.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - IDOR id=99999 (alt_id) ── -# case_id=TC-14f8c7cc -# case_name=POST /api/admin/teams/{id}/grants - IDOR id=99999 (alt_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -POST {{base_url}}/api/admin/teams/99999/grants - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_grants_post_mass_assignment_financial_probe_8b55910b.hurl b/cases/api_admin_teams_id_grants_post_mass_assignment_financial_probe_8b55910b.hurl deleted file mode 100644 index 2a71211..0000000 --- a/cases/api_admin_teams_id_grants_post_mass_assignment_financial_probe_8b55910b.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [mass_assignment] financial probe ── -# case_id=TC-8b55910b -# case_name=POST /api/admin/teams/{id}/grants - [mass_assignment] financial probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "balance": 1, - "branches": [ - "these" - ], - "credits": 1, - "discount": 0, - "expiresAt": "1935-06-17T15:07:26Z", - "granteeTeamId": "02c4dc55-7e2a-4090-a2d0-b4fed5e1277e", - "granteeUserId": "85fb4919-bc0a-470e-9fae-9fa164ef5b88", - "price": 1, - "serviceId": "b5371d8e-203f-403f-bbb6-ab0e4e8f8466" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_mass_assignment_identity_probe_74060ffe.hurl b/cases/api_admin_teams_id_grants_post_mass_assignment_identity_probe_74060ffe.hurl deleted file mode 100644 index 9b011b7..0000000 --- a/cases/api_admin_teams_id_grants_post_mass_assignment_identity_probe_74060ffe.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [mass_assignment] identity probe ── -# case_id=TC-74060ffe -# case_name=POST /api/admin/teams/{id}/grants - [mass_assignment] identity probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "these" - ], - "createdBy": "__probe__", - "expiresAt": "1935-06-17T15:07:26Z", - "granteeTeamId": "02c4dc55-7e2a-4090-a2d0-b4fed5e1277e", - "granteeUserId": "85fb4919-bc0a-470e-9fae-9fa164ef5b88", - "ownerId": "__probe__", - "serviceId": "b5371d8e-203f-403f-bbb6-ab0e4e8f8466", - "userId": "__probe__", - "user_id": "__probe__" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_mass_assignment_privilege_probe_eaaad8f0.hurl b/cases/api_admin_teams_id_grants_post_mass_assignment_privilege_probe_eaaad8f0.hurl deleted file mode 100644 index 819661d..0000000 --- a/cases/api_admin_teams_id_grants_post_mass_assignment_privilege_probe_eaaad8f0.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [mass_assignment] privilege probe ── -# case_id=TC-eaaad8f0 -# case_name=POST /api/admin/teams/{id}/grants - [mass_assignment] privilege probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "admin": true, - "branches": [ - "these" - ], - "expiresAt": "1935-06-17T15:07:26Z", - "granteeTeamId": "02c4dc55-7e2a-4090-a2d0-b4fed5e1277e", - "granteeUserId": "85fb4919-bc0a-470e-9fae-9fa164ef5b88", - "isAdmin": true, - "is_admin": true, - "role": "__probe__", - "serviceId": "b5371d8e-203f-403f-bbb6-ab0e4e8f8466" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_mass_assignment_status_probe_54b93b94.hurl b/cases/api_admin_teams_id_grants_post_mass_assignment_status_probe_54b93b94.hurl deleted file mode 100644 index 8b4a8b5..0000000 --- a/cases/api_admin_teams_id_grants_post_mass_assignment_status_probe_54b93b94.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [mass_assignment] status probe ── -# case_id=TC-54b93b94 -# case_name=POST /api/admin/teams/{id}/grants - [mass_assignment] status probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "approved": true, - "banned": false, - "branches": [ - "these" - ], - "disabled": false, - "expiresAt": "1935-06-17T15:07:26Z", - "granteeTeamId": "02c4dc55-7e2a-4090-a2d0-b4fed5e1277e", - "granteeUserId": "85fb4919-bc0a-470e-9fae-9fa164ef5b88", - "serviceId": "b5371d8e-203f-403f-bbb6-ab0e4e8f8466", - "verified": true -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_missing_required_field_serviceid_33636c2c.hurl b/cases/api_admin_teams_id_grants_post_missing_required_field_serviceid_33636c2c.hurl deleted file mode 100644 index e28d079..0000000 --- a/cases/api_admin_teams_id_grants_post_missing_required_field_serviceid_33636c2c.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - missing required field "serviceId" ── -# case_id=TC-33636c2c -# case_name=POST /api/admin/teams/{id}/grants - missing required field "serviceId" -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P1 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "lastly" - ], - "expiresAt": "2010-02-21T09:42:07Z", - "granteeTeamId": "54d614e8-78c4-4be4-8d58-6262bc0ed601", - "granteeUserId": "ebe6434a-7451-43df-a2a8-4ff4abc09840" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_grants_post_missing_required_field_serviceid_62d899fa.hurl b/cases/api_admin_teams_id_grants_post_missing_required_field_serviceid_62d899fa.hurl deleted file mode 100644 index af18c83..0000000 --- a/cases/api_admin_teams_id_grants_post_missing_required_field_serviceid_62d899fa.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - missing required field "serviceId" ── -# case_id=TC-62d899fa -# case_name=POST /api/admin/teams/{id}/grants - missing required field "serviceId" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "for" - ], - "expiresAt": "1953-03-29T14:02:05Z", - "granteeTeamId": "6d698330-9f66-45db-a309-61a79c0db5ba", - "granteeUserId": "8867a80d-0d36-4338-ae27-3e2177ebe961" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_grants_post_missing_required_param_id_aee10eee.hurl b/cases/api_admin_teams_id_grants_post_missing_required_param_id_aee10eee.hurl deleted file mode 100644 index 3f0dc8e..0000000 --- a/cases/api_admin_teams_id_grants_post_missing_required_param_id_aee10eee.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - missing required param "id" ── -# case_id=TC-aee10eee -# case_name=POST /api/admin/teams/{id}/grants - missing required param "id" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -POST {{base_url}}/api/admin/teams/1/grants - -HTTP 422 - diff --git a/cases/api_admin_teams_id_grants_post_mutation_branches_null_value_3f1f0acd.hurl b/cases/api_admin_teams_id_grants_post_mutation_branches_null_value_3f1f0acd.hurl deleted file mode 100644 index c3b30fa..0000000 --- a/cases/api_admin_teams_id_grants_post_mutation_branches_null_value_3f1f0acd.hurl +++ /dev/null @@ -1,26 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - mutation: branches null value ── -# case_id=TC-3f1f0acd -# case_name=POST /api/admin/teams/{id}/grants - mutation: branches null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": null, - "expiresAt": "2008-02-06T15:08:34Z", - "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", - "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", - "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_grants_post_mutation_branches_object_instead_of_array_c0bd2a08.hurl b/cases/api_admin_teams_id_grants_post_mutation_branches_object_instead_of_array_c0bd2a08.hurl deleted file mode 100644 index 0de67df..0000000 --- a/cases/api_admin_teams_id_grants_post_mutation_branches_object_instead_of_array_c0bd2a08.hurl +++ /dev/null @@ -1,26 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - mutation: branches object instead of array ── -# case_id=TC-c0bd2a08 -# case_name=POST /api/admin/teams/{id}/grants - mutation: branches object instead of array -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": {}, - "expiresAt": "2008-02-06T15:08:34Z", - "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", - "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", - "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_grants_post_mutation_branches_string_instead_of_array_963f2d23.hurl b/cases/api_admin_teams_id_grants_post_mutation_branches_string_instead_of_array_963f2d23.hurl deleted file mode 100644 index dac3012..0000000 --- a/cases/api_admin_teams_id_grants_post_mutation_branches_string_instead_of_array_963f2d23.hurl +++ /dev/null @@ -1,26 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - mutation: branches string instead of array ── -# case_id=TC-963f2d23 -# case_name=POST /api/admin/teams/{id}/grants - mutation: branches string instead of array -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": "not-an-array", - "expiresAt": "2008-02-06T15:08:34Z", - "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", - "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", - "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_grants_post_mutation_expiresat_empty_string_2894700e.hurl b/cases/api_admin_teams_id_grants_post_mutation_expiresat_empty_string_2894700e.hurl deleted file mode 100644 index cedfe73..0000000 --- a/cases/api_admin_teams_id_grants_post_mutation_expiresat_empty_string_2894700e.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - mutation: expiresAt empty string ── -# case_id=TC-2894700e -# case_name=POST /api/admin/teams/{id}/grants - mutation: expiresAt empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "himself" - ], - "expiresAt": "", - "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", - "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", - "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_grants_post_mutation_expiresat_integer_instead_of_string_c03df9f9.hurl b/cases/api_admin_teams_id_grants_post_mutation_expiresat_integer_instead_of_string_c03df9f9.hurl deleted file mode 100644 index 580ceee..0000000 --- a/cases/api_admin_teams_id_grants_post_mutation_expiresat_integer_instead_of_string_c03df9f9.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - mutation: expiresAt integer instead of string ── -# case_id=TC-c03df9f9 -# case_name=POST /api/admin/teams/{id}/grants - mutation: expiresAt integer instead of string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "himself" - ], - "expiresAt": 12345, - "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", - "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", - "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_grants_post_mutation_expiresat_invalid_date_format_6260c870.hurl b/cases/api_admin_teams_id_grants_post_mutation_expiresat_invalid_date_format_6260c870.hurl deleted file mode 100644 index 3516d47..0000000 --- a/cases/api_admin_teams_id_grants_post_mutation_expiresat_invalid_date_format_6260c870.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - mutation: expiresAt invalid date format ── -# case_id=TC-6260c870 -# case_name=POST /api/admin/teams/{id}/grants - mutation: expiresAt invalid date format -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "himself" - ], - "expiresAt": "not-a-date", - "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", - "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", - "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_grants_post_mutation_expiresat_null_value_759658e7.hurl b/cases/api_admin_teams_id_grants_post_mutation_expiresat_null_value_759658e7.hurl deleted file mode 100644 index f8b44e4..0000000 --- a/cases/api_admin_teams_id_grants_post_mutation_expiresat_null_value_759658e7.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - mutation: expiresAt null value ── -# case_id=TC-759658e7 -# case_name=POST /api/admin/teams/{id}/grants - mutation: expiresAt null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "himself" - ], - "expiresAt": null, - "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", - "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", - "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_grants_post_mutation_expiresat_oversized_string_300_chars_0ee96c4d.hurl b/cases/api_admin_teams_id_grants_post_mutation_expiresat_oversized_string_300_chars_0ee96c4d.hurl deleted file mode 100644 index e14353a..0000000 --- a/cases/api_admin_teams_id_grants_post_mutation_expiresat_oversized_string_300_chars_0ee96c4d.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - mutation: expiresAt oversized string (300 chars) ── -# case_id=TC-0ee96c4d -# case_name=POST /api/admin/teams/{id}/grants - mutation: expiresAt oversized string (300 chars) -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "himself" - ], - "expiresAt": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", - "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", - "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_grants_post_mutation_granteeteamid_empty_string_7d06efc6.hurl b/cases/api_admin_teams_id_grants_post_mutation_granteeteamid_empty_string_7d06efc6.hurl deleted file mode 100644 index 3733e62..0000000 --- a/cases/api_admin_teams_id_grants_post_mutation_granteeteamid_empty_string_7d06efc6.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - mutation: granteeTeamId empty string ── -# case_id=TC-7d06efc6 -# case_name=POST /api/admin/teams/{id}/grants - mutation: granteeTeamId empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "himself" - ], - "expiresAt": "2008-02-06T15:08:34Z", - "granteeTeamId": "", - "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", - "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_grants_post_mutation_granteeteamid_null_value_0064709a.hurl b/cases/api_admin_teams_id_grants_post_mutation_granteeteamid_null_value_0064709a.hurl deleted file mode 100644 index cd83362..0000000 --- a/cases/api_admin_teams_id_grants_post_mutation_granteeteamid_null_value_0064709a.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - mutation: granteeTeamId null value ── -# case_id=TC-0064709a -# case_name=POST /api/admin/teams/{id}/grants - mutation: granteeTeamId null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "himself" - ], - "expiresAt": "2008-02-06T15:08:34Z", - "granteeTeamId": null, - "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", - "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_grants_post_null_injection_branches_e32391c6.hurl b/cases/api_admin_teams_id_grants_post_null_injection_branches_e32391c6.hurl deleted file mode 100644 index 5a63d4b..0000000 --- a/cases/api_admin_teams_id_grants_post_null_injection_branches_e32391c6.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - null injection: branches ── -# case_id=TC-e32391c6 -# case_name=POST /api/admin/teams/{id}/grants - null injection: branches -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": null, - "expiresAt": "1914-05-11T22:00:14Z", - "granteeTeamId": "bcaeb7d9-6d53-4be0-8f2e-d1beacfc2fa1", - "granteeUserId": "44099659-ceca-4310-b565-88e5257ae6f0", - "serviceId": "4e8d3cff-ce68-4019-af70-67a1bb961ec8" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_grants_post_null_injection_expiresat_df39db3e.hurl b/cases/api_admin_teams_id_grants_post_null_injection_expiresat_df39db3e.hurl deleted file mode 100644 index 9bc4270..0000000 --- a/cases/api_admin_teams_id_grants_post_null_injection_expiresat_df39db3e.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - null injection: expiresAt ── -# case_id=TC-df39db3e -# case_name=POST /api/admin/teams/{id}/grants - null injection: expiresAt -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "sari" - ], - "expiresAt": null, - "granteeTeamId": "bcaeb7d9-6d53-4be0-8f2e-d1beacfc2fa1", - "granteeUserId": "44099659-ceca-4310-b565-88e5257ae6f0", - "serviceId": "4e8d3cff-ce68-4019-af70-67a1bb961ec8" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_grants_post_null_injection_granteeteamid_63fd31b7.hurl b/cases/api_admin_teams_id_grants_post_null_injection_granteeteamid_63fd31b7.hurl deleted file mode 100644 index d1aed01..0000000 --- a/cases/api_admin_teams_id_grants_post_null_injection_granteeteamid_63fd31b7.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - null injection: granteeTeamId ── -# case_id=TC-63fd31b7 -# case_name=POST /api/admin/teams/{id}/grants - null injection: granteeTeamId -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "sari" - ], - "expiresAt": "1914-05-11T22:00:14Z", - "granteeTeamId": null, - "granteeUserId": "44099659-ceca-4310-b565-88e5257ae6f0", - "serviceId": "4e8d3cff-ce68-4019-af70-67a1bb961ec8" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_grants_post_null_injection_granteeuserid_593b0773.hurl b/cases/api_admin_teams_id_grants_post_null_injection_granteeuserid_593b0773.hurl deleted file mode 100644 index ea95b9d..0000000 --- a/cases/api_admin_teams_id_grants_post_null_injection_granteeuserid_593b0773.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - null injection: granteeUserId ── -# case_id=TC-593b0773 -# case_name=POST /api/admin/teams/{id}/grants - null injection: granteeUserId -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "sari" - ], - "expiresAt": "1914-05-11T22:00:14Z", - "granteeTeamId": "bcaeb7d9-6d53-4be0-8f2e-d1beacfc2fa1", - "granteeUserId": null, - "serviceId": "4e8d3cff-ce68-4019-af70-67a1bb961ec8" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_grants_post_null_injection_serviceid_2571eb1b.hurl b/cases/api_admin_teams_id_grants_post_null_injection_serviceid_2571eb1b.hurl deleted file mode 100644 index be4fc18..0000000 --- a/cases/api_admin_teams_id_grants_post_null_injection_serviceid_2571eb1b.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - null injection: serviceId ── -# case_id=TC-2571eb1b -# case_name=POST /api/admin/teams/{id}/grants - null injection: serviceId -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "sari" - ], - "expiresAt": "1914-05-11T22:00:14Z", - "granteeTeamId": "bcaeb7d9-6d53-4be0-8f2e-d1beacfc2fa1", - "granteeUserId": "44099659-ceca-4310-b565-88e5257ae6f0", - "serviceId": null -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_grants_post_owasp_api1_bola_unauthorized_access_750fd5ab.hurl b/cases/api_admin_teams_id_grants_post_owasp_api1_bola_unauthorized_access_750fd5ab.hurl deleted file mode 100644 index 80ee090..0000000 --- a/cases/api_admin_teams_id_grants_post_owasp_api1_bola_unauthorized_access_750fd5ab.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API1] POST /api/admin/teams/{id}/grants — BOLA unauthorized access ── -# case_id=TC-750fd5ab -# case_name=[OWASP-API1] POST /api/admin/teams/{id}/grants — BOLA unauthorized access -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/teams/{{other_resource_id}}/grants - -HTTP 403 - diff --git a/cases/api_admin_teams_id_grants_post_owasp_api2_broken_authentication_a5db835c.hurl b/cases/api_admin_teams_id_grants_post_owasp_api2_broken_authentication_a5db835c.hurl deleted file mode 100644 index a136042..0000000 --- a/cases/api_admin_teams_id_grants_post_owasp_api2_broken_authentication_a5db835c.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] POST /api/admin/teams/{id}/grants — broken authentication ── -# case_id=TC-a5db835c -# case_name=[OWASP-API2] POST /api/admin/teams/{id}/grants — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/teams/{id}/grants - -HTTP 401 - diff --git a/cases/api_admin_teams_id_grants_post_owasp_api5_function_level_authorization_missing_4c520692.hurl b/cases/api_admin_teams_id_grants_post_owasp_api5_function_level_authorization_missing_4c520692.hurl deleted file mode 100644 index 43f8117..0000000 --- a/cases/api_admin_teams_id_grants_post_owasp_api5_function_level_authorization_missing_4c520692.hurl +++ /dev/null @@ -1,13 +0,0 @@ -# ── [OWASP-API5] POST /api/admin/teams/{id}/grants — function-level authorization missing ── -# case_id=TC-4c520692 -# case_name=[OWASP-API5] POST /api/admin/teams/{id}/grants — function-level authorization missing -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -POST {{base_url}}/api/admin/teams/{id}/grants -Authorization: Bearer {{user_token}} - -HTTP 403 - diff --git a/cases/api_admin_teams_id_grants_post_owasp_api6_mass_assignment_e74b3c2c.hurl b/cases/api_admin_teams_id_grants_post_owasp_api6_mass_assignment_e74b3c2c.hurl deleted file mode 100644 index dc2ec5c..0000000 --- a/cases/api_admin_teams_id_grants_post_owasp_api6_mass_assignment_e74b3c2c.hurl +++ /dev/null @@ -1,32 +0,0 @@ -# ── [OWASP-API6] POST /api/admin/teams/{id}/grants — mass assignment ── -# case_id=TC-e74b3c2c -# case_name=[OWASP-API6] POST /api/admin/teams/{id}/grants — mass assignment -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "might" - ], - "createdAt": "2000-01-01T00:00:00Z", - "expiresAt": "1904-11-16T00:21:56Z", - "granteeTeamId": "80cfeb39-de1f-4afc-b29b-dbf268b668eb", - "granteeUserId": "af0ce4e0-f8fb-4c7c-b929-9d7dfc463d99", - "id": 99999, - "serviceId": "3751ed85-6162-4db7-8287-4b7491018fb0", - "updatedAt": "2000-01-01T00:00:00Z" -} -``` - -HTTP 201 - -[Asserts] -jsonpath "$.id" != 99999 -jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" -jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" - diff --git a/cases/api_admin_teams_id_grants_post_owasp_api7_injection_path_traversal_aa0b7128.hurl b/cases/api_admin_teams_id_grants_post_owasp_api7_injection_path_traversal_aa0b7128.hurl deleted file mode 100644 index 49836a0..0000000 --- a/cases/api_admin_teams_id_grants_post_owasp_api7_injection_path_traversal_aa0b7128.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] POST /api/admin/teams/{id}/grants — injection (path-traversal) ── -# case_id=TC-aa0b7128 -# case_name=[OWASP-API7] POST /api/admin/teams/{id}/grants — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/grants -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_owasp_api7_injection_sqli_ea6fd919.hurl b/cases/api_admin_teams_id_grants_post_owasp_api7_injection_sqli_ea6fd919.hurl deleted file mode 100644 index 312488c..0000000 --- a/cases/api_admin_teams_id_grants_post_owasp_api7_injection_sqli_ea6fd919.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] POST /api/admin/teams/{id}/grants — injection (sqli) ── -# case_id=TC-ea6fd919 -# case_name=[OWASP-API7] POST /api/admin/teams/{id}/grants — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/teams/%27%20OR%201=1--/grants -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_owasp_api7_injection_xss_c288f174.hurl b/cases/api_admin_teams_id_grants_post_owasp_api7_injection_xss_c288f174.hurl deleted file mode 100644 index d49660c..0000000 --- a/cases/api_admin_teams_id_grants_post_owasp_api7_injection_xss_c288f174.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] POST /api/admin/teams/{id}/grants — injection (xss) ── -# case_id=TC-c288f174 -# case_name=[OWASP-API7] POST /api/admin/teams/{id}/grants — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/grants -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_required_omission_serviceid_absent_eb992221.hurl b/cases/api_admin_teams_id_grants_post_required_omission_serviceid_absent_eb992221.hurl deleted file mode 100644 index d1c1cba..0000000 --- a/cases/api_admin_teams_id_grants_post_required_omission_serviceid_absent_eb992221.hurl +++ /dev/null @@ -1,27 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [required_omission] serviceId absent ── -# case_id=TC-eb992221 -# case_name=POST /api/admin/teams/{id}/grants - [required_omission] serviceId absent -# step_id=step-main -# step_type=test -# technique=required_omission -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "several" - ], - "expiresAt": "1989-03-13T15:48:36Z", - "granteeTeamId": "849dc625-c140-49ac-bf25-8a047cafbb78", - "granteeUserId": "f936f656-e5c6-4646-85ad-e56be5d8778e" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_grants_post_schema_violation_expiresat_invalid_format_date_ti_9509a04a.hurl b/cases/api_admin_teams_id_grants_post_schema_violation_expiresat_invalid_format_date_ti_9509a04a.hurl deleted file mode 100644 index 9cca0e5..0000000 --- a/cases/api_admin_teams_id_grants_post_schema_violation_expiresat_invalid_format_date_ti_9509a04a.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [schema_violation] expiresAt_invalid_format_date-time ── -# case_id=TC-9509a04a -# case_name=POST /api/admin/teams/{id}/grants - [schema_violation] expiresAt_invalid_format_date-time -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "am" - ], - "expiresAt": "not-a-date", - "granteeTeamId": "7a8e7c06-efab-4a89-8471-23bbf2a20eea", - "granteeUserId": "55b411ae-4ae9-4cf6-802a-a4a242203443", - "serviceId": "435a1f1c-09a1-4465-b8ad-2053fa825257" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_grants_post_schema_violation_serviceid_missing_required_4b79a206.hurl b/cases/api_admin_teams_id_grants_post_schema_violation_serviceid_missing_required_4b79a206.hurl deleted file mode 100644 index 3359665..0000000 --- a/cases/api_admin_teams_id_grants_post_schema_violation_serviceid_missing_required_4b79a206.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [schema_violation] serviceId_missing_required ── -# case_id=TC-4b79a206 -# case_name=POST /api/admin/teams/{id}/grants - [schema_violation] serviceId_missing_required -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "am" - ], - "expiresAt": "1970-08-02T20:53:06Z", - "granteeTeamId": "7a8e7c06-efab-4a89-8471-23bbf2a20eea", - "granteeUserId": "55b411ae-4ae9-4cf6-802a-a4a242203443" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_grants_post_type_coercion_branches_wrong_type_string_291b984a.hurl b/cases/api_admin_teams_id_grants_post_type_coercion_branches_wrong_type_string_291b984a.hurl deleted file mode 100644 index 836f029..0000000 --- a/cases/api_admin_teams_id_grants_post_type_coercion_branches_wrong_type_string_291b984a.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [type_coercion] branches wrong_type_string ── -# case_id=TC-291b984a -# case_name=POST /api/admin/teams/{id}/grants - [type_coercion] branches wrong_type_string -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": "not_an_array", - "expiresAt": "2013-09-12T21:41:49Z", - "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", - "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", - "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_grants_post_type_coercion_expiresat_wrong_type_boolean_d73bcfa6.hurl b/cases/api_admin_teams_id_grants_post_type_coercion_expiresat_wrong_type_boolean_d73bcfa6.hurl deleted file mode 100644 index 6281915..0000000 --- a/cases/api_admin_teams_id_grants_post_type_coercion_expiresat_wrong_type_boolean_d73bcfa6.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [type_coercion] expiresAt wrong_type_boolean ── -# case_id=TC-d73bcfa6 -# case_name=POST /api/admin/teams/{id}/grants - [type_coercion] expiresAt wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "bad" - ], - "expiresAt": true, - "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", - "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", - "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_grants_post_type_coercion_expiresat_wrong_type_integer_4440c404.hurl b/cases/api_admin_teams_id_grants_post_type_coercion_expiresat_wrong_type_integer_4440c404.hurl deleted file mode 100644 index 8ff32e8..0000000 --- a/cases/api_admin_teams_id_grants_post_type_coercion_expiresat_wrong_type_integer_4440c404.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [type_coercion] expiresAt wrong_type_integer ── -# case_id=TC-4440c404 -# case_name=POST /api/admin/teams/{id}/grants - [type_coercion] expiresAt wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "bad" - ], - "expiresAt": 123, - "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", - "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", - "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_grants_post_type_coercion_granteeteamid_wrong_type_boolean_8920e31f.hurl b/cases/api_admin_teams_id_grants_post_type_coercion_granteeteamid_wrong_type_boolean_8920e31f.hurl deleted file mode 100644 index d9409f9..0000000 --- a/cases/api_admin_teams_id_grants_post_type_coercion_granteeteamid_wrong_type_boolean_8920e31f.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [type_coercion] granteeTeamId wrong_type_boolean ── -# case_id=TC-8920e31f -# case_name=POST /api/admin/teams/{id}/grants - [type_coercion] granteeTeamId wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "bad" - ], - "expiresAt": "2013-09-12T21:41:49Z", - "granteeTeamId": true, - "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", - "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_grants_post_type_coercion_granteeteamid_wrong_type_integer_50132b05.hurl b/cases/api_admin_teams_id_grants_post_type_coercion_granteeteamid_wrong_type_integer_50132b05.hurl deleted file mode 100644 index b2a78fb..0000000 --- a/cases/api_admin_teams_id_grants_post_type_coercion_granteeteamid_wrong_type_integer_50132b05.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [type_coercion] granteeTeamId wrong_type_integer ── -# case_id=TC-50132b05 -# case_name=POST /api/admin/teams/{id}/grants - [type_coercion] granteeTeamId wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "bad" - ], - "expiresAt": "2013-09-12T21:41:49Z", - "granteeTeamId": 123, - "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", - "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_grants_post_type_coercion_granteeuserid_wrong_type_boolean_1566fad3.hurl b/cases/api_admin_teams_id_grants_post_type_coercion_granteeuserid_wrong_type_boolean_1566fad3.hurl deleted file mode 100644 index 0be3656..0000000 --- a/cases/api_admin_teams_id_grants_post_type_coercion_granteeuserid_wrong_type_boolean_1566fad3.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [type_coercion] granteeUserId wrong_type_boolean ── -# case_id=TC-1566fad3 -# case_name=POST /api/admin/teams/{id}/grants - [type_coercion] granteeUserId wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "bad" - ], - "expiresAt": "2013-09-12T21:41:49Z", - "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", - "granteeUserId": true, - "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_grants_post_type_coercion_granteeuserid_wrong_type_integer_3f9db72b.hurl b/cases/api_admin_teams_id_grants_post_type_coercion_granteeuserid_wrong_type_integer_3f9db72b.hurl deleted file mode 100644 index 1b99e33..0000000 --- a/cases/api_admin_teams_id_grants_post_type_coercion_granteeuserid_wrong_type_integer_3f9db72b.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [type_coercion] granteeUserId wrong_type_integer ── -# case_id=TC-3f9db72b -# case_name=POST /api/admin/teams/{id}/grants - [type_coercion] granteeUserId wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "bad" - ], - "expiresAt": "2013-09-12T21:41:49Z", - "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", - "granteeUserId": 123, - "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_grants_post_type_coercion_serviceid_wrong_type_boolean_f4852904.hurl b/cases/api_admin_teams_id_grants_post_type_coercion_serviceid_wrong_type_boolean_f4852904.hurl deleted file mode 100644 index e4ba46c..0000000 --- a/cases/api_admin_teams_id_grants_post_type_coercion_serviceid_wrong_type_boolean_f4852904.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [type_coercion] serviceId wrong_type_boolean ── -# case_id=TC-f4852904 -# case_name=POST /api/admin/teams/{id}/grants - [type_coercion] serviceId wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "bad" - ], - "expiresAt": "2013-09-12T21:41:49Z", - "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", - "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", - "serviceId": true -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_grants_post_type_coercion_serviceid_wrong_type_integer_e98b7c31.hurl b/cases/api_admin_teams_id_grants_post_type_coercion_serviceid_wrong_type_integer_e98b7c31.hurl deleted file mode 100644 index db2a358..0000000 --- a/cases/api_admin_teams_id_grants_post_type_coercion_serviceid_wrong_type_integer_e98b7c31.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [type_coercion] serviceId wrong_type_integer ── -# case_id=TC-e98b7c31 -# case_name=POST /api/admin/teams/{id}/grants - [type_coercion] serviceId wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "bad" - ], - "expiresAt": "2013-09-12T21:41:49Z", - "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", - "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", - "serviceId": 123 -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_bidi_override_691f2024.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_bidi_override_691f2024.hurl deleted file mode 100644 index fe11e46..0000000 --- a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_bidi_override_691f2024.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt bidi_override ── -# case_id=TC-691f2024 -# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "eye" - ], - "expiresAt": "‮hello", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_control_char_ed7d403f.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_control_char_ed7d403f.hurl deleted file mode 100644 index ad3d208..0000000 --- a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_control_char_ed7d403f.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt control_char ── -# case_id=TC-ed7d403f -# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "eye" - ], - "expiresAt": "hello\u0000world", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_overlong_e80f6e77.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_overlong_e80f6e77.hurl deleted file mode 100644 index f3fdebb..0000000 --- a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_overlong_e80f6e77.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt overlong ── -# case_id=TC-e80f6e77 -# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "eye" - ], - "expiresAt": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_zalgo_e8fa18b3.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_zalgo_e8fa18b3.hurl deleted file mode 100644 index 645c1ac..0000000 --- a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_zalgo_e8fa18b3.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt zalgo ── -# case_id=TC-e8fa18b3 -# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "eye" - ], - "expiresAt": "z̀́̂̃̄̅̆̇a", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_zero_width_c67b22d4.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_zero_width_c67b22d4.hurl deleted file mode 100644 index 5639188..0000000 --- a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_expiresat_zero_width_c67b22d4.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt zero_width ── -# case_id=TC-c67b22d4 -# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "eye" - ], - "expiresAt": "​hello", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_bidi_override_d197e84d.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_bidi_override_d197e84d.hurl deleted file mode 100644 index 778d1be..0000000 --- a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_bidi_override_d197e84d.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId bidi_override ── -# case_id=TC-d197e84d -# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "‮hello", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_control_char_d5595214.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_control_char_d5595214.hurl deleted file mode 100644 index b619d09..0000000 --- a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_control_char_d5595214.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId control_char ── -# case_id=TC-d5595214 -# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "hello\u0000world", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_overlong_4df41e59.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_overlong_4df41e59.hurl deleted file mode 100644 index 1083314..0000000 --- a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_overlong_4df41e59.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId overlong ── -# case_id=TC-4df41e59 -# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_zalgo_603eeaa8.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_zalgo_603eeaa8.hurl deleted file mode 100644 index e59ebac..0000000 --- a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_zalgo_603eeaa8.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId zalgo ── -# case_id=TC-603eeaa8 -# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "z̀́̂̃̄̅̆̇a", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_zero_width_28a0c8b4.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_zero_width_28a0c8b4.hurl deleted file mode 100644 index cdbd4b0..0000000 --- a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeteamid_zero_width_28a0c8b4.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId zero_width ── -# case_id=TC-28a0c8b4 -# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "​hello", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_bidi_override_57831769.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_bidi_override_57831769.hurl deleted file mode 100644 index a58fb0b..0000000 --- a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_bidi_override_57831769.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId bidi_override ── -# case_id=TC-57831769 -# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "‮hello", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_control_char_bb1058c5.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_control_char_bb1058c5.hurl deleted file mode 100644 index a6ba00f..0000000 --- a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_control_char_bb1058c5.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId control_char ── -# case_id=TC-bb1058c5 -# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "hello\u0000world", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_overlong_81f35d0c.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_overlong_81f35d0c.hurl deleted file mode 100644 index 51c222a..0000000 --- a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_overlong_81f35d0c.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId overlong ── -# case_id=TC-81f35d0c -# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_zalgo_7682a2d7.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_zalgo_7682a2d7.hurl deleted file mode 100644 index 64d6e2b..0000000 --- a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_zalgo_7682a2d7.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId zalgo ── -# case_id=TC-7682a2d7 -# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "z̀́̂̃̄̅̆̇a", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_zero_width_7f787ffd.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_zero_width_7f787ffd.hurl deleted file mode 100644 index a922175..0000000 --- a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_granteeuserid_zero_width_7f787ffd.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId zero_width ── -# case_id=TC-7f787ffd -# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "​hello", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_bidi_override_894450de.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_bidi_override_894450de.hurl deleted file mode 100644 index 750e01a..0000000 --- a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_bidi_override_894450de.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId bidi_override ── -# case_id=TC-894450de -# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "‮hello" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_control_char_aea6968a.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_control_char_aea6968a.hurl deleted file mode 100644 index cc530ec..0000000 --- a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_control_char_aea6968a.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId control_char ── -# case_id=TC-aea6968a -# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "hello\u0000world" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_overlong_ae4ea893.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_overlong_ae4ea893.hurl deleted file mode 100644 index 4163e13..0000000 --- a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_overlong_ae4ea893.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId overlong ── -# case_id=TC-ae4ea893 -# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_zalgo_3b372657.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_zalgo_3b372657.hurl deleted file mode 100644 index 5cc2f8d..0000000 --- a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_zalgo_3b372657.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId zalgo ── -# case_id=TC-3b372657 -# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "z̀́̂̃̄̅̆̇a" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_zero_width_c9798ccb.hurl b/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_zero_width_c9798ccb.hurl deleted file mode 100644 index 847f0fe..0000000 --- a/cases/api_admin_teams_id_grants_post_unicode_fuzzing_serviceid_zero_width_c9798ccb.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId zero_width ── -# case_id=TC-c9798ccb -# case_name=POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "​hello" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_grants_post_valid_request_with_all_required_fields_62bccfec.hurl b/cases/api_admin_teams_id_grants_post_valid_request_with_all_required_fields_62bccfec.hurl deleted file mode 100644 index 9d30e28..0000000 --- a/cases/api_admin_teams_id_grants_post_valid_request_with_all_required_fields_62bccfec.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - valid request with all required fields ── -# case_id=TC-62bccfec -# case_name=POST /api/admin/teams/{id}/grants - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "other" - ], - "expiresAt": "2020-03-12T16:50:23Z", - "granteeTeamId": "fcea5c7d-08df-4a6b-a40b-cc22936c70a6", - "granteeUserId": "4b66d87d-2a87-436a-9cba-cbd963fe3725", - "serviceId": "20931bd8-47ab-4a34-9161-aa0f41c54efd" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.id" exists - diff --git a/cases/api_admin_teams_id_grants_post_wrong_content_type_text_plain_a9ed456f.hurl b/cases/api_admin_teams_id_grants_post_wrong_content_type_text_plain_a9ed456f.hurl deleted file mode 100644 index a36edae..0000000 --- a/cases/api_admin_teams_id_grants_post_wrong_content_type_text_plain_a9ed456f.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams/{id}/grants - wrong content-type (text/plain) ── -# case_id=TC-a9ed456f -# case_name=POST /api/admin/teams/{id}/grants - wrong content-type (text/plain) -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: text/plain -```json -{ - "branches": [ - "sari" - ], - "expiresAt": "1914-05-11T22:00:14Z", - "granteeTeamId": "bcaeb7d9-6d53-4be0-8f2e-d1beacfc2fa1", - "granteeUserId": "44099659-ceca-4310-b565-88e5257ae6f0", - "serviceId": "4e8d3cff-ce68-4019-af70-67a1bb961ec8" -} -``` - -HTTP 415 - diff --git a/cases/api_admin_teams_id_grants_sequence_chain_delete_api_admin_grants_id_fae601d3.hurl b/cases/api_admin_teams_id_grants_sequence_chain_delete_api_admin_grants_id_fae601d3.hurl deleted file mode 100644 index 39a3642..0000000 --- a/cases/api_admin_teams_id_grants_sequence_chain_delete_api_admin_grants_id_fae601d3.hurl +++ /dev/null @@ -1,48 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/teams/{id}/grants → DELETE /api/admin/grants/{id} -# case_id=TC-fae601d3 -# case_name=sequence chain: /api/admin/teams/{id}/grants → DELETE /api/admin/grants/{id} -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/teams/{id}/grants [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/teams/{id}/grants - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "in" - ], - "expiresAt": "1934-04-27T17:54:54Z", - "granteeTeamId": "ef7ba0e3-e654-4cbe-a8db-7d80ae34554a", - "granteeUserId": "6b8cf351-2a07-4e9b-af8d-93adadf31af4", - "serviceId": "4af3c971-e3ff-4038-8eec-7562f600ef7e" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via DELETE /api/admin/grants/{id} [test] ── -# step_id=step-test -# step_type=test -# title=use via DELETE /api/admin/grants/{id} -# depends_on=step-setup - -DELETE {{base_url}}/api/admin/grants/{{id}} - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_teams_id_grants_sequence_chain_delete_api_admin_users_id_1e93f696.hurl b/cases/api_admin_teams_id_grants_sequence_chain_delete_api_admin_users_id_1e93f696.hurl deleted file mode 100644 index 78b2aa2..0000000 --- a/cases/api_admin_teams_id_grants_sequence_chain_delete_api_admin_users_id_1e93f696.hurl +++ /dev/null @@ -1,48 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/teams/{id}/grants → DELETE /api/admin/users/{id} -# case_id=TC-1e93f696 -# case_name=sequence chain: /api/admin/teams/{id}/grants → DELETE /api/admin/users/{id} -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/teams/{id}/grants [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/teams/{id}/grants - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "next" - ], - "expiresAt": "1953-08-22T03:36:54Z", - "granteeTeamId": "4ec6231f-137f-4153-97d0-8c43294d0bd2", - "granteeUserId": "94e4e393-307c-46af-870b-f6f1a737e66b", - "serviceId": "67af3e57-44c9-4422-ae15-53de1e10b9a7" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via DELETE /api/admin/users/{id} [test] ── -# step_id=step-test -# step_type=test -# title=use via DELETE /api/admin/users/{id} -# depends_on=step-setup - -DELETE {{base_url}}/api/admin/users/{{id}} - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_teams_id_grants_sequence_chain_get_api_admin_teams_id_members_7710bdae.hurl b/cases/api_admin_teams_id_grants_sequence_chain_get_api_admin_teams_id_members_7710bdae.hurl deleted file mode 100644 index 4df5e98..0000000 --- a/cases/api_admin_teams_id_grants_sequence_chain_get_api_admin_teams_id_members_7710bdae.hurl +++ /dev/null @@ -1,48 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/teams/{id}/grants → GET /api/admin/teams/{id}/members -# case_id=TC-7710bdae -# case_name=sequence chain: /api/admin/teams/{id}/grants → GET /api/admin/teams/{id}/members -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/teams/{id}/grants [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/teams/{id}/grants - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "place" - ], - "expiresAt": "1973-01-05T11:42:04Z", - "granteeTeamId": "58c7d788-061b-4021-9e8c-01942f155464", - "granteeUserId": "1b70dc76-c2d3-4e62-9f5d-22c8319dc0a2", - "serviceId": "a31b4938-a01f-4bc1-80fe-f165a18d784e" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via GET /api/admin/teams/{id}/members [test] ── -# step_id=step-test -# step_type=test -# title=use via GET /api/admin/teams/{id}/members -# depends_on=step-setup - -GET {{base_url}}/api/admin/teams/{{id}}/members - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_teams_id_grants_sequence_chain_get_api_admin_teams_id_services_fd7cb142.hurl b/cases/api_admin_teams_id_grants_sequence_chain_get_api_admin_teams_id_services_fd7cb142.hurl deleted file mode 100644 index f5c01d0..0000000 --- a/cases/api_admin_teams_id_grants_sequence_chain_get_api_admin_teams_id_services_fd7cb142.hurl +++ /dev/null @@ -1,48 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/teams/{id}/grants → GET /api/admin/teams/{id}/services -# case_id=TC-fd7cb142 -# case_name=sequence chain: /api/admin/teams/{id}/grants → GET /api/admin/teams/{id}/services -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/teams/{id}/grants [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/teams/{id}/grants - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "nightly" - ], - "expiresAt": "2014-07-24T15:17:10Z", - "granteeTeamId": "da38f17d-bcba-48c6-b1e9-2b8c5c84b849", - "granteeUserId": "a204f443-d1b0-4bfc-803a-4c17ae6cc61d", - "serviceId": "ce438324-485f-4319-9bd6-11c6d9721984" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via GET /api/admin/teams/{id}/services [test] ── -# step_id=step-test -# step_type=test -# title=use via GET /api/admin/teams/{id}/services -# depends_on=step-setup - -GET {{base_url}}/api/admin/teams/{{id}}/services - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_teams_id_grants_sequence_chain_post_api_admin_teams_id_members_136f3cd3.hurl b/cases/api_admin_teams_id_grants_sequence_chain_post_api_admin_teams_id_members_136f3cd3.hurl deleted file mode 100644 index f9721a0..0000000 --- a/cases/api_admin_teams_id_grants_sequence_chain_post_api_admin_teams_id_members_136f3cd3.hurl +++ /dev/null @@ -1,55 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/teams/{id}/grants → POST /api/admin/teams/{id}/members -# case_id=TC-136f3cd3 -# case_name=sequence chain: /api/admin/teams/{id}/grants → POST /api/admin/teams/{id}/members -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/teams/{id}/grants [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/teams/{id}/grants - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "wow" - ], - "expiresAt": "1972-07-06T21:33:45Z", - "granteeTeamId": "b14431ac-e726-45f0-93de-31b938772976", - "granteeUserId": "4d5d2551-5245-4b9f-96e5-0b702e93eff2", - "serviceId": "fa586d52-80ed-493e-8e6d-6047b31e41fa" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via POST /api/admin/teams/{id}/members [test] ── -# step_id=step-test -# step_type=test -# title=use via POST /api/admin/teams/{id}/members -# depends_on=step-setup - -POST {{base_url}}/api/admin/teams/{{id}}/members -Content-Type: application/json -```json -{ - "role": "member", - "userId": "1dd37e1e-0598-4a14-9118-1e52865101d3" -} -``` - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_teams_id_grants_sequence_chain_put_api_admin_services_serviceid_team_cafaccf6.hurl b/cases/api_admin_teams_id_grants_sequence_chain_put_api_admin_services_serviceid_team_cafaccf6.hurl deleted file mode 100644 index 3a14091..0000000 --- a/cases/api_admin_teams_id_grants_sequence_chain_put_api_admin_services_serviceid_team_cafaccf6.hurl +++ /dev/null @@ -1,54 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/teams/{id}/grants → PUT /api/admin/services/{serviceId}/team -# case_id=TC-cafaccf6 -# case_name=sequence chain: /api/admin/teams/{id}/grants → PUT /api/admin/services/{serviceId}/team -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/teams/{id}/grants [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/teams/{id}/grants - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "am" - ], - "expiresAt": "1930-06-02T07:33:10Z", - "granteeTeamId": "6eb082a3-7a81-4673-b080-6f876150d238", - "granteeUserId": "9c8b45fd-f191-4a4d-80fd-b8dad10d176a", - "serviceId": "d078acf6-4a9a-463a-9632-1d93b5a7ecfa" -} -``` - -HTTP * - -[Captures] -serviceId: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via PUT /api/admin/services/{serviceId}/team [test] ── -# step_id=step-test -# step_type=test -# title=use via PUT /api/admin/services/{serviceId}/team -# depends_on=step-setup - -PUT {{base_url}}/api/admin/services/{{serviceId}}/team -Content-Type: application/json -```json -{ - "teamId": "ef302aa8-fd8d-4fd6-9798-6d57d88f7ac6" -} -``` - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_teams_id_grants_sequence_chain_put_api_admin_users_id_636e3912.hurl b/cases/api_admin_teams_id_grants_sequence_chain_put_api_admin_users_id_636e3912.hurl deleted file mode 100644 index 300dbf2..0000000 --- a/cases/api_admin_teams_id_grants_sequence_chain_put_api_admin_users_id_636e3912.hurl +++ /dev/null @@ -1,55 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/teams/{id}/grants → PUT /api/admin/users/{id} -# case_id=TC-636e3912 -# case_name=sequence chain: /api/admin/teams/{id}/grants → PUT /api/admin/users/{id} -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/teams/{id}/grants [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/teams/{id}/grants - -POST {{base_url}}/api/admin/teams/{id}/grants -Content-Type: application/json -```json -{ - "branches": [ - "half" - ], - "expiresAt": "1911-12-23T17:30:07Z", - "granteeTeamId": "e275d7a1-f1f0-449b-9962-e43b92698249", - "granteeUserId": "5a22025f-d28e-4434-9b1d-93bf353fbdb9", - "serviceId": "71bbc723-acdf-4be2-b56f-e471f9077cc5" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via PUT /api/admin/users/{id} [test] ── -# step_id=step-test -# step_type=test -# title=use via PUT /api/admin/users/{id} -# depends_on=step-setup - -PUT {{base_url}}/api/admin/users/{{id}} -Content-Type: application/json -```json -{ - "isActive": true, - "role": "team_member" -} -``` - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_teams_id_members_get_idor_id_0_zero_id_8d769a8b.hurl b/cases/api_admin_teams_id_members_get_idor_id_0_zero_id_8d769a8b.hurl deleted file mode 100644 index 3493525..0000000 --- a/cases/api_admin_teams_id_members_get_idor_id_0_zero_id_8d769a8b.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── GET /api/admin/teams/{id}/members - IDOR id=0 (zero_id) ── -# case_id=TC-8d769a8b -# case_name=GET /api/admin/teams/{id}/members - IDOR id=0 (zero_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -GET {{base_url}}/api/admin/teams/0/members - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_members_get_idor_id_99999_alt_id_4af55f13.hurl b/cases/api_admin_teams_id_members_get_idor_id_99999_alt_id_4af55f13.hurl deleted file mode 100644 index 3ae29f9..0000000 --- a/cases/api_admin_teams_id_members_get_idor_id_99999_alt_id_4af55f13.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── GET /api/admin/teams/{id}/members - IDOR id=99999 (alt_id) ── -# case_id=TC-4af55f13 -# case_name=GET /api/admin/teams/{id}/members - IDOR id=99999 (alt_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -GET {{base_url}}/api/admin/teams/99999/members - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_members_get_missing_required_param_id_724cd05d.hurl b/cases/api_admin_teams_id_members_get_missing_required_param_id_724cd05d.hurl deleted file mode 100644 index 72f1207..0000000 --- a/cases/api_admin_teams_id_members_get_missing_required_param_id_724cd05d.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── GET /api/admin/teams/{id}/members - missing required param "id" ── -# case_id=TC-724cd05d -# case_name=GET /api/admin/teams/{id}/members - missing required param "id" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -GET {{base_url}}/api/admin/teams/1/members - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_get_owasp_api1_bola_unauthorized_access_be93ffb9.hurl b/cases/api_admin_teams_id_members_get_owasp_api1_bola_unauthorized_access_be93ffb9.hurl deleted file mode 100644 index e0b7ef2..0000000 --- a/cases/api_admin_teams_id_members_get_owasp_api1_bola_unauthorized_access_be93ffb9.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API1] GET /api/admin/teams/{id}/members — BOLA unauthorized access ── -# case_id=TC-be93ffb9 -# case_name=[OWASP-API1] GET /api/admin/teams/{id}/members — BOLA unauthorized access -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/admin/teams/{{other_resource_id}}/members - -HTTP 403 - diff --git a/cases/api_admin_teams_id_members_get_owasp_api2_broken_authentication_942888a7.hurl b/cases/api_admin_teams_id_members_get_owasp_api2_broken_authentication_942888a7.hurl deleted file mode 100644 index 71eb073..0000000 --- a/cases/api_admin_teams_id_members_get_owasp_api2_broken_authentication_942888a7.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] GET /api/admin/teams/{id}/members — broken authentication ── -# case_id=TC-942888a7 -# case_name=[OWASP-API2] GET /api/admin/teams/{id}/members — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/admin/teams/{id}/members - -HTTP 401 - diff --git a/cases/api_admin_teams_id_members_get_owasp_api7_injection_path_traversal_c5fcb2bd.hurl b/cases/api_admin_teams_id_members_get_owasp_api7_injection_path_traversal_c5fcb2bd.hurl deleted file mode 100644 index ca6bd3c..0000000 --- a/cases/api_admin_teams_id_members_get_owasp_api7_injection_path_traversal_c5fcb2bd.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/admin/teams/{id}/members — injection (path-traversal) ── -# case_id=TC-c5fcb2bd -# case_name=[OWASP-API7] GET /api/admin/teams/{id}/members — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/members -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_get_owasp_api7_injection_sqli_05eacd8d.hurl b/cases/api_admin_teams_id_members_get_owasp_api7_injection_sqli_05eacd8d.hurl deleted file mode 100644 index 53bd4be..0000000 --- a/cases/api_admin_teams_id_members_get_owasp_api7_injection_sqli_05eacd8d.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/admin/teams/{id}/members — injection (sqli) ── -# case_id=TC-05eacd8d -# case_name=[OWASP-API7] GET /api/admin/teams/{id}/members — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/admin/teams/%27%20OR%201=1--/members -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_get_owasp_api7_injection_xss_9935c2df.hurl b/cases/api_admin_teams_id_members_get_owasp_api7_injection_xss_9935c2df.hurl deleted file mode 100644 index baa5bba..0000000 --- a/cases/api_admin_teams_id_members_get_owasp_api7_injection_xss_9935c2df.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/admin/teams/{id}/members — injection (xss) ── -# case_id=TC-9935c2df -# case_name=[OWASP-API7] GET /api/admin/teams/{id}/members — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/members -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_get_valid_request_with_all_required_fields_f1d4a7ff.hurl b/cases/api_admin_teams_id_members_get_valid_request_with_all_required_fields_f1d4a7ff.hurl deleted file mode 100644 index 172411a..0000000 --- a/cases/api_admin_teams_id_members_get_valid_request_with_all_required_fields_f1d4a7ff.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── GET /api/admin/teams/{id}/members - valid request with all required fields ── -# case_id=TC-f1d4a7ff -# case_name=GET /api/admin/teams/{id}/members - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -GET {{base_url}}/api/admin/teams/{id}/members - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.members" exists - diff --git a/cases/api_admin_teams_id_members_options_owasp_api8_cors_security_configuration_02ec7afc.hurl b/cases/api_admin_teams_id_members_options_owasp_api8_cors_security_configuration_02ec7afc.hurl deleted file mode 100644 index 7eba35d..0000000 --- a/cases/api_admin_teams_id_members_options_owasp_api8_cors_security_configuration_02ec7afc.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/admin/teams/{id}/members — CORS security configuration ── -# case_id=TC-02ec7afc -# case_name=[OWASP-API8] OPTIONS /api/admin/teams/{id}/members — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/admin/teams/{id}/members -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_admin_teams_id_members_post_idempotent_second_call_must_be_safe_fce8d8db.hurl b/cases/api_admin_teams_id_members_post_idempotent_second_call_must_be_safe_fce8d8db.hurl deleted file mode 100644 index ac72099..0000000 --- a/cases/api_admin_teams_id_members_post_idempotent_second_call_must_be_safe_fce8d8db.hurl +++ /dev/null @@ -1,47 +0,0 @@ -# ══════════════════════════════════════════════════ -# POST /api/admin/teams/{id}/members - idempotent: second call must be safe -# case_id=TC-fce8d8db -# case_name=POST /api/admin/teams/{id}/members - idempotent: second call must be safe -# case_kind=chain -# priority=P2 -# ══════════════════════════════════════════════════ - -# ── POST /api/admin/teams/{id}/members — first call [setup] ── -# step_id=step-setup -# step_type=setup -# title=POST /api/admin/teams/{id}/members — first call - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "member", - "userId": "f78fd0f2-6376-4a2b-8124-8006f5d96d4a" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - -# ── POST /api/admin/teams/{id}/members — identical second call must be safe [test] ── -# step_id=step-test -# step_type=test -# title=POST /api/admin/teams/{id}/members — identical second call must be safe -# depends_on=step-setup - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "member", - "userId": "f78fd0f2-6376-4a2b-8124-8006f5d96d4a" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_teams_id_members_post_idor_id_0_zero_id_07948765.hurl b/cases/api_admin_teams_id_members_post_idor_id_0_zero_id_07948765.hurl deleted file mode 100644 index cb79aa8..0000000 --- a/cases/api_admin_teams_id_members_post_idor_id_0_zero_id_07948765.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - IDOR id=0 (zero_id) ── -# case_id=TC-07948765 -# case_name=POST /api/admin/teams/{id}/members - IDOR id=0 (zero_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -POST {{base_url}}/api/admin/teams/0/members - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_members_post_idor_id_99999_alt_id_d1a0e9c6.hurl b/cases/api_admin_teams_id_members_post_idor_id_99999_alt_id_d1a0e9c6.hurl deleted file mode 100644 index 3013327..0000000 --- a/cases/api_admin_teams_id_members_post_idor_id_99999_alt_id_d1a0e9c6.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - IDOR id=99999 (alt_id) ── -# case_id=TC-d1a0e9c6 -# case_name=POST /api/admin/teams/{id}/members - IDOR id=99999 (alt_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -POST {{base_url}}/api/admin/teams/99999/members - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_members_post_invalid_role_value_not_in_enum_54b6ea73.hurl b/cases/api_admin_teams_id_members_post_invalid_role_value_not_in_enum_54b6ea73.hurl deleted file mode 100644 index bd1527b..0000000 --- a/cases/api_admin_teams_id_members_post_invalid_role_value_not_in_enum_54b6ea73.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - invalid role: value not in enum ── -# case_id=TC-54b6ea73 -# case_name=POST /api/admin/teams/{id}/members - invalid role: value not in enum -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "__invalid_enum__", - "userId": "45cf0fb5-a53d-4f38-94af-85fabe94e394" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_post_mass_assignment_financial_probe_31f44a55.hurl b/cases/api_admin_teams_id_members_post_mass_assignment_financial_probe_31f44a55.hurl deleted file mode 100644 index a2ccad2..0000000 --- a/cases/api_admin_teams_id_members_post_mass_assignment_financial_probe_31f44a55.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - [mass_assignment] financial probe ── -# case_id=TC-31f44a55 -# case_name=POST /api/admin/teams/{id}/members - [mass_assignment] financial probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "balance": 1, - "credits": 1, - "discount": 0, - "price": 1, - "role": "member", - "userId": "b21cab01-ede4-49da-9080-18aced242f70" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_post_mass_assignment_identity_probe_09f9b8eb.hurl b/cases/api_admin_teams_id_members_post_mass_assignment_identity_probe_09f9b8eb.hurl deleted file mode 100644 index 40ad5ee..0000000 --- a/cases/api_admin_teams_id_members_post_mass_assignment_identity_probe_09f9b8eb.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - [mass_assignment] identity probe ── -# case_id=TC-09f9b8eb -# case_name=POST /api/admin/teams/{id}/members - [mass_assignment] identity probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "createdBy": "__probe__", - "ownerId": "__probe__", - "role": "member", - "userId": "__probe__", - "user_id": "__probe__" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_post_mass_assignment_privilege_probe_850dd902.hurl b/cases/api_admin_teams_id_members_post_mass_assignment_privilege_probe_850dd902.hurl deleted file mode 100644 index 1c30168..0000000 --- a/cases/api_admin_teams_id_members_post_mass_assignment_privilege_probe_850dd902.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - [mass_assignment] privilege probe ── -# case_id=TC-850dd902 -# case_name=POST /api/admin/teams/{id}/members - [mass_assignment] privilege probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "admin": true, - "isAdmin": true, - "is_admin": true, - "role": "__probe__", - "userId": "b21cab01-ede4-49da-9080-18aced242f70" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_post_mass_assignment_status_probe_edb444ec.hurl b/cases/api_admin_teams_id_members_post_mass_assignment_status_probe_edb444ec.hurl deleted file mode 100644 index 74413c2..0000000 --- a/cases/api_admin_teams_id_members_post_mass_assignment_status_probe_edb444ec.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - [mass_assignment] status probe ── -# case_id=TC-edb444ec -# case_name=POST /api/admin/teams/{id}/members - [mass_assignment] status probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "approved": true, - "banned": false, - "disabled": false, - "role": "member", - "userId": "b21cab01-ede4-49da-9080-18aced242f70", - "verified": true -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_post_missing_required_field_userid_4eda623b.hurl b/cases/api_admin_teams_id_members_post_missing_required_field_userid_4eda623b.hurl deleted file mode 100644 index f7a480f..0000000 --- a/cases/api_admin_teams_id_members_post_missing_required_field_userid_4eda623b.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - missing required field "userId" ── -# case_id=TC-4eda623b -# case_name=POST /api/admin/teams/{id}/members - missing required field "userId" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "member" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_post_missing_required_field_userid_aea81fb1.hurl b/cases/api_admin_teams_id_members_post_missing_required_field_userid_aea81fb1.hurl deleted file mode 100644 index d05b8e5..0000000 --- a/cases/api_admin_teams_id_members_post_missing_required_field_userid_aea81fb1.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - missing required field "userId" ── -# case_id=TC-aea81fb1 -# case_name=POST /api/admin/teams/{id}/members - missing required field "userId" -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P1 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "owner" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_post_missing_required_param_id_e44fc900.hurl b/cases/api_admin_teams_id_members_post_missing_required_param_id_e44fc900.hurl deleted file mode 100644 index 8e43c76..0000000 --- a/cases/api_admin_teams_id_members_post_missing_required_param_id_e44fc900.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - missing required param "id" ── -# case_id=TC-e44fc900 -# case_name=POST /api/admin/teams/{id}/members - missing required param "id" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -POST {{base_url}}/api/admin/teams/1/members - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_post_mutation_role_empty_string_0cb69d90.hurl b/cases/api_admin_teams_id_members_post_mutation_role_empty_string_0cb69d90.hurl deleted file mode 100644 index 7f7b232..0000000 --- a/cases/api_admin_teams_id_members_post_mutation_role_empty_string_0cb69d90.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - mutation: role empty string ── -# case_id=TC-0cb69d90 -# case_name=POST /api/admin/teams/{id}/members - mutation: role empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "", - "userId": "eb5af601-571e-49ce-a28d-f33fe87bc344" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_members_post_mutation_role_integer_instead_of_string_dc8849f5.hurl b/cases/api_admin_teams_id_members_post_mutation_role_integer_instead_of_string_dc8849f5.hurl deleted file mode 100644 index 195792c..0000000 --- a/cases/api_admin_teams_id_members_post_mutation_role_integer_instead_of_string_dc8849f5.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - mutation: role integer instead of string ── -# case_id=TC-dc8849f5 -# case_name=POST /api/admin/teams/{id}/members - mutation: role integer instead of string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": 12345, - "userId": "eb5af601-571e-49ce-a28d-f33fe87bc344" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_members_post_mutation_role_null_value_aff2608e.hurl b/cases/api_admin_teams_id_members_post_mutation_role_null_value_aff2608e.hurl deleted file mode 100644 index 85eb241..0000000 --- a/cases/api_admin_teams_id_members_post_mutation_role_null_value_aff2608e.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - mutation: role null value ── -# case_id=TC-aff2608e -# case_name=POST /api/admin/teams/{id}/members - mutation: role null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": null, - "userId": "eb5af601-571e-49ce-a28d-f33fe87bc344" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_members_post_mutation_role_oversized_string_300_chars_977e71fa.hurl b/cases/api_admin_teams_id_members_post_mutation_role_oversized_string_300_chars_977e71fa.hurl deleted file mode 100644 index da3d666..0000000 --- a/cases/api_admin_teams_id_members_post_mutation_role_oversized_string_300_chars_977e71fa.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - mutation: role oversized string (300 chars) ── -# case_id=TC-977e71fa -# case_name=POST /api/admin/teams/{id}/members - mutation: role oversized string (300 chars) -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "userId": "eb5af601-571e-49ce-a28d-f33fe87bc344" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_members_post_mutation_userid_empty_string_b3beebbb.hurl b/cases/api_admin_teams_id_members_post_mutation_userid_empty_string_b3beebbb.hurl deleted file mode 100644 index ca4f8bb..0000000 --- a/cases/api_admin_teams_id_members_post_mutation_userid_empty_string_b3beebbb.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - mutation: userId empty string ── -# case_id=TC-b3beebbb -# case_name=POST /api/admin/teams/{id}/members - mutation: userId empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "member", - "userId": "" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_members_post_mutation_userid_integer_instead_of_string_d8212bc8.hurl b/cases/api_admin_teams_id_members_post_mutation_userid_integer_instead_of_string_d8212bc8.hurl deleted file mode 100644 index 51bd22b..0000000 --- a/cases/api_admin_teams_id_members_post_mutation_userid_integer_instead_of_string_d8212bc8.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - mutation: userId integer instead of string ── -# case_id=TC-d8212bc8 -# case_name=POST /api/admin/teams/{id}/members - mutation: userId integer instead of string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "member", - "userId": 12345 -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_members_post_mutation_userid_null_value_8e4fd867.hurl b/cases/api_admin_teams_id_members_post_mutation_userid_null_value_8e4fd867.hurl deleted file mode 100644 index 52a0fff..0000000 --- a/cases/api_admin_teams_id_members_post_mutation_userid_null_value_8e4fd867.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - mutation: userId null value ── -# case_id=TC-8e4fd867 -# case_name=POST /api/admin/teams/{id}/members - mutation: userId null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "member", - "userId": null -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_members_post_mutation_userid_oversized_string_300_chars_5739a85b.hurl b/cases/api_admin_teams_id_members_post_mutation_userid_oversized_string_300_chars_5739a85b.hurl deleted file mode 100644 index aad763c..0000000 --- a/cases/api_admin_teams_id_members_post_mutation_userid_oversized_string_300_chars_5739a85b.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - mutation: userId oversized string (300 chars) ── -# case_id=TC-5739a85b -# case_name=POST /api/admin/teams/{id}/members - mutation: userId oversized string (300 chars) -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "member", - "userId": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_members_post_null_injection_role_a2c2e196.hurl b/cases/api_admin_teams_id_members_post_null_injection_role_a2c2e196.hurl deleted file mode 100644 index 5b7729c..0000000 --- a/cases/api_admin_teams_id_members_post_null_injection_role_a2c2e196.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - null injection: role ── -# case_id=TC-a2c2e196 -# case_name=POST /api/admin/teams/{id}/members - null injection: role -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": null, - "userId": "b6f51cc4-2389-42c5-a864-35545c08cda9" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_post_null_injection_userid_1b45482b.hurl b/cases/api_admin_teams_id_members_post_null_injection_userid_1b45482b.hurl deleted file mode 100644 index 19c60ed..0000000 --- a/cases/api_admin_teams_id_members_post_null_injection_userid_1b45482b.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - null injection: userId ── -# case_id=TC-1b45482b -# case_name=POST /api/admin/teams/{id}/members - null injection: userId -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "owner", - "userId": null -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_post_owasp_api1_bola_unauthorized_access_bc997516.hurl b/cases/api_admin_teams_id_members_post_owasp_api1_bola_unauthorized_access_bc997516.hurl deleted file mode 100644 index 6bfc5b2..0000000 --- a/cases/api_admin_teams_id_members_post_owasp_api1_bola_unauthorized_access_bc997516.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API1] POST /api/admin/teams/{id}/members — BOLA unauthorized access ── -# case_id=TC-bc997516 -# case_name=[OWASP-API1] POST /api/admin/teams/{id}/members — BOLA unauthorized access -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/teams/{{other_resource_id}}/members - -HTTP 403 - diff --git a/cases/api_admin_teams_id_members_post_owasp_api2_broken_authentication_d1200108.hurl b/cases/api_admin_teams_id_members_post_owasp_api2_broken_authentication_d1200108.hurl deleted file mode 100644 index 0735f96..0000000 --- a/cases/api_admin_teams_id_members_post_owasp_api2_broken_authentication_d1200108.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] POST /api/admin/teams/{id}/members — broken authentication ── -# case_id=TC-d1200108 -# case_name=[OWASP-API2] POST /api/admin/teams/{id}/members — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/teams/{id}/members - -HTTP 401 - diff --git a/cases/api_admin_teams_id_members_post_owasp_api6_mass_assignment_5a01a3ba.hurl b/cases/api_admin_teams_id_members_post_owasp_api6_mass_assignment_5a01a3ba.hurl deleted file mode 100644 index b5228a2..0000000 --- a/cases/api_admin_teams_id_members_post_owasp_api6_mass_assignment_5a01a3ba.hurl +++ /dev/null @@ -1,27 +0,0 @@ -# ── [OWASP-API6] POST /api/admin/teams/{id}/members — mass assignment ── -# case_id=TC-5a01a3ba -# case_name=[OWASP-API6] POST /api/admin/teams/{id}/members — mass assignment -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "createdAt": "2000-01-01T00:00:00Z", - "id": 99999, - "role": "owner", - "updatedAt": "2000-01-01T00:00:00Z", - "userId": "4409317f-6972-4069-8ed6-942e90d42ec2" -} -``` - -HTTP 201 - -[Asserts] -jsonpath "$.id" != 99999 -jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" -jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" - diff --git a/cases/api_admin_teams_id_members_post_owasp_api7_injection_path_traversal_60a70815.hurl b/cases/api_admin_teams_id_members_post_owasp_api7_injection_path_traversal_60a70815.hurl deleted file mode 100644 index 697eece..0000000 --- a/cases/api_admin_teams_id_members_post_owasp_api7_injection_path_traversal_60a70815.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] POST /api/admin/teams/{id}/members — injection (path-traversal) ── -# case_id=TC-60a70815 -# case_name=[OWASP-API7] POST /api/admin/teams/{id}/members — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/members -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_post_owasp_api7_injection_sqli_5a3931f1.hurl b/cases/api_admin_teams_id_members_post_owasp_api7_injection_sqli_5a3931f1.hurl deleted file mode 100644 index 050d720..0000000 --- a/cases/api_admin_teams_id_members_post_owasp_api7_injection_sqli_5a3931f1.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] POST /api/admin/teams/{id}/members — injection (sqli) ── -# case_id=TC-5a3931f1 -# case_name=[OWASP-API7] POST /api/admin/teams/{id}/members — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/teams/%27%20OR%201=1--/members -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_post_owasp_api7_injection_xss_dd4d8c19.hurl b/cases/api_admin_teams_id_members_post_owasp_api7_injection_xss_dd4d8c19.hurl deleted file mode 100644 index bac945f..0000000 --- a/cases/api_admin_teams_id_members_post_owasp_api7_injection_xss_dd4d8c19.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] POST /api/admin/teams/{id}/members — injection (xss) ── -# case_id=TC-dd4d8c19 -# case_name=[OWASP-API7] POST /api/admin/teams/{id}/members — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/members -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_post_required_omission_userid_absent_1da7a2c3.hurl b/cases/api_admin_teams_id_members_post_required_omission_userid_absent_1da7a2c3.hurl deleted file mode 100644 index b8d0257..0000000 --- a/cases/api_admin_teams_id_members_post_required_omission_userid_absent_1da7a2c3.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - [required_omission] userId absent ── -# case_id=TC-1da7a2c3 -# case_name=POST /api/admin/teams/{id}/members - [required_omission] userId absent -# step_id=step-main -# step_type=test -# technique=required_omission -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "owner" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_members_post_schema_violation_role_invalid_enum_1d2b8bb8.hurl b/cases/api_admin_teams_id_members_post_schema_violation_role_invalid_enum_1d2b8bb8.hurl deleted file mode 100644 index e709114..0000000 --- a/cases/api_admin_teams_id_members_post_schema_violation_role_invalid_enum_1d2b8bb8.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - [schema_violation] role_invalid_enum ── -# case_id=TC-1d2b8bb8 -# case_name=POST /api/admin/teams/{id}/members - [schema_violation] role_invalid_enum -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "__invalid__", - "userId": "b28b1b32-e5b1-4269-b005-d53ff9fd5a8d" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_post_schema_violation_userid_missing_required_71efcd62.hurl b/cases/api_admin_teams_id_members_post_schema_violation_userid_missing_required_71efcd62.hurl deleted file mode 100644 index 9933800..0000000 --- a/cases/api_admin_teams_id_members_post_schema_violation_userid_missing_required_71efcd62.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - [schema_violation] userId_missing_required ── -# case_id=TC-71efcd62 -# case_name=POST /api/admin/teams/{id}/members - [schema_violation] userId_missing_required -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "member" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_post_type_coercion_role_wrong_type_boolean_2a4f0269.hurl b/cases/api_admin_teams_id_members_post_type_coercion_role_wrong_type_boolean_2a4f0269.hurl deleted file mode 100644 index 1838224..0000000 --- a/cases/api_admin_teams_id_members_post_type_coercion_role_wrong_type_boolean_2a4f0269.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - [type_coercion] role wrong_type_boolean ── -# case_id=TC-2a4f0269 -# case_name=POST /api/admin/teams/{id}/members - [type_coercion] role wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": true, - "userId": "8aa00d9d-7b81-42a4-830e-092302d2f2c4" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_post_type_coercion_role_wrong_type_integer_95fd239a.hurl b/cases/api_admin_teams_id_members_post_type_coercion_role_wrong_type_integer_95fd239a.hurl deleted file mode 100644 index 70fe0fa..0000000 --- a/cases/api_admin_teams_id_members_post_type_coercion_role_wrong_type_integer_95fd239a.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - [type_coercion] role wrong_type_integer ── -# case_id=TC-95fd239a -# case_name=POST /api/admin/teams/{id}/members - [type_coercion] role wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": 123, - "userId": "8aa00d9d-7b81-42a4-830e-092302d2f2c4" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_post_type_coercion_userid_wrong_type_boolean_8aeef740.hurl b/cases/api_admin_teams_id_members_post_type_coercion_userid_wrong_type_boolean_8aeef740.hurl deleted file mode 100644 index 62b46aa..0000000 --- a/cases/api_admin_teams_id_members_post_type_coercion_userid_wrong_type_boolean_8aeef740.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - [type_coercion] userId wrong_type_boolean ── -# case_id=TC-8aeef740 -# case_name=POST /api/admin/teams/{id}/members - [type_coercion] userId wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "member", - "userId": true -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_post_type_coercion_userid_wrong_type_integer_76bfddd4.hurl b/cases/api_admin_teams_id_members_post_type_coercion_userid_wrong_type_integer_76bfddd4.hurl deleted file mode 100644 index 81fabb8..0000000 --- a/cases/api_admin_teams_id_members_post_type_coercion_userid_wrong_type_integer_76bfddd4.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - [type_coercion] userId wrong_type_integer ── -# case_id=TC-76bfddd4 -# case_name=POST /api/admin/teams/{id}/members - [type_coercion] userId wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "member", - "userId": 123 -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_bidi_override_aa47e2dd.hurl b/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_bidi_override_aa47e2dd.hurl deleted file mode 100644 index 4f9614f..0000000 --- a/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_bidi_override_aa47e2dd.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - [unicode_fuzzing] role bidi_override ── -# case_id=TC-aa47e2dd -# case_name=POST /api/admin/teams/{id}/members - [unicode_fuzzing] role bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "‮hello", - "userId": "00287abb-135c-4e57-a40f-6a5a00caf19e" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_control_char_39e9a695.hurl b/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_control_char_39e9a695.hurl deleted file mode 100644 index c0bd26e..0000000 --- a/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_control_char_39e9a695.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - [unicode_fuzzing] role control_char ── -# case_id=TC-39e9a695 -# case_name=POST /api/admin/teams/{id}/members - [unicode_fuzzing] role control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "hello\u0000world", - "userId": "00287abb-135c-4e57-a40f-6a5a00caf19e" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_overlong_7473f431.hurl b/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_overlong_7473f431.hurl deleted file mode 100644 index f4dab69..0000000 --- a/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_overlong_7473f431.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - [unicode_fuzzing] role overlong ── -# case_id=TC-7473f431 -# case_name=POST /api/admin/teams/{id}/members - [unicode_fuzzing] role overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "userId": "00287abb-135c-4e57-a40f-6a5a00caf19e" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_zalgo_83be4bd5.hurl b/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_zalgo_83be4bd5.hurl deleted file mode 100644 index 312741f..0000000 --- a/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_zalgo_83be4bd5.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - [unicode_fuzzing] role zalgo ── -# case_id=TC-83be4bd5 -# case_name=POST /api/admin/teams/{id}/members - [unicode_fuzzing] role zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "z̀́̂̃̄̅̆̇a", - "userId": "00287abb-135c-4e57-a40f-6a5a00caf19e" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_zero_width_241bc1b4.hurl b/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_zero_width_241bc1b4.hurl deleted file mode 100644 index 2b53340..0000000 --- a/cases/api_admin_teams_id_members_post_unicode_fuzzing_role_zero_width_241bc1b4.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - [unicode_fuzzing] role zero_width ── -# case_id=TC-241bc1b4 -# case_name=POST /api/admin/teams/{id}/members - [unicode_fuzzing] role zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "​hello", - "userId": "00287abb-135c-4e57-a40f-6a5a00caf19e" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_bidi_override_e839caab.hurl b/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_bidi_override_e839caab.hurl deleted file mode 100644 index 73712f4..0000000 --- a/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_bidi_override_e839caab.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId bidi_override ── -# case_id=TC-e839caab -# case_name=POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "owner", - "userId": "‮hello" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_control_char_382c05ef.hurl b/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_control_char_382c05ef.hurl deleted file mode 100644 index 2f48afb..0000000 --- a/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_control_char_382c05ef.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId control_char ── -# case_id=TC-382c05ef -# case_name=POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "owner", - "userId": "hello\u0000world" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_overlong_cbe2af65.hurl b/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_overlong_cbe2af65.hurl deleted file mode 100644 index 2c9a654..0000000 --- a/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_overlong_cbe2af65.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId overlong ── -# case_id=TC-cbe2af65 -# case_name=POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "owner", - "userId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_zalgo_9cd03a11.hurl b/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_zalgo_9cd03a11.hurl deleted file mode 100644 index 2dcb828..0000000 --- a/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_zalgo_9cd03a11.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId zalgo ── -# case_id=TC-9cd03a11 -# case_name=POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "owner", - "userId": "z̀́̂̃̄̅̆̇a" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_zero_width_bdeeed04.hurl b/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_zero_width_bdeeed04.hurl deleted file mode 100644 index 951074d..0000000 --- a/cases/api_admin_teams_id_members_post_unicode_fuzzing_userid_zero_width_bdeeed04.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId zero_width ── -# case_id=TC-bdeeed04 -# case_name=POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "owner", - "userId": "​hello" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_post_valid_request_with_all_required_fields_17f7b78e.hurl b/cases/api_admin_teams_id_members_post_valid_request_with_all_required_fields_17f7b78e.hurl deleted file mode 100644 index 8da9a87..0000000 --- a/cases/api_admin_teams_id_members_post_valid_request_with_all_required_fields_17f7b78e.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - valid request with all required fields ── -# case_id=TC-17f7b78e -# case_name=POST /api/admin/teams/{id}/members - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: application/json -```json -{ - "role": "member", - "userId": "a3bd36d6-0660-42cd-82e2-4ffe231776bc" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.ok" exists - diff --git a/cases/api_admin_teams_id_members_post_wrong_content_type_text_plain_0f904569.hurl b/cases/api_admin_teams_id_members_post_wrong_content_type_text_plain_0f904569.hurl deleted file mode 100644 index b61bc20..0000000 --- a/cases/api_admin_teams_id_members_post_wrong_content_type_text_plain_0f904569.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/admin/teams/{id}/members - wrong content-type (text/plain) ── -# case_id=TC-0f904569 -# case_name=POST /api/admin/teams/{id}/members - wrong content-type (text/plain) -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams/{id}/members -Content-Type: text/plain -```json -{ - "role": "owner", - "userId": "b6f51cc4-2389-42c5-a864-35545c08cda9" -} -``` - -HTTP 415 - diff --git a/cases/api_admin_teams_id_members_userid_delete_idempotent_second_call_must_be_safe_e8a5f757.hurl b/cases/api_admin_teams_id_members_userid_delete_idempotent_second_call_must_be_safe_e8a5f757.hurl deleted file mode 100644 index 7ef0688..0000000 --- a/cases/api_admin_teams_id_members_userid_delete_idempotent_second_call_must_be_safe_e8a5f757.hurl +++ /dev/null @@ -1,33 +0,0 @@ -# ══════════════════════════════════════════════════ -# DELETE /api/admin/teams/{id}/members/{userId} - idempotent: second call must be safe -# case_id=TC-e8a5f757 -# case_name=DELETE /api/admin/teams/{id}/members/{userId} - idempotent: second call must be safe -# case_kind=chain -# priority=P2 -# ══════════════════════════════════════════════════ - -# ── DELETE /api/admin/teams/{id}/members/{userId} — first call [setup] ── -# step_id=step-setup -# step_type=setup -# title=DELETE /api/admin/teams/{id}/members/{userId} — first call - -DELETE {{base_url}}/api/admin/teams/{id}/members/{userId} - -HTTP 200 - -[Asserts] -duration < 2000 - -# ── DELETE /api/admin/teams/{id}/members/{userId} — identical second call must be safe [test] ── -# step_id=step-test -# step_type=test -# title=DELETE /api/admin/teams/{id}/members/{userId} — identical second call must be safe -# depends_on=step-setup - -DELETE {{base_url}}/api/admin/teams/{id}/members/{userId} - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_teams_id_members_userid_delete_idor_id_0_zero_id_eb538efa.hurl b/cases/api_admin_teams_id_members_userid_delete_idor_id_0_zero_id_eb538efa.hurl deleted file mode 100644 index de83eab..0000000 --- a/cases/api_admin_teams_id_members_userid_delete_idor_id_0_zero_id_eb538efa.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── DELETE /api/admin/teams/{id}/members/{userId} - IDOR id=0 (zero_id) ── -# case_id=TC-eb538efa -# case_name=DELETE /api/admin/teams/{id}/members/{userId} - IDOR id=0 (zero_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -DELETE {{base_url}}/api/admin/teams/0/members/1 - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_members_userid_delete_idor_id_99999_alt_id_c4642225.hurl b/cases/api_admin_teams_id_members_userid_delete_idor_id_99999_alt_id_c4642225.hurl deleted file mode 100644 index 8c0988c..0000000 --- a/cases/api_admin_teams_id_members_userid_delete_idor_id_99999_alt_id_c4642225.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── DELETE /api/admin/teams/{id}/members/{userId} - IDOR id=99999 (alt_id) ── -# case_id=TC-c4642225 -# case_name=DELETE /api/admin/teams/{id}/members/{userId} - IDOR id=99999 (alt_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -DELETE {{base_url}}/api/admin/teams/99999/members/1 - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_members_userid_delete_missing_required_param_id_4661322e.hurl b/cases/api_admin_teams_id_members_userid_delete_missing_required_param_id_4661322e.hurl deleted file mode 100644 index adca244..0000000 --- a/cases/api_admin_teams_id_members_userid_delete_missing_required_param_id_4661322e.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── DELETE /api/admin/teams/{id}/members/{userId} - missing required param "id" ── -# case_id=TC-4661322e -# case_name=DELETE /api/admin/teams/{id}/members/{userId} - missing required param "id" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -DELETE {{base_url}}/api/admin/teams/1/members/1 - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_userid_delete_missing_required_param_userid_636a79c8.hurl b/cases/api_admin_teams_id_members_userid_delete_missing_required_param_userid_636a79c8.hurl deleted file mode 100644 index 8c6d616..0000000 --- a/cases/api_admin_teams_id_members_userid_delete_missing_required_param_userid_636a79c8.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── DELETE /api/admin/teams/{id}/members/{userId} - missing required param "userId" ── -# case_id=TC-636a79c8 -# case_name=DELETE /api/admin/teams/{id}/members/{userId} - missing required param "userId" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -DELETE {{base_url}}/api/admin/teams/1/members/1 - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_userid_delete_owasp_api1_bola_unauthorized_access_042e8f38.hurl b/cases/api_admin_teams_id_members_userid_delete_owasp_api1_bola_unauthorized_access_042e8f38.hurl deleted file mode 100644 index 4469ab4..0000000 --- a/cases/api_admin_teams_id_members_userid_delete_owasp_api1_bola_unauthorized_access_042e8f38.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API1] DELETE /api/admin/teams/{id}/members/{userId} — BOLA unauthorized access ── -# case_id=TC-042e8f38 -# case_name=[OWASP-API1] DELETE /api/admin/teams/{id}/members/{userId} — BOLA unauthorized access -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/teams/{{other_resource_id}}/members/{userId} - -HTTP 403 - diff --git a/cases/api_admin_teams_id_members_userid_delete_owasp_api2_broken_authentication_46113a78.hurl b/cases/api_admin_teams_id_members_userid_delete_owasp_api2_broken_authentication_46113a78.hurl deleted file mode 100644 index c13318a..0000000 --- a/cases/api_admin_teams_id_members_userid_delete_owasp_api2_broken_authentication_46113a78.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] DELETE /api/admin/teams/{id}/members/{userId} — broken authentication ── -# case_id=TC-46113a78 -# case_name=[OWASP-API2] DELETE /api/admin/teams/{id}/members/{userId} — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/teams/{id}/members/{userId} - -HTTP 401 - diff --git a/cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_path_traversal_511147be.hurl b/cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_path_traversal_511147be.hurl deleted file mode 100644 index b6aab00..0000000 --- a/cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_path_traversal_511147be.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] DELETE /api/admin/teams/{id}/members/{userId} — injection (path-traversal) ── -# case_id=TC-511147be -# case_name=[OWASP-API7] DELETE /api/admin/teams/{id}/members/{userId} — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/members/{userId} -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_sqli_0cf3a030.hurl b/cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_sqli_0cf3a030.hurl deleted file mode 100644 index 6d078a5..0000000 --- a/cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_sqli_0cf3a030.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] DELETE /api/admin/teams/{id}/members/{userId} — injection (sqli) ── -# case_id=TC-0cf3a030 -# case_name=[OWASP-API7] DELETE /api/admin/teams/{id}/members/{userId} — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/teams/%27%20OR%201=1--/members/{userId} -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_xss_a4c3899a.hurl b/cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_xss_a4c3899a.hurl deleted file mode 100644 index c22fd3f..0000000 --- a/cases/api_admin_teams_id_members_userid_delete_owasp_api7_injection_xss_a4c3899a.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] DELETE /api/admin/teams/{id}/members/{userId} — injection (xss) ── -# case_id=TC-a4c3899a -# case_name=[OWASP-API7] DELETE /api/admin/teams/{id}/members/{userId} — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/members/{userId} -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_userid_delete_valid_request_with_all_required_fields_8384ae85.hurl b/cases/api_admin_teams_id_members_userid_delete_valid_request_with_all_required_fields_8384ae85.hurl deleted file mode 100644 index f362eff..0000000 --- a/cases/api_admin_teams_id_members_userid_delete_valid_request_with_all_required_fields_8384ae85.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── DELETE /api/admin/teams/{id}/members/{userId} - valid request with all required fields ── -# case_id=TC-8384ae85 -# case_name=DELETE /api/admin/teams/{id}/members/{userId} - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -DELETE {{base_url}}/api/admin/teams/{id}/members/{userId} - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.ok" exists - diff --git a/cases/api_admin_teams_id_members_userid_options_owasp_api8_cors_security_configuration_86b21409.hurl b/cases/api_admin_teams_id_members_userid_options_owasp_api8_cors_security_configuration_86b21409.hurl deleted file mode 100644 index 903c8c7..0000000 --- a/cases/api_admin_teams_id_members_userid_options_owasp_api8_cors_security_configuration_86b21409.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/admin/teams/{id}/members/{userId} — CORS security configuration ── -# case_id=TC-86b21409 -# case_name=[OWASP-API8] OPTIONS /api/admin/teams/{id}/members/{userId} — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/admin/teams/{id}/members/{userId} -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_admin_teams_id_members_userid_put_idempotent_second_call_must_be_safe_7fb55548.hurl b/cases/api_admin_teams_id_members_userid_put_idempotent_second_call_must_be_safe_7fb55548.hurl deleted file mode 100644 index 1ceaf8d..0000000 --- a/cases/api_admin_teams_id_members_userid_put_idempotent_second_call_must_be_safe_7fb55548.hurl +++ /dev/null @@ -1,45 +0,0 @@ -# ══════════════════════════════════════════════════ -# PUT /api/admin/teams/{id}/members/{userId} - idempotent: second call must be safe -# case_id=TC-7fb55548 -# case_name=PUT /api/admin/teams/{id}/members/{userId} - idempotent: second call must be safe -# case_kind=chain -# priority=P2 -# ══════════════════════════════════════════════════ - -# ── PUT /api/admin/teams/{id}/members/{userId} — first call [setup] ── -# step_id=step-setup -# step_type=setup -# title=PUT /api/admin/teams/{id}/members/{userId} — first call - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{ - "role": "owner" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - -# ── PUT /api/admin/teams/{id}/members/{userId} — identical second call must be safe [test] ── -# step_id=step-test -# step_type=test -# title=PUT /api/admin/teams/{id}/members/{userId} — identical second call must be safe -# depends_on=step-setup - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{ - "role": "owner" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_teams_id_members_userid_put_idor_id_0_zero_id_3ecaa43f.hurl b/cases/api_admin_teams_id_members_userid_put_idor_id_0_zero_id_3ecaa43f.hurl deleted file mode 100644 index 6b381fb..0000000 --- a/cases/api_admin_teams_id_members_userid_put_idor_id_0_zero_id_3ecaa43f.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - IDOR id=0 (zero_id) ── -# case_id=TC-3ecaa43f -# case_name=PUT /api/admin/teams/{id}/members/{userId} - IDOR id=0 (zero_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -PUT {{base_url}}/api/admin/teams/0/members/1 - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_members_userid_put_idor_id_99999_alt_id_5ee92e8d.hurl b/cases/api_admin_teams_id_members_userid_put_idor_id_99999_alt_id_5ee92e8d.hurl deleted file mode 100644 index 3a31f15..0000000 --- a/cases/api_admin_teams_id_members_userid_put_idor_id_99999_alt_id_5ee92e8d.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - IDOR id=99999 (alt_id) ── -# case_id=TC-5ee92e8d -# case_name=PUT /api/admin/teams/{id}/members/{userId} - IDOR id=99999 (alt_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -PUT {{base_url}}/api/admin/teams/99999/members/1 - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_members_userid_put_invalid_role_value_not_in_enum_1385a015.hurl b/cases/api_admin_teams_id_members_userid_put_invalid_role_value_not_in_enum_1385a015.hurl deleted file mode 100644 index d4de806..0000000 --- a/cases/api_admin_teams_id_members_userid_put_invalid_role_value_not_in_enum_1385a015.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - invalid role: value not in enum ── -# case_id=TC-1385a015 -# case_name=PUT /api/admin/teams/{id}/members/{userId} - invalid role: value not in enum -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{ - "role": "__invalid_enum__" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_userid_put_mass_assignment_financial_probe_e346a0c6.hurl b/cases/api_admin_teams_id_members_userid_put_mass_assignment_financial_probe_e346a0c6.hurl deleted file mode 100644 index daff56f..0000000 --- a/cases/api_admin_teams_id_members_userid_put_mass_assignment_financial_probe_e346a0c6.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] financial probe ── -# case_id=TC-e346a0c6 -# case_name=PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] financial probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{ - "balance": 1, - "credits": 1, - "discount": 0, - "price": 1, - "role": "member" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_userid_put_mass_assignment_identity_probe_c5b345ac.hurl b/cases/api_admin_teams_id_members_userid_put_mass_assignment_identity_probe_c5b345ac.hurl deleted file mode 100644 index c79e737..0000000 --- a/cases/api_admin_teams_id_members_userid_put_mass_assignment_identity_probe_c5b345ac.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] identity probe ── -# case_id=TC-c5b345ac -# case_name=PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] identity probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{ - "createdBy": "__probe__", - "ownerId": "__probe__", - "role": "member", - "userId": "__probe__", - "user_id": "__probe__" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_userid_put_mass_assignment_privilege_probe_830ae193.hurl b/cases/api_admin_teams_id_members_userid_put_mass_assignment_privilege_probe_830ae193.hurl deleted file mode 100644 index 32872cb..0000000 --- a/cases/api_admin_teams_id_members_userid_put_mass_assignment_privilege_probe_830ae193.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] privilege probe ── -# case_id=TC-830ae193 -# case_name=PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] privilege probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{ - "admin": true, - "isAdmin": true, - "is_admin": true, - "role": "__probe__" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_userid_put_mass_assignment_status_probe_08a1d397.hurl b/cases/api_admin_teams_id_members_userid_put_mass_assignment_status_probe_08a1d397.hurl deleted file mode 100644 index c1e283b..0000000 --- a/cases/api_admin_teams_id_members_userid_put_mass_assignment_status_probe_08a1d397.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] status probe ── -# case_id=TC-08a1d397 -# case_name=PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] status probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{ - "approved": true, - "banned": false, - "disabled": false, - "role": "member", - "verified": true -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_userid_put_missing_required_field_role_02cdac38.hurl b/cases/api_admin_teams_id_members_userid_put_missing_required_field_role_02cdac38.hurl deleted file mode 100644 index e34b2dc..0000000 --- a/cases/api_admin_teams_id_members_userid_put_missing_required_field_role_02cdac38.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - missing required field "role" ── -# case_id=TC-02cdac38 -# case_name=PUT /api/admin/teams/{id}/members/{userId} - missing required field "role" -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P1 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_userid_put_missing_required_field_role_7f67bdd2.hurl b/cases/api_admin_teams_id_members_userid_put_missing_required_field_role_7f67bdd2.hurl deleted file mode 100644 index 4b3baf2..0000000 --- a/cases/api_admin_teams_id_members_userid_put_missing_required_field_role_7f67bdd2.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - missing required field "role" ── -# case_id=TC-7f67bdd2 -# case_name=PUT /api/admin/teams/{id}/members/{userId} - missing required field "role" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_userid_put_missing_required_param_id_c90499c8.hurl b/cases/api_admin_teams_id_members_userid_put_missing_required_param_id_c90499c8.hurl deleted file mode 100644 index 511ccbf..0000000 --- a/cases/api_admin_teams_id_members_userid_put_missing_required_param_id_c90499c8.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - missing required param "id" ── -# case_id=TC-c90499c8 -# case_name=PUT /api/admin/teams/{id}/members/{userId} - missing required param "id" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -PUT {{base_url}}/api/admin/teams/1/members/1 - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_userid_put_missing_required_param_userid_a0b457a0.hurl b/cases/api_admin_teams_id_members_userid_put_missing_required_param_userid_a0b457a0.hurl deleted file mode 100644 index 8a64edb..0000000 --- a/cases/api_admin_teams_id_members_userid_put_missing_required_param_userid_a0b457a0.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - missing required param "userId" ── -# case_id=TC-a0b457a0 -# case_name=PUT /api/admin/teams/{id}/members/{userId} - missing required param "userId" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -PUT {{base_url}}/api/admin/teams/1/members/1 - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_userid_put_mutation_role_empty_string_9334c130.hurl b/cases/api_admin_teams_id_members_userid_put_mutation_role_empty_string_9334c130.hurl deleted file mode 100644 index 1551081..0000000 --- a/cases/api_admin_teams_id_members_userid_put_mutation_role_empty_string_9334c130.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - mutation: role empty string ── -# case_id=TC-9334c130 -# case_name=PUT /api/admin/teams/{id}/members/{userId} - mutation: role empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{ - "role": "" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_members_userid_put_mutation_role_integer_instead_of_string_c930d5b2.hurl b/cases/api_admin_teams_id_members_userid_put_mutation_role_integer_instead_of_string_c930d5b2.hurl deleted file mode 100644 index 0941ae4..0000000 --- a/cases/api_admin_teams_id_members_userid_put_mutation_role_integer_instead_of_string_c930d5b2.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - mutation: role integer instead of string ── -# case_id=TC-c930d5b2 -# case_name=PUT /api/admin/teams/{id}/members/{userId} - mutation: role integer instead of string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{ - "role": 12345 -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_members_userid_put_mutation_role_null_value_8380cf38.hurl b/cases/api_admin_teams_id_members_userid_put_mutation_role_null_value_8380cf38.hurl deleted file mode 100644 index 8bb2f51..0000000 --- a/cases/api_admin_teams_id_members_userid_put_mutation_role_null_value_8380cf38.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - mutation: role null value ── -# case_id=TC-8380cf38 -# case_name=PUT /api/admin/teams/{id}/members/{userId} - mutation: role null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{ - "role": null -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_members_userid_put_mutation_role_oversized_string_300_chars_c4c6cb7f.hurl b/cases/api_admin_teams_id_members_userid_put_mutation_role_oversized_string_300_chars_c4c6cb7f.hurl deleted file mode 100644 index 3141a28..0000000 --- a/cases/api_admin_teams_id_members_userid_put_mutation_role_oversized_string_300_chars_c4c6cb7f.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - mutation: role oversized string (300 chars) ── -# case_id=TC-c4c6cb7f -# case_name=PUT /api/admin/teams/{id}/members/{userId} - mutation: role oversized string (300 chars) -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{ - "role": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_members_userid_put_null_injection_role_92d17333.hurl b/cases/api_admin_teams_id_members_userid_put_null_injection_role_92d17333.hurl deleted file mode 100644 index 19bd232..0000000 --- a/cases/api_admin_teams_id_members_userid_put_null_injection_role_92d17333.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - null injection: role ── -# case_id=TC-92d17333 -# case_name=PUT /api/admin/teams/{id}/members/{userId} - null injection: role -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{ - "role": null -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_userid_put_owasp_api1_bola_unauthorized_access_37084d5c.hurl b/cases/api_admin_teams_id_members_userid_put_owasp_api1_bola_unauthorized_access_37084d5c.hurl deleted file mode 100644 index 4b01fbc..0000000 --- a/cases/api_admin_teams_id_members_userid_put_owasp_api1_bola_unauthorized_access_37084d5c.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API1] PUT /api/admin/teams/{id}/members/{userId} — BOLA unauthorized access ── -# case_id=TC-37084d5c -# case_name=[OWASP-API1] PUT /api/admin/teams/{id}/members/{userId} — BOLA unauthorized access -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/teams/{{other_resource_id}}/members/{userId} - -HTTP 403 - diff --git a/cases/api_admin_teams_id_members_userid_put_owasp_api2_broken_authentication_19b34217.hurl b/cases/api_admin_teams_id_members_userid_put_owasp_api2_broken_authentication_19b34217.hurl deleted file mode 100644 index 0fc88db..0000000 --- a/cases/api_admin_teams_id_members_userid_put_owasp_api2_broken_authentication_19b34217.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] PUT /api/admin/teams/{id}/members/{userId} — broken authentication ── -# case_id=TC-19b34217 -# case_name=[OWASP-API2] PUT /api/admin/teams/{id}/members/{userId} — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} - -HTTP 401 - diff --git a/cases/api_admin_teams_id_members_userid_put_owasp_api3_bopla_property_level_access_4c06b345.hurl b/cases/api_admin_teams_id_members_userid_put_owasp_api3_bopla_property_level_access_4c06b345.hurl deleted file mode 100644 index ad9cf31..0000000 --- a/cases/api_admin_teams_id_members_userid_put_owasp_api3_bopla_property_level_access_4c06b345.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── [OWASP-API3] PUT /api/admin/teams/{id}/members/{userId} — BOPLA property-level access ── -# case_id=TC-4c06b345 -# case_name=[OWASP-API3] PUT /api/admin/teams/{id}/members/{userId} — BOPLA property-level access -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{ - "is_admin": true, - "role": "admin" -} -``` - -HTTP 200 - -[Asserts] -jsonpath "$.is_admin" != true -jsonpath "$.role" != "admin" - diff --git a/cases/api_admin_teams_id_members_userid_put_owasp_api6_mass_assignment_ffe14e02.hurl b/cases/api_admin_teams_id_members_userid_put_owasp_api6_mass_assignment_ffe14e02.hurl deleted file mode 100644 index 91136a3..0000000 --- a/cases/api_admin_teams_id_members_userid_put_owasp_api6_mass_assignment_ffe14e02.hurl +++ /dev/null @@ -1,26 +0,0 @@ -# ── [OWASP-API6] PUT /api/admin/teams/{id}/members/{userId} — mass assignment ── -# case_id=TC-ffe14e02 -# case_name=[OWASP-API6] PUT /api/admin/teams/{id}/members/{userId} — mass assignment -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{ - "createdAt": "2000-01-01T00:00:00Z", - "id": 99999, - "role": "member", - "updatedAt": "2000-01-01T00:00:00Z" -} -``` - -HTTP 200 - -[Asserts] -jsonpath "$.id" != 99999 -jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" -jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" - diff --git a/cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_path_traversal_df6e5f44.hurl b/cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_path_traversal_df6e5f44.hurl deleted file mode 100644 index 05f084d..0000000 --- a/cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_path_traversal_df6e5f44.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] PUT /api/admin/teams/{id}/members/{userId} — injection (path-traversal) ── -# case_id=TC-df6e5f44 -# case_name=[OWASP-API7] PUT /api/admin/teams/{id}/members/{userId} — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/members/{userId} -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_sqli_16482ca3.hurl b/cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_sqli_16482ca3.hurl deleted file mode 100644 index 37a8d83..0000000 --- a/cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_sqli_16482ca3.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] PUT /api/admin/teams/{id}/members/{userId} — injection (sqli) ── -# case_id=TC-16482ca3 -# case_name=[OWASP-API7] PUT /api/admin/teams/{id}/members/{userId} — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/teams/%27%20OR%201=1--/members/{userId} -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_xss_d065e277.hurl b/cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_xss_d065e277.hurl deleted file mode 100644 index 3179adb..0000000 --- a/cases/api_admin_teams_id_members_userid_put_owasp_api7_injection_xss_d065e277.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] PUT /api/admin/teams/{id}/members/{userId} — injection (xss) ── -# case_id=TC-d065e277 -# case_name=[OWASP-API7] PUT /api/admin/teams/{id}/members/{userId} — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/members/{userId} -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_userid_put_required_omission_role_absent_b8039024.hurl b/cases/api_admin_teams_id_members_userid_put_required_omission_role_absent_b8039024.hurl deleted file mode 100644 index 7ef986f..0000000 --- a/cases/api_admin_teams_id_members_userid_put_required_omission_role_absent_b8039024.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - [required_omission] role absent ── -# case_id=TC-b8039024 -# case_name=PUT /api/admin/teams/{id}/members/{userId} - [required_omission] role absent -# step_id=step-main -# step_type=test -# technique=required_omission -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_members_userid_put_schema_violation_role_invalid_enum_128b22a3.hurl b/cases/api_admin_teams_id_members_userid_put_schema_violation_role_invalid_enum_128b22a3.hurl deleted file mode 100644 index 9328841..0000000 --- a/cases/api_admin_teams_id_members_userid_put_schema_violation_role_invalid_enum_128b22a3.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - [schema_violation] role_invalid_enum ── -# case_id=TC-128b22a3 -# case_name=PUT /api/admin/teams/{id}/members/{userId} - [schema_violation] role_invalid_enum -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{ - "role": "__invalid__" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_userid_put_schema_violation_role_missing_required_e51f7c6d.hurl b/cases/api_admin_teams_id_members_userid_put_schema_violation_role_missing_required_e51f7c6d.hurl deleted file mode 100644 index 8f33468..0000000 --- a/cases/api_admin_teams_id_members_userid_put_schema_violation_role_missing_required_e51f7c6d.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - [schema_violation] role_missing_required ── -# case_id=TC-e51f7c6d -# case_name=PUT /api/admin/teams/{id}/members/{userId} - [schema_violation] role_missing_required -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_userid_put_type_coercion_role_wrong_type_boolean_c33ffd8f.hurl b/cases/api_admin_teams_id_members_userid_put_type_coercion_role_wrong_type_boolean_c33ffd8f.hurl deleted file mode 100644 index c40b5c1..0000000 --- a/cases/api_admin_teams_id_members_userid_put_type_coercion_role_wrong_type_boolean_c33ffd8f.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - [type_coercion] role wrong_type_boolean ── -# case_id=TC-c33ffd8f -# case_name=PUT /api/admin/teams/{id}/members/{userId} - [type_coercion] role wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{ - "role": true -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_userid_put_type_coercion_role_wrong_type_integer_23b49146.hurl b/cases/api_admin_teams_id_members_userid_put_type_coercion_role_wrong_type_integer_23b49146.hurl deleted file mode 100644 index b884b74..0000000 --- a/cases/api_admin_teams_id_members_userid_put_type_coercion_role_wrong_type_integer_23b49146.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - [type_coercion] role wrong_type_integer ── -# case_id=TC-23b49146 -# case_name=PUT /api/admin/teams/{id}/members/{userId} - [type_coercion] role wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{ - "role": 123 -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_bidi_override_0b0faf09.hurl b/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_bidi_override_0b0faf09.hurl deleted file mode 100644 index 98d3521..0000000 --- a/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_bidi_override_0b0faf09.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role bidi_override ── -# case_id=TC-0b0faf09 -# case_name=PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{ - "role": "‮hello" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_control_char_a8d734a8.hurl b/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_control_char_a8d734a8.hurl deleted file mode 100644 index 0b1de5a..0000000 --- a/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_control_char_a8d734a8.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role control_char ── -# case_id=TC-a8d734a8 -# case_name=PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{ - "role": "hello\u0000world" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_overlong_1e651ae0.hurl b/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_overlong_1e651ae0.hurl deleted file mode 100644 index 8b3d19f..0000000 --- a/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_overlong_1e651ae0.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role overlong ── -# case_id=TC-1e651ae0 -# case_name=PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{ - "role": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_zalgo_f7cf562e.hurl b/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_zalgo_f7cf562e.hurl deleted file mode 100644 index ff6e818..0000000 --- a/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_zalgo_f7cf562e.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role zalgo ── -# case_id=TC-f7cf562e -# case_name=PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{ - "role": "z̀́̂̃̄̅̆̇a" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_zero_width_2815807e.hurl b/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_zero_width_2815807e.hurl deleted file mode 100644 index 2e9e0c0..0000000 --- a/cases/api_admin_teams_id_members_userid_put_unicode_fuzzing_role_zero_width_2815807e.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role zero_width ── -# case_id=TC-2815807e -# case_name=PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{ - "role": "​hello" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_members_userid_put_valid_request_with_all_required_fields_b950209e.hurl b/cases/api_admin_teams_id_members_userid_put_valid_request_with_all_required_fields_b950209e.hurl deleted file mode 100644 index 7df596b..0000000 --- a/cases/api_admin_teams_id_members_userid_put_valid_request_with_all_required_fields_b950209e.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - valid request with all required fields ── -# case_id=TC-b950209e -# case_name=PUT /api/admin/teams/{id}/members/{userId} - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: application/json -```json -{ - "role": "member" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.ok" exists - diff --git a/cases/api_admin_teams_id_members_userid_put_wrong_content_type_text_plain_55f30d0f.hurl b/cases/api_admin_teams_id_members_userid_put_wrong_content_type_text_plain_55f30d0f.hurl deleted file mode 100644 index b19f731..0000000 --- a/cases/api_admin_teams_id_members_userid_put_wrong_content_type_text_plain_55f30d0f.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── PUT /api/admin/teams/{id}/members/{userId} - wrong content-type (text/plain) ── -# case_id=TC-55f30d0f -# case_name=PUT /api/admin/teams/{id}/members/{userId} - wrong content-type (text/plain) -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id}/members/{userId} -Content-Type: text/plain -```json -{ - "role": "member" -} -``` - -HTTP 415 - diff --git a/cases/api_admin_teams_id_options_owasp_api8_cors_security_configuration_6bbc18bd.hurl b/cases/api_admin_teams_id_options_owasp_api8_cors_security_configuration_6bbc18bd.hurl deleted file mode 100644 index 07f3861..0000000 --- a/cases/api_admin_teams_id_options_owasp_api8_cors_security_configuration_6bbc18bd.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/admin/teams/{id} — CORS security configuration ── -# case_id=TC-6bbc18bd -# case_name=[OWASP-API8] OPTIONS /api/admin/teams/{id} — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/admin/teams/{id} -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_admin_teams_id_put_idempotent_second_call_must_be_safe_1ca0ed36.hurl b/cases/api_admin_teams_id_put_idempotent_second_call_must_be_safe_1ca0ed36.hurl deleted file mode 100644 index 2f3ed38..0000000 --- a/cases/api_admin_teams_id_put_idempotent_second_call_must_be_safe_1ca0ed36.hurl +++ /dev/null @@ -1,47 +0,0 @@ -# ══════════════════════════════════════════════════ -# PUT /api/admin/teams/{id} - idempotent: second call must be safe -# case_id=TC-1ca0ed36 -# case_name=PUT /api/admin/teams/{id} - idempotent: second call must be safe -# case_kind=chain -# priority=P2 -# ══════════════════════════════════════════════════ - -# ── PUT /api/admin/teams/{id} — first call [setup] ── -# step_id=step-setup -# step_type=setup -# title=PUT /api/admin/teams/{id} — first call - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": "Anything lean when the person spikes.", - "displayName": "dig" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - -# ── PUT /api/admin/teams/{id} — identical second call must be safe [test] ── -# step_id=step-test -# step_type=test -# title=PUT /api/admin/teams/{id} — identical second call must be safe -# depends_on=step-setup - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": "Anything lean when the person spikes.", - "displayName": "dig" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_teams_id_put_idor_id_0_zero_id_3c4cc44b.hurl b/cases/api_admin_teams_id_put_idor_id_0_zero_id_3c4cc44b.hurl deleted file mode 100644 index bc9da10..0000000 --- a/cases/api_admin_teams_id_put_idor_id_0_zero_id_3c4cc44b.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── PUT /api/admin/teams/{id} - IDOR id=0 (zero_id) ── -# case_id=TC-3c4cc44b -# case_name=PUT /api/admin/teams/{id} - IDOR id=0 (zero_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -PUT {{base_url}}/api/admin/teams/0 - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_put_idor_id_99999_alt_id_d4dddc4b.hurl b/cases/api_admin_teams_id_put_idor_id_99999_alt_id_d4dddc4b.hurl deleted file mode 100644 index 513b23f..0000000 --- a/cases/api_admin_teams_id_put_idor_id_99999_alt_id_d4dddc4b.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── PUT /api/admin/teams/{id} - IDOR id=99999 (alt_id) ── -# case_id=TC-d4dddc4b -# case_name=PUT /api/admin/teams/{id} - IDOR id=99999 (alt_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -PUT {{base_url}}/api/admin/teams/99999 - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_put_mass_assignment_financial_probe_4c631268.hurl b/cases/api_admin_teams_id_put_mass_assignment_financial_probe_4c631268.hurl deleted file mode 100644 index 982d6d0..0000000 --- a/cases/api_admin_teams_id_put_mass_assignment_financial_probe_4c631268.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PUT /api/admin/teams/{id} - [mass_assignment] financial probe ── -# case_id=TC-4c631268 -# case_name=PUT /api/admin/teams/{id} - [mass_assignment] financial probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "balance": 1, - "credits": 1, - "description": "Alert on way thresholds yesterday.", - "discount": 0, - "displayName": "this", - "price": 1 -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_put_mass_assignment_identity_probe_ed4e87e7.hurl b/cases/api_admin_teams_id_put_mass_assignment_identity_probe_ed4e87e7.hurl deleted file mode 100644 index 2b6a10d..0000000 --- a/cases/api_admin_teams_id_put_mass_assignment_identity_probe_ed4e87e7.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PUT /api/admin/teams/{id} - [mass_assignment] identity probe ── -# case_id=TC-ed4e87e7 -# case_name=PUT /api/admin/teams/{id} - [mass_assignment] identity probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "createdBy": "__probe__", - "description": "Alert on way thresholds yesterday.", - "displayName": "this", - "ownerId": "__probe__", - "userId": "__probe__", - "user_id": "__probe__" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_put_mass_assignment_privilege_probe_1b5cbca5.hurl b/cases/api_admin_teams_id_put_mass_assignment_privilege_probe_1b5cbca5.hurl deleted file mode 100644 index 89e45d9..0000000 --- a/cases/api_admin_teams_id_put_mass_assignment_privilege_probe_1b5cbca5.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PUT /api/admin/teams/{id} - [mass_assignment] privilege probe ── -# case_id=TC-1b5cbca5 -# case_name=PUT /api/admin/teams/{id} - [mass_assignment] privilege probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "admin": true, - "description": "Alert on way thresholds yesterday.", - "displayName": "this", - "isAdmin": true, - "is_admin": true, - "role": "__probe__" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_put_mass_assignment_status_probe_c574427d.hurl b/cases/api_admin_teams_id_put_mass_assignment_status_probe_c574427d.hurl deleted file mode 100644 index 676bdf7..0000000 --- a/cases/api_admin_teams_id_put_mass_assignment_status_probe_c574427d.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PUT /api/admin/teams/{id} - [mass_assignment] status probe ── -# case_id=TC-c574427d -# case_name=PUT /api/admin/teams/{id} - [mass_assignment] status probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "approved": true, - "banned": false, - "description": "Alert on way thresholds yesterday.", - "disabled": false, - "displayName": "this", - "verified": true -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_put_missing_required_param_id_09825850.hurl b/cases/api_admin_teams_id_put_missing_required_param_id_09825850.hurl deleted file mode 100644 index fb209ab..0000000 --- a/cases/api_admin_teams_id_put_missing_required_param_id_09825850.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── PUT /api/admin/teams/{id} - missing required param "id" ── -# case_id=TC-09825850 -# case_name=PUT /api/admin/teams/{id} - missing required param "id" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -PUT {{base_url}}/api/admin/teams/1 - -HTTP 422 - diff --git a/cases/api_admin_teams_id_put_mutation_description_empty_string_eb263846.hurl b/cases/api_admin_teams_id_put_mutation_description_empty_string_eb263846.hurl deleted file mode 100644 index 5e978c4..0000000 --- a/cases/api_admin_teams_id_put_mutation_description_empty_string_eb263846.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PUT /api/admin/teams/{id} - mutation: description empty string ── -# case_id=TC-eb263846 -# case_name=PUT /api/admin/teams/{id} - mutation: description empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": "", - "displayName": "shall" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_put_mutation_description_integer_instead_of_string_f0d62caa.hurl b/cases/api_admin_teams_id_put_mutation_description_integer_instead_of_string_f0d62caa.hurl deleted file mode 100644 index f09f80c..0000000 --- a/cases/api_admin_teams_id_put_mutation_description_integer_instead_of_string_f0d62caa.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PUT /api/admin/teams/{id} - mutation: description integer instead of string ── -# case_id=TC-f0d62caa -# case_name=PUT /api/admin/teams/{id} - mutation: description integer instead of string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": 12345, - "displayName": "shall" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_put_mutation_description_null_value_df8e9c3a.hurl b/cases/api_admin_teams_id_put_mutation_description_null_value_df8e9c3a.hurl deleted file mode 100644 index 2309751..0000000 --- a/cases/api_admin_teams_id_put_mutation_description_null_value_df8e9c3a.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PUT /api/admin/teams/{id} - mutation: description null value ── -# case_id=TC-df8e9c3a -# case_name=PUT /api/admin/teams/{id} - mutation: description null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": null, - "displayName": "shall" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_put_mutation_description_oversized_string_300_chars_68ace4a3.hurl b/cases/api_admin_teams_id_put_mutation_description_oversized_string_300_chars_68ace4a3.hurl deleted file mode 100644 index 8473fc7..0000000 --- a/cases/api_admin_teams_id_put_mutation_description_oversized_string_300_chars_68ace4a3.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PUT /api/admin/teams/{id} - mutation: description oversized string (300 chars) ── -# case_id=TC-68ace4a3 -# case_name=PUT /api/admin/teams/{id} - mutation: description oversized string (300 chars) -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "displayName": "shall" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_put_mutation_displayname_empty_string_13a9f6ae.hurl b/cases/api_admin_teams_id_put_mutation_displayname_empty_string_13a9f6ae.hurl deleted file mode 100644 index cfc0bc7..0000000 --- a/cases/api_admin_teams_id_put_mutation_displayname_empty_string_13a9f6ae.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PUT /api/admin/teams/{id} - mutation: displayName empty string ── -# case_id=TC-13a9f6ae -# case_name=PUT /api/admin/teams/{id} - mutation: displayName empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": "First of all, document the company and specify the rest.", - "displayName": "" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_put_mutation_displayname_integer_instead_of_string_05b44595.hurl b/cases/api_admin_teams_id_put_mutation_displayname_integer_instead_of_string_05b44595.hurl deleted file mode 100644 index f59ea9a..0000000 --- a/cases/api_admin_teams_id_put_mutation_displayname_integer_instead_of_string_05b44595.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PUT /api/admin/teams/{id} - mutation: displayName integer instead of string ── -# case_id=TC-05b44595 -# case_name=PUT /api/admin/teams/{id} - mutation: displayName integer instead of string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": "First of all, document the company and specify the rest.", - "displayName": 12345 -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_put_mutation_displayname_null_value_c587ff33.hurl b/cases/api_admin_teams_id_put_mutation_displayname_null_value_c587ff33.hurl deleted file mode 100644 index 993a086..0000000 --- a/cases/api_admin_teams_id_put_mutation_displayname_null_value_c587ff33.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PUT /api/admin/teams/{id} - mutation: displayName null value ── -# case_id=TC-c587ff33 -# case_name=PUT /api/admin/teams/{id} - mutation: displayName null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": "First of all, document the company and specify the rest.", - "displayName": null -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_put_mutation_displayname_oversized_string_300_chars_7def0ad8.hurl b/cases/api_admin_teams_id_put_mutation_displayname_oversized_string_300_chars_7def0ad8.hurl deleted file mode 100644 index d716424..0000000 --- a/cases/api_admin_teams_id_put_mutation_displayname_oversized_string_300_chars_7def0ad8.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PUT /api/admin/teams/{id} - mutation: displayName oversized string (300 chars) ── -# case_id=TC-7def0ad8 -# case_name=PUT /api/admin/teams/{id} - mutation: displayName oversized string (300 chars) -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": "First of all, document the company and specify the rest.", - "displayName": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_put_null_injection_description_794499ad.hurl b/cases/api_admin_teams_id_put_null_injection_description_794499ad.hurl deleted file mode 100644 index b22b02b..0000000 --- a/cases/api_admin_teams_id_put_null_injection_description_794499ad.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/teams/{id} - null injection: description ── -# case_id=TC-794499ad -# case_name=PUT /api/admin/teams/{id} - null injection: description -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": null, - "displayName": "nervous" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_put_null_injection_displayname_6c433e61.hurl b/cases/api_admin_teams_id_put_null_injection_displayname_6c433e61.hurl deleted file mode 100644 index 7806003..0000000 --- a/cases/api_admin_teams_id_put_null_injection_displayname_6c433e61.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/teams/{id} - null injection: displayName ── -# case_id=TC-6c433e61 -# case_name=PUT /api/admin/teams/{id} - null injection: displayName -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": "Publish a changelog entry for the work.", - "displayName": null -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_put_owasp_api1_bola_unauthorized_access_50ace962.hurl b/cases/api_admin_teams_id_put_owasp_api1_bola_unauthorized_access_50ace962.hurl deleted file mode 100644 index e310ad3..0000000 --- a/cases/api_admin_teams_id_put_owasp_api1_bola_unauthorized_access_50ace962.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API1] PUT /api/admin/teams/{id} — BOLA unauthorized access ── -# case_id=TC-50ace962 -# case_name=[OWASP-API1] PUT /api/admin/teams/{id} — BOLA unauthorized access -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/teams/{{other_resource_id}} - -HTTP 403 - diff --git a/cases/api_admin_teams_id_put_owasp_api2_broken_authentication_fea6c4f7.hurl b/cases/api_admin_teams_id_put_owasp_api2_broken_authentication_fea6c4f7.hurl deleted file mode 100644 index 7592b94..0000000 --- a/cases/api_admin_teams_id_put_owasp_api2_broken_authentication_fea6c4f7.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] PUT /api/admin/teams/{id} — broken authentication ── -# case_id=TC-fea6c4f7 -# case_name=[OWASP-API2] PUT /api/admin/teams/{id} — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/teams/{id} - -HTTP 401 - diff --git a/cases/api_admin_teams_id_put_owasp_api3_bopla_property_level_access_d147b4f6.hurl b/cases/api_admin_teams_id_put_owasp_api3_bopla_property_level_access_d147b4f6.hurl deleted file mode 100644 index e2a71f3..0000000 --- a/cases/api_admin_teams_id_put_owasp_api3_bopla_property_level_access_d147b4f6.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── [OWASP-API3] PUT /api/admin/teams/{id} — BOPLA property-level access ── -# case_id=TC-d147b4f6 -# case_name=[OWASP-API3] PUT /api/admin/teams/{id} — BOPLA property-level access -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": "Onward to better way!", - "displayName": "moreover", - "is_admin": true, - "role": "admin" -} -``` - -HTTP 200 - -[Asserts] -jsonpath "$.is_admin" != true -jsonpath "$.role" != "admin" - diff --git a/cases/api_admin_teams_id_put_owasp_api5_function_level_authorization_missing_06b71a7c.hurl b/cases/api_admin_teams_id_put_owasp_api5_function_level_authorization_missing_06b71a7c.hurl deleted file mode 100644 index f945882..0000000 --- a/cases/api_admin_teams_id_put_owasp_api5_function_level_authorization_missing_06b71a7c.hurl +++ /dev/null @@ -1,13 +0,0 @@ -# ── [OWASP-API5] PUT /api/admin/teams/{id} — function-level authorization missing ── -# case_id=TC-06b71a7c -# case_name=[OWASP-API5] PUT /api/admin/teams/{id} — function-level authorization missing -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -PUT {{base_url}}/api/admin/teams/{id} -Authorization: Bearer {{user_token}} - -HTTP 403 - diff --git a/cases/api_admin_teams_id_put_owasp_api6_mass_assignment_6357ae57.hurl b/cases/api_admin_teams_id_put_owasp_api6_mass_assignment_6357ae57.hurl deleted file mode 100644 index 429223c..0000000 --- a/cases/api_admin_teams_id_put_owasp_api6_mass_assignment_6357ae57.hurl +++ /dev/null @@ -1,27 +0,0 @@ -# ── [OWASP-API6] PUT /api/admin/teams/{id} — mass assignment ── -# case_id=TC-6357ae57 -# case_name=[OWASP-API6] PUT /api/admin/teams/{id} — mass assignment -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "createdAt": "2000-01-01T00:00:00Z", - "description": "Carefully massage the juicer daringly.", - "displayName": "theirs", - "id": 99999, - "updatedAt": "2000-01-01T00:00:00Z" -} -``` - -HTTP 200 - -[Asserts] -jsonpath "$.id" != 99999 -jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" -jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" - diff --git a/cases/api_admin_teams_id_put_owasp_api7_injection_path_traversal_894772da.hurl b/cases/api_admin_teams_id_put_owasp_api7_injection_path_traversal_894772da.hurl deleted file mode 100644 index 4ddd626..0000000 --- a/cases/api_admin_teams_id_put_owasp_api7_injection_path_traversal_894772da.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] PUT /api/admin/teams/{id} — injection (path-traversal) ── -# case_id=TC-894772da -# case_name=[OWASP-API7] PUT /api/admin/teams/{id} — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_put_owasp_api7_injection_sqli_c7f786e4.hurl b/cases/api_admin_teams_id_put_owasp_api7_injection_sqli_c7f786e4.hurl deleted file mode 100644 index abf24db..0000000 --- a/cases/api_admin_teams_id_put_owasp_api7_injection_sqli_c7f786e4.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] PUT /api/admin/teams/{id} — injection (sqli) ── -# case_id=TC-c7f786e4 -# case_name=[OWASP-API7] PUT /api/admin/teams/{id} — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/teams/%27%20OR%201=1-- -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_put_owasp_api7_injection_xss_d3681129.hurl b/cases/api_admin_teams_id_put_owasp_api7_injection_xss_d3681129.hurl deleted file mode 100644 index 7ce62a7..0000000 --- a/cases/api_admin_teams_id_put_owasp_api7_injection_xss_d3681129.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] PUT /api/admin/teams/{id} — injection (xss) ── -# case_id=TC-d3681129 -# case_name=[OWASP-API7] PUT /api/admin/teams/{id} — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_put_type_coercion_description_wrong_type_boolean_6dd640a7.hurl b/cases/api_admin_teams_id_put_type_coercion_description_wrong_type_boolean_6dd640a7.hurl deleted file mode 100644 index 1f4dc9c..0000000 --- a/cases/api_admin_teams_id_put_type_coercion_description_wrong_type_boolean_6dd640a7.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/teams/{id} - [type_coercion] description wrong_type_boolean ── -# case_id=TC-6dd640a7 -# case_name=PUT /api/admin/teams/{id} - [type_coercion] description wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": true, - "displayName": "addition" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_put_type_coercion_description_wrong_type_integer_3296a87f.hurl b/cases/api_admin_teams_id_put_type_coercion_description_wrong_type_integer_3296a87f.hurl deleted file mode 100644 index cc816ac..0000000 --- a/cases/api_admin_teams_id_put_type_coercion_description_wrong_type_integer_3296a87f.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/teams/{id} - [type_coercion] description wrong_type_integer ── -# case_id=TC-3296a87f -# case_name=PUT /api/admin/teams/{id} - [type_coercion] description wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": 123, - "displayName": "addition" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_put_type_coercion_displayname_wrong_type_boolean_ccdc6ae5.hurl b/cases/api_admin_teams_id_put_type_coercion_displayname_wrong_type_boolean_ccdc6ae5.hurl deleted file mode 100644 index f2bb529..0000000 --- a/cases/api_admin_teams_id_put_type_coercion_displayname_wrong_type_boolean_ccdc6ae5.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/teams/{id} - [type_coercion] displayName wrong_type_boolean ── -# case_id=TC-ccdc6ae5 -# case_name=PUT /api/admin/teams/{id} - [type_coercion] displayName wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": "Visualize hand for faster decisions.", - "displayName": true -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_put_type_coercion_displayname_wrong_type_integer_3ade9411.hurl b/cases/api_admin_teams_id_put_type_coercion_displayname_wrong_type_integer_3ade9411.hurl deleted file mode 100644 index c12143b..0000000 --- a/cases/api_admin_teams_id_put_type_coercion_displayname_wrong_type_integer_3ade9411.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/teams/{id} - [type_coercion] displayName wrong_type_integer ── -# case_id=TC-3ade9411 -# case_name=PUT /api/admin/teams/{id} - [type_coercion] displayName wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": "Visualize hand for faster decisions.", - "displayName": 123 -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_id_put_unicode_fuzzing_description_bidi_override_c42ef106.hurl b/cases/api_admin_teams_id_put_unicode_fuzzing_description_bidi_override_c42ef106.hurl deleted file mode 100644 index ecd7409..0000000 --- a/cases/api_admin_teams_id_put_unicode_fuzzing_description_bidi_override_c42ef106.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/teams/{id} - [unicode_fuzzing] description bidi_override ── -# case_id=TC-c42ef106 -# case_name=PUT /api/admin/teams/{id} - [unicode_fuzzing] description bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": "‮hello", - "displayName": "quarterly" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_put_unicode_fuzzing_description_control_char_d9200d81.hurl b/cases/api_admin_teams_id_put_unicode_fuzzing_description_control_char_d9200d81.hurl deleted file mode 100644 index 399a338..0000000 --- a/cases/api_admin_teams_id_put_unicode_fuzzing_description_control_char_d9200d81.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/teams/{id} - [unicode_fuzzing] description control_char ── -# case_id=TC-d9200d81 -# case_name=PUT /api/admin/teams/{id} - [unicode_fuzzing] description control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": "hello\u0000world", - "displayName": "quarterly" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_put_unicode_fuzzing_description_overlong_a87f58e7.hurl b/cases/api_admin_teams_id_put_unicode_fuzzing_description_overlong_a87f58e7.hurl deleted file mode 100644 index e4ae1f6..0000000 --- a/cases/api_admin_teams_id_put_unicode_fuzzing_description_overlong_a87f58e7.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/teams/{id} - [unicode_fuzzing] description overlong ── -# case_id=TC-a87f58e7 -# case_name=PUT /api/admin/teams/{id} - [unicode_fuzzing] description overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "displayName": "quarterly" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_put_unicode_fuzzing_description_zalgo_e354e0de.hurl b/cases/api_admin_teams_id_put_unicode_fuzzing_description_zalgo_e354e0de.hurl deleted file mode 100644 index daa895e..0000000 --- a/cases/api_admin_teams_id_put_unicode_fuzzing_description_zalgo_e354e0de.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/teams/{id} - [unicode_fuzzing] description zalgo ── -# case_id=TC-e354e0de -# case_name=PUT /api/admin/teams/{id} - [unicode_fuzzing] description zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": "z̀́̂̃̄̅̆̇a", - "displayName": "quarterly" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_put_unicode_fuzzing_description_zero_width_1f9507e6.hurl b/cases/api_admin_teams_id_put_unicode_fuzzing_description_zero_width_1f9507e6.hurl deleted file mode 100644 index c13ec99..0000000 --- a/cases/api_admin_teams_id_put_unicode_fuzzing_description_zero_width_1f9507e6.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/teams/{id} - [unicode_fuzzing] description zero_width ── -# case_id=TC-1f9507e6 -# case_name=PUT /api/admin/teams/{id} - [unicode_fuzzing] description zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": "​hello", - "displayName": "quarterly" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_bidi_override_7c97c5e9.hurl b/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_bidi_override_7c97c5e9.hurl deleted file mode 100644 index 3ec1f20..0000000 --- a/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_bidi_override_7c97c5e9.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName bidi_override ── -# case_id=TC-7c97c5e9 -# case_name=PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": "Warm starts beat cold work.", - "displayName": "‮hello" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_control_char_39195267.hurl b/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_control_char_39195267.hurl deleted file mode 100644 index 3609a8e..0000000 --- a/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_control_char_39195267.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName control_char ── -# case_id=TC-39195267 -# case_name=PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": "Warm starts beat cold work.", - "displayName": "hello\u0000world" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_overlong_cb9e326e.hurl b/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_overlong_cb9e326e.hurl deleted file mode 100644 index d631292..0000000 --- a/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_overlong_cb9e326e.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName overlong ── -# case_id=TC-cb9e326e -# case_name=PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": "Warm starts beat cold work.", - "displayName": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_zalgo_5add01e6.hurl b/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_zalgo_5add01e6.hurl deleted file mode 100644 index 91e658d..0000000 --- a/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_zalgo_5add01e6.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName zalgo ── -# case_id=TC-5add01e6 -# case_name=PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": "Warm starts beat cold work.", - "displayName": "z̀́̂̃̄̅̆̇a" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_zero_width_a1cdc859.hurl b/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_zero_width_a1cdc859.hurl deleted file mode 100644 index f6f49a1..0000000 --- a/cases/api_admin_teams_id_put_unicode_fuzzing_displayname_zero_width_a1cdc859.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName zero_width ── -# case_id=TC-a1cdc859 -# case_name=PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": "Warm starts beat cold work.", - "displayName": "​hello" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_put_valid_request_with_all_required_fields_92de58a1.hurl b/cases/api_admin_teams_id_put_valid_request_with_all_required_fields_92de58a1.hurl deleted file mode 100644 index e869e37..0000000 --- a/cases/api_admin_teams_id_put_valid_request_with_all_required_fields_92de58a1.hurl +++ /dev/null @@ -1,29 +0,0 @@ -# ── PUT /api/admin/teams/{id} - valid request with all required fields ── -# case_id=TC-92de58a1 -# case_name=PUT /api/admin/teams/{id} - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: application/json -```json -{ - "description": "Optimize company for lovely clarity.", - "displayName": "snore" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.isDeletable" exists -jsonpath "$.name" exists -jsonpath "$.createdAt" exists -jsonpath "$.description" exists -jsonpath "$.displayName" exists -jsonpath "$.id" exists -jsonpath "$.isDefault" exists - diff --git a/cases/api_admin_teams_id_put_wrong_content_type_text_plain_a77a2981.hurl b/cases/api_admin_teams_id_put_wrong_content_type_text_plain_a77a2981.hurl deleted file mode 100644 index a570982..0000000 --- a/cases/api_admin_teams_id_put_wrong_content_type_text_plain_a77a2981.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/teams/{id} - wrong content-type (text/plain) ── -# case_id=TC-a77a2981 -# case_name=PUT /api/admin/teams/{id} - wrong content-type (text/plain) -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -PUT {{base_url}}/api/admin/teams/{id} -Content-Type: text/plain -```json -{ - "description": "Publish a changelog entry for the work.", - "displayName": "nervous" -} -``` - -HTTP 415 - diff --git a/cases/api_admin_teams_id_services_get_idor_id_0_zero_id_405d2163.hurl b/cases/api_admin_teams_id_services_get_idor_id_0_zero_id_405d2163.hurl deleted file mode 100644 index 03cc3be..0000000 --- a/cases/api_admin_teams_id_services_get_idor_id_0_zero_id_405d2163.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── GET /api/admin/teams/{id}/services - IDOR id=0 (zero_id) ── -# case_id=TC-405d2163 -# case_name=GET /api/admin/teams/{id}/services - IDOR id=0 (zero_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -GET {{base_url}}/api/admin/teams/0/services - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_services_get_idor_id_99999_alt_id_09f2f077.hurl b/cases/api_admin_teams_id_services_get_idor_id_99999_alt_id_09f2f077.hurl deleted file mode 100644 index 6b2e007..0000000 --- a/cases/api_admin_teams_id_services_get_idor_id_99999_alt_id_09f2f077.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── GET /api/admin/teams/{id}/services - IDOR id=99999 (alt_id) ── -# case_id=TC-09f2f077 -# case_name=GET /api/admin/teams/{id}/services - IDOR id=99999 (alt_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -GET {{base_url}}/api/admin/teams/99999/services - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_id_services_get_missing_required_param_id_bbd8e250.hurl b/cases/api_admin_teams_id_services_get_missing_required_param_id_bbd8e250.hurl deleted file mode 100644 index b60670d..0000000 --- a/cases/api_admin_teams_id_services_get_missing_required_param_id_bbd8e250.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── GET /api/admin/teams/{id}/services - missing required param "id" ── -# case_id=TC-bbd8e250 -# case_name=GET /api/admin/teams/{id}/services - missing required param "id" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -GET {{base_url}}/api/admin/teams/1/services - -HTTP 422 - diff --git a/cases/api_admin_teams_id_services_get_owasp_api1_bola_unauthorized_access_ce61c6bf.hurl b/cases/api_admin_teams_id_services_get_owasp_api1_bola_unauthorized_access_ce61c6bf.hurl deleted file mode 100644 index 853f19b..0000000 --- a/cases/api_admin_teams_id_services_get_owasp_api1_bola_unauthorized_access_ce61c6bf.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API1] GET /api/admin/teams/{id}/services — BOLA unauthorized access ── -# case_id=TC-ce61c6bf -# case_name=[OWASP-API1] GET /api/admin/teams/{id}/services — BOLA unauthorized access -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/admin/teams/{{other_resource_id}}/services - -HTTP 403 - diff --git a/cases/api_admin_teams_id_services_get_owasp_api2_broken_authentication_29194ed9.hurl b/cases/api_admin_teams_id_services_get_owasp_api2_broken_authentication_29194ed9.hurl deleted file mode 100644 index 6996e29..0000000 --- a/cases/api_admin_teams_id_services_get_owasp_api2_broken_authentication_29194ed9.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] GET /api/admin/teams/{id}/services — broken authentication ── -# case_id=TC-29194ed9 -# case_name=[OWASP-API2] GET /api/admin/teams/{id}/services — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/admin/teams/{id}/services - -HTTP 401 - diff --git a/cases/api_admin_teams_id_services_get_owasp_api5_function_level_authorization_missing_edc7b8fe.hurl b/cases/api_admin_teams_id_services_get_owasp_api5_function_level_authorization_missing_edc7b8fe.hurl deleted file mode 100644 index e04b8d6..0000000 --- a/cases/api_admin_teams_id_services_get_owasp_api5_function_level_authorization_missing_edc7b8fe.hurl +++ /dev/null @@ -1,13 +0,0 @@ -# ── [OWASP-API5] GET /api/admin/teams/{id}/services — function-level authorization missing ── -# case_id=TC-edc7b8fe -# case_name=[OWASP-API5] GET /api/admin/teams/{id}/services — function-level authorization missing -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -GET {{base_url}}/api/admin/teams/{id}/services -Authorization: Bearer {{user_token}} - -HTTP 403 - diff --git a/cases/api_admin_teams_id_services_get_owasp_api7_injection_path_traversal_961479c7.hurl b/cases/api_admin_teams_id_services_get_owasp_api7_injection_path_traversal_961479c7.hurl deleted file mode 100644 index 63c5c16..0000000 --- a/cases/api_admin_teams_id_services_get_owasp_api7_injection_path_traversal_961479c7.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/admin/teams/{id}/services — injection (path-traversal) ── -# case_id=TC-961479c7 -# case_name=[OWASP-API7] GET /api/admin/teams/{id}/services — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/services -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_services_get_owasp_api7_injection_sqli_2e72efb4.hurl b/cases/api_admin_teams_id_services_get_owasp_api7_injection_sqli_2e72efb4.hurl deleted file mode 100644 index 515eb7e..0000000 --- a/cases/api_admin_teams_id_services_get_owasp_api7_injection_sqli_2e72efb4.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/admin/teams/{id}/services — injection (sqli) ── -# case_id=TC-2e72efb4 -# case_name=[OWASP-API7] GET /api/admin/teams/{id}/services — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/admin/teams/%27%20OR%201=1--/services -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_services_get_owasp_api7_injection_xss_80ccb269.hurl b/cases/api_admin_teams_id_services_get_owasp_api7_injection_xss_80ccb269.hurl deleted file mode 100644 index 2f1f8f8..0000000 --- a/cases/api_admin_teams_id_services_get_owasp_api7_injection_xss_80ccb269.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/admin/teams/{id}/services — injection (xss) ── -# case_id=TC-80ccb269 -# case_name=[OWASP-API7] GET /api/admin/teams/{id}/services — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/services -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_id_services_get_valid_request_with_all_required_fields_1b69193c.hurl b/cases/api_admin_teams_id_services_get_valid_request_with_all_required_fields_1b69193c.hurl deleted file mode 100644 index daeee0b..0000000 --- a/cases/api_admin_teams_id_services_get_valid_request_with_all_required_fields_1b69193c.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── GET /api/admin/teams/{id}/services - valid request with all required fields ── -# case_id=TC-1b69193c -# case_name=GET /api/admin/teams/{id}/services - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -GET {{base_url}}/api/admin/teams/{id}/services - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.services" exists - diff --git a/cases/api_admin_teams_id_services_options_owasp_api8_cors_security_configuration_84a2058d.hurl b/cases/api_admin_teams_id_services_options_owasp_api8_cors_security_configuration_84a2058d.hurl deleted file mode 100644 index 61484d2..0000000 --- a/cases/api_admin_teams_id_services_options_owasp_api8_cors_security_configuration_84a2058d.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/admin/teams/{id}/services — CORS security configuration ── -# case_id=TC-84a2058d -# case_name=[OWASP-API8] OPTIONS /api/admin/teams/{id}/services — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/admin/teams/{id}/services -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_admin_teams_options_owasp_api8_cors_security_configuration_ad2f2f8a.hurl b/cases/api_admin_teams_options_owasp_api8_cors_security_configuration_ad2f2f8a.hurl deleted file mode 100644 index 1b53a8f..0000000 --- a/cases/api_admin_teams_options_owasp_api8_cors_security_configuration_ad2f2f8a.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/admin/teams — CORS security configuration ── -# case_id=TC-ad2f2f8a -# case_name=[OWASP-API8] OPTIONS /api/admin/teams — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/admin/teams -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_admin_teams_post_auth_chain_4c68c418.hurl b/cases/api_admin_teams_post_auth_chain_4c68c418.hurl deleted file mode 100644 index a3eb594..0000000 --- a/cases/api_admin_teams_post_auth_chain_4c68c418.hurl +++ /dev/null @@ -1,52 +0,0 @@ -# ══════════════════════════════════════════════════ -# auth chain: POST /api/admin/teams -# case_id=TC-4c68c418 -# case_name=auth chain: POST /api/admin/teams -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── authenticate via POST /api/tokens [setup] ── -# step_id=step-auth -# step_type=setup -# title=authenticate via POST /api/tokens - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Jakob Jensen", - "scope": "write" -} -``` - -HTTP * - -[Captures] -authToken: jsonpath "$.token" - -[Asserts] -status < 300 - -# ── POST /api/admin/teams with auth token [test] ── -# step_id=step-test -# step_type=test -# title=POST /api/admin/teams with auth token -# depends_on=step-auth - -POST {{base_url}}/api/admin/teams -Authorization: Bearer {{authToken}} -Content-Type: application/json -```json -{ - "description": "The government should confusing.", - "displayName": "yours", - "name": "Lee Burton" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_teams_post_field_boundary_name_invalid_below_min_f9b893d9.hurl b/cases/api_admin_teams_post_field_boundary_name_invalid_below_min_f9b893d9.hurl deleted file mode 100644 index 19c541f..0000000 --- a/cases/api_admin_teams_post_field_boundary_name_invalid_below_min_f9b893d9.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams - [field_boundary] name invalid_below_min ── -# case_id=TC-f9b893d9 -# case_name=POST /api/admin/teams - [field_boundary] name invalid_below_min -# step_id=step-main -# step_type=test -# technique=field_boundary -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "The lingering fact been unexpectedly tensely.", - "displayName": "yours", - "name": "" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_post_field_boundary_name_valid_min_787507a6.hurl b/cases/api_admin_teams_post_field_boundary_name_valid_min_787507a6.hurl deleted file mode 100644 index 924b706..0000000 --- a/cases/api_admin_teams_post_field_boundary_name_valid_min_787507a6.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams - [field_boundary] name valid_min ── -# case_id=TC-787507a6 -# case_name=POST /api/admin/teams - [field_boundary] name valid_min -# step_id=step-main -# step_type=test -# technique=field_boundary -# priority=P1 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Guard world with sensible limits.", - "displayName": "those", - "name": "a" -} -``` - -HTTP * - -[Asserts] -status >= 200 -status < 300 - diff --git a/cases/api_admin_teams_post_idempotent_second_call_must_be_safe_bee426f4.hurl b/cases/api_admin_teams_post_idempotent_second_call_must_be_safe_bee426f4.hurl deleted file mode 100644 index d18d264..0000000 --- a/cases/api_admin_teams_post_idempotent_second_call_must_be_safe_bee426f4.hurl +++ /dev/null @@ -1,49 +0,0 @@ -# ══════════════════════════════════════════════════ -# POST /api/admin/teams - idempotent: second call must be safe -# case_id=TC-bee426f4 -# case_name=POST /api/admin/teams - idempotent: second call must be safe -# case_kind=chain -# priority=P2 -# ══════════════════════════════════════════════════ - -# ── POST /api/admin/teams — first call [setup] ── -# step_id=step-setup -# step_type=setup -# title=POST /api/admin/teams — first call - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Theirs year do ready for idea.", - "displayName": "quality", - "name": "Lillie Hart" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - -# ── POST /api/admin/teams — identical second call must be safe [test] ── -# step_id=step-test -# step_type=test -# title=POST /api/admin/teams — identical second call must be safe -# depends_on=step-setup - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Theirs year do ready for idea.", - "displayName": "quality", - "name": "Lillie Hart" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_teams_post_invalid_name_empty_string_violates_minlength_1_97aa6ff1.hurl b/cases/api_admin_teams_post_invalid_name_empty_string_violates_minlength_1_97aa6ff1.hurl deleted file mode 100644 index ee601e7..0000000 --- a/cases/api_admin_teams_post_invalid_name_empty_string_violates_minlength_1_97aa6ff1.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - invalid name: empty string violates minLength 1 ── -# case_id=TC-97aa6ff1 -# case_name=POST /api/admin/teams - invalid name: empty string violates minLength 1 -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Track thing over time weekly.", - "displayName": "everybody", - "name": "" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_post_mass_assignment_financial_probe_3c2025cc.hurl b/cases/api_admin_teams_post_mass_assignment_financial_probe_3c2025cc.hurl deleted file mode 100644 index 9ecfe2c..0000000 --- a/cases/api_admin_teams_post_mass_assignment_financial_probe_3c2025cc.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams - [mass_assignment] financial probe ── -# case_id=TC-3c2025cc -# case_name=POST /api/admin/teams - [mass_assignment] financial probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "balance": 1, - "credits": 1, - "description": "Prefer predictable group over surprising thing.", - "discount": 0, - "displayName": "tensely", - "name": "Jalen Lyons", - "price": 1 -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_post_mass_assignment_identity_probe_82f380ef.hurl b/cases/api_admin_teams_post_mass_assignment_identity_probe_82f380ef.hurl deleted file mode 100644 index 96f918a..0000000 --- a/cases/api_admin_teams_post_mass_assignment_identity_probe_82f380ef.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams - [mass_assignment] identity probe ── -# case_id=TC-82f380ef -# case_name=POST /api/admin/teams - [mass_assignment] identity probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "createdBy": "__probe__", - "description": "Prefer predictable group over surprising thing.", - "displayName": "tensely", - "name": "Jalen Lyons", - "ownerId": "__probe__", - "userId": "__probe__", - "user_id": "__probe__" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_post_mass_assignment_privilege_probe_ed2bac60.hurl b/cases/api_admin_teams_post_mass_assignment_privilege_probe_ed2bac60.hurl deleted file mode 100644 index b5a9ae5..0000000 --- a/cases/api_admin_teams_post_mass_assignment_privilege_probe_ed2bac60.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams - [mass_assignment] privilege probe ── -# case_id=TC-ed2bac60 -# case_name=POST /api/admin/teams - [mass_assignment] privilege probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "admin": true, - "description": "Prefer predictable group over surprising thing.", - "displayName": "tensely", - "isAdmin": true, - "is_admin": true, - "name": "Jalen Lyons", - "role": "__probe__" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_post_mass_assignment_status_probe_9b89bdf9.hurl b/cases/api_admin_teams_post_mass_assignment_status_probe_9b89bdf9.hurl deleted file mode 100644 index fea83e7..0000000 --- a/cases/api_admin_teams_post_mass_assignment_status_probe_9b89bdf9.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams - [mass_assignment] status probe ── -# case_id=TC-9b89bdf9 -# case_name=POST /api/admin/teams - [mass_assignment] status probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "approved": true, - "banned": false, - "description": "Prefer predictable group over surprising thing.", - "disabled": false, - "displayName": "tensely", - "name": "Jalen Lyons", - "verified": true -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_post_missing_required_field_name_11fe758b.hurl b/cases/api_admin_teams_post_missing_required_field_name_11fe758b.hurl deleted file mode 100644 index 2ed39c1..0000000 --- a/cases/api_admin_teams_post_missing_required_field_name_11fe758b.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/admin/teams - missing required field "name" ── -# case_id=TC-11fe758b -# case_name=POST /api/admin/teams - missing required field "name" -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P1 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Celebrate wins tied to the man.", - "displayName": "lastly" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_post_missing_required_field_name_80c70bf8.hurl b/cases/api_admin_teams_post_missing_required_field_name_80c70bf8.hurl deleted file mode 100644 index fa0a76f..0000000 --- a/cases/api_admin_teams_post_missing_required_field_name_80c70bf8.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/admin/teams - missing required field "name" ── -# case_id=TC-80c70bf8 -# case_name=POST /api/admin/teams - missing required field "name" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Track thing over time weekly.", - "displayName": "everybody" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_post_mutation_description_empty_string_569a3993.hurl b/cases/api_admin_teams_post_mutation_description_empty_string_569a3993.hurl deleted file mode 100644 index 2cd8e86..0000000 --- a/cases/api_admin_teams_post_mutation_description_empty_string_569a3993.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams - mutation: description empty string ── -# case_id=TC-569a3993 -# case_name=POST /api/admin/teams - mutation: description empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "", - "displayName": "his", - "name": "Alysson Tucker" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_post_mutation_description_integer_instead_of_string_4d295fcc.hurl b/cases/api_admin_teams_post_mutation_description_integer_instead_of_string_4d295fcc.hurl deleted file mode 100644 index 4fe4b43..0000000 --- a/cases/api_admin_teams_post_mutation_description_integer_instead_of_string_4d295fcc.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams - mutation: description integer instead of string ── -# case_id=TC-4d295fcc -# case_name=POST /api/admin/teams - mutation: description integer instead of string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": 12345, - "displayName": "his", - "name": "Alysson Tucker" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_post_mutation_description_null_value_672e2bba.hurl b/cases/api_admin_teams_post_mutation_description_null_value_672e2bba.hurl deleted file mode 100644 index e56d5d8..0000000 --- a/cases/api_admin_teams_post_mutation_description_null_value_672e2bba.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams - mutation: description null value ── -# case_id=TC-672e2bba -# case_name=POST /api/admin/teams - mutation: description null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": null, - "displayName": "his", - "name": "Alysson Tucker" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_post_mutation_description_oversized_string_300_chars_20eb5b64.hurl b/cases/api_admin_teams_post_mutation_description_oversized_string_300_chars_20eb5b64.hurl deleted file mode 100644 index f102517..0000000 --- a/cases/api_admin_teams_post_mutation_description_oversized_string_300_chars_20eb5b64.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams - mutation: description oversized string (300 chars) ── -# case_id=TC-20eb5b64 -# case_name=POST /api/admin/teams - mutation: description oversized string (300 chars) -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "displayName": "his", - "name": "Alysson Tucker" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_post_mutation_displayname_empty_string_34993282.hurl b/cases/api_admin_teams_post_mutation_displayname_empty_string_34993282.hurl deleted file mode 100644 index 52ec2e1..0000000 --- a/cases/api_admin_teams_post_mutation_displayname_empty_string_34993282.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams - mutation: displayName empty string ── -# case_id=TC-34993282 -# case_name=POST /api/admin/teams - mutation: displayName empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "At this point the review, you want the number.", - "displayName": "", - "name": "Alysson Tucker" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_post_mutation_displayname_integer_instead_of_string_c361779d.hurl b/cases/api_admin_teams_post_mutation_displayname_integer_instead_of_string_c361779d.hurl deleted file mode 100644 index 55f43c7..0000000 --- a/cases/api_admin_teams_post_mutation_displayname_integer_instead_of_string_c361779d.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams - mutation: displayName integer instead of string ── -# case_id=TC-c361779d -# case_name=POST /api/admin/teams - mutation: displayName integer instead of string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "At this point the review, you want the number.", - "displayName": 12345, - "name": "Alysson Tucker" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_post_mutation_displayname_null_value_782f4da8.hurl b/cases/api_admin_teams_post_mutation_displayname_null_value_782f4da8.hurl deleted file mode 100644 index f9a802a..0000000 --- a/cases/api_admin_teams_post_mutation_displayname_null_value_782f4da8.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams - mutation: displayName null value ── -# case_id=TC-782f4da8 -# case_name=POST /api/admin/teams - mutation: displayName null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "At this point the review, you want the number.", - "displayName": null, - "name": "Alysson Tucker" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_post_mutation_displayname_oversized_string_300_chars_b00969d7.hurl b/cases/api_admin_teams_post_mutation_displayname_oversized_string_300_chars_b00969d7.hurl deleted file mode 100644 index 8664ae6..0000000 --- a/cases/api_admin_teams_post_mutation_displayname_oversized_string_300_chars_b00969d7.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams - mutation: displayName oversized string (300 chars) ── -# case_id=TC-b00969d7 -# case_name=POST /api/admin/teams - mutation: displayName oversized string (300 chars) -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "At this point the review, you want the number.", - "displayName": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "name": "Alysson Tucker" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_post_mutation_name_empty_string_e4058fd4.hurl b/cases/api_admin_teams_post_mutation_name_empty_string_e4058fd4.hurl deleted file mode 100644 index 04676c9..0000000 --- a/cases/api_admin_teams_post_mutation_name_empty_string_e4058fd4.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams - mutation: name empty string ── -# case_id=TC-e4058fd4 -# case_name=POST /api/admin/teams - mutation: name empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "At this point the review, you want the number.", - "displayName": "his", - "name": "" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_post_mutation_name_null_value_ec9e6e43.hurl b/cases/api_admin_teams_post_mutation_name_null_value_ec9e6e43.hurl deleted file mode 100644 index 53c6a67..0000000 --- a/cases/api_admin_teams_post_mutation_name_null_value_ec9e6e43.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/teams - mutation: name null value ── -# case_id=TC-ec9e6e43 -# case_name=POST /api/admin/teams - mutation: name null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "At this point the review, you want the number.", - "displayName": "his", - "name": null -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_post_name_at_max_plus_one_invalid_boundary_5330751c.hurl b/cases/api_admin_teams_post_name_at_max_plus_one_invalid_boundary_5330751c.hurl deleted file mode 100644 index 206447d..0000000 --- a/cases/api_admin_teams_post_name_at_max_plus_one_invalid_boundary_5330751c.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - name at max_plus_one_invalid boundary ── -# case_id=TC-5330751c -# case_name=POST /api/admin/teams - name at max_plus_one_invalid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Set a realistic target for year.", - "displayName": "moreover", - "name": "NsuMXKIpRYHIsYlDqMIwHXCpmoJEoGRjveFxqkteFFRHsDPXXDkOZQyCTvmlDediiHwswqMHROyBnxWdJtPOyhacYUuBuSvUUwXvrUKWVzudMnyjVntJuUYzBPFCotHeHkpYmkHdUOShzqofcgBtwMxJUjYmOXFRzNOHavFSdrdDbcwRZENjxPYAsrFWybsnpNXjCoirqTPMReAhczhfudWubkAFgtGBfAYCjEEcpOFGrDbNiwwxeNwTsovFnExW" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_post_name_at_max_valid_boundary_b9c84944.hurl b/cases/api_admin_teams_post_name_at_max_valid_boundary_b9c84944.hurl deleted file mode 100644 index 69578f8..0000000 --- a/cases/api_admin_teams_post_name_at_max_valid_boundary_b9c84944.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/admin/teams - name at max_valid boundary ── -# case_id=TC-b9c84944 -# case_name=POST /api/admin/teams - name at max_valid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P1 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Set a realistic target for year.", - "displayName": "moreover", - "name": "QwCYspLXkpxGOghGBAQQBwflPXgoWvhGdSfHetGtYilHuuDTyQSJhKPGDgKczaCxDpqtPwSxTRBXZsvwyOKFUjPlXpiZYdiKJDkXXVdorLRBbSwkWgnsOYWFORpmxttOkrxBSpnwCjUTtdlyJAHEngHXxdIWDaffLvZkTZkWCJUVyiifCZgqSawuIlAGbEiAnDOroikvCBKifoHJslPiNnNblPtqCBgLmeBPgAYPdKbwYJijByQnQztRjhIMyOD" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_teams_post_name_at_min_minus_one_invalid_boundary_2ccbadc2.hurl b/cases/api_admin_teams_post_name_at_min_minus_one_invalid_boundary_2ccbadc2.hurl deleted file mode 100644 index ffe500c..0000000 --- a/cases/api_admin_teams_post_name_at_min_minus_one_invalid_boundary_2ccbadc2.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - name at min_minus_one_invalid boundary ── -# case_id=TC-2ccbadc2 -# case_name=POST /api/admin/teams - name at min_minus_one_invalid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Set a realistic target for year.", - "displayName": "moreover", - "name": "s" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_post_name_at_min_valid_boundary_084178e7.hurl b/cases/api_admin_teams_post_name_at_min_valid_boundary_084178e7.hurl deleted file mode 100644 index 161dd96..0000000 --- a/cases/api_admin_teams_post_name_at_min_valid_boundary_084178e7.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/admin/teams - name at min_valid boundary ── -# case_id=TC-084178e7 -# case_name=POST /api/admin/teams - name at min_valid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P1 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Set a realistic target for year.", - "displayName": "moreover", - "name": "X" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_teams_post_null_injection_description_5294fe7b.hurl b/cases/api_admin_teams_post_null_injection_description_5294fe7b.hurl deleted file mode 100644 index 5729613..0000000 --- a/cases/api_admin_teams_post_null_injection_description_5294fe7b.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - null injection: description ── -# case_id=TC-5294fe7b -# case_name=POST /api/admin/teams - null injection: description -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": null, - "displayName": "should", - "name": "Chloe Oliver" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_post_null_injection_displayname_acaa7cdb.hurl b/cases/api_admin_teams_post_null_injection_displayname_acaa7cdb.hurl deleted file mode 100644 index 1ac66d8..0000000 --- a/cases/api_admin_teams_post_null_injection_displayname_acaa7cdb.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - null injection: displayName ── -# case_id=TC-acaa7cdb -# case_name=POST /api/admin/teams - null injection: displayName -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Explicitly name the person before you wrap it.", - "displayName": null, - "name": "Chloe Oliver" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_post_null_injection_name_abe4e3e2.hurl b/cases/api_admin_teams_post_null_injection_name_abe4e3e2.hurl deleted file mode 100644 index f3eef6c..0000000 --- a/cases/api_admin_teams_post_null_injection_name_abe4e3e2.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - null injection: name ── -# case_id=TC-abe4e3e2 -# case_name=POST /api/admin/teams - null injection: name -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Explicitly name the person before you wrap it.", - "displayName": "should", - "name": null -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_post_owasp_api2_broken_authentication_0f5c6cec.hurl b/cases/api_admin_teams_post_owasp_api2_broken_authentication_0f5c6cec.hurl deleted file mode 100644 index 70ef75b..0000000 --- a/cases/api_admin_teams_post_owasp_api2_broken_authentication_0f5c6cec.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] POST /api/admin/teams — broken authentication ── -# case_id=TC-0f5c6cec -# case_name=[OWASP-API2] POST /api/admin/teams — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/teams - -HTTP 401 - diff --git a/cases/api_admin_teams_post_owasp_api5_function_level_authorization_missing_2df9f5ad.hurl b/cases/api_admin_teams_post_owasp_api5_function_level_authorization_missing_2df9f5ad.hurl deleted file mode 100644 index d6f775b..0000000 --- a/cases/api_admin_teams_post_owasp_api5_function_level_authorization_missing_2df9f5ad.hurl +++ /dev/null @@ -1,13 +0,0 @@ -# ── [OWASP-API5] POST /api/admin/teams — function-level authorization missing ── -# case_id=TC-2df9f5ad -# case_name=[OWASP-API5] POST /api/admin/teams — function-level authorization missing -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -POST {{base_url}}/api/admin/teams -Authorization: Bearer {{user_token}} - -HTTP 403 - diff --git a/cases/api_admin_teams_post_owasp_api6_mass_assignment_e17876cf.hurl b/cases/api_admin_teams_post_owasp_api6_mass_assignment_e17876cf.hurl deleted file mode 100644 index d4e368c..0000000 --- a/cases/api_admin_teams_post_owasp_api6_mass_assignment_e17876cf.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── [OWASP-API6] POST /api/admin/teams — mass assignment ── -# case_id=TC-e17876cf -# case_name=[OWASP-API6] POST /api/admin/teams — mass assignment -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "createdAt": "2000-01-01T00:00:00Z", - "description": "Prefer predictable government over surprising work.", - "displayName": "can", - "id": 99999, - "name": "Dane Bates", - "updatedAt": "2000-01-01T00:00:00Z" -} -``` - -HTTP 201 - -[Asserts] -jsonpath "$.id" != 99999 -jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" -jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" - diff --git a/cases/api_admin_teams_post_owasp_api7_injection_path_traversal_a1f1c968.hurl b/cases/api_admin_teams_post_owasp_api7_injection_path_traversal_a1f1c968.hurl deleted file mode 100644 index 8d55b56..0000000 --- a/cases/api_admin_teams_post_owasp_api7_injection_path_traversal_a1f1c968.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── [OWASP-API7] POST /api/admin/teams — injection (path-traversal) ── -# case_id=TC-a1f1c968 -# case_name=[OWASP-API7] POST /api/admin/teams — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "../../../etc/passwd" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_post_owasp_api7_injection_sqli_3e99ea9b.hurl b/cases/api_admin_teams_post_owasp_api7_injection_sqli_3e99ea9b.hurl deleted file mode 100644 index 957af36..0000000 --- a/cases/api_admin_teams_post_owasp_api7_injection_sqli_3e99ea9b.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── [OWASP-API7] POST /api/admin/teams — injection (sqli) ── -# case_id=TC-3e99ea9b -# case_name=[OWASP-API7] POST /api/admin/teams — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "' OR 1=1--" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_post_owasp_api7_injection_xss_a582e336.hurl b/cases/api_admin_teams_post_owasp_api7_injection_xss_a582e336.hurl deleted file mode 100644 index 0b1ba85..0000000 --- a/cases/api_admin_teams_post_owasp_api7_injection_xss_a582e336.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── [OWASP-API7] POST /api/admin/teams — injection (xss) ── -# case_id=TC-a582e336 -# case_name=[OWASP-API7] POST /api/admin/teams — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_post_required_omission_name_absent_7a6a3b1a.hurl b/cases/api_admin_teams_post_required_omission_name_absent_7a6a3b1a.hurl deleted file mode 100644 index 29e42b2..0000000 --- a/cases/api_admin_teams_post_required_omission_name_absent_7a6a3b1a.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/admin/teams - [required_omission] name absent ── -# case_id=TC-7a6a3b1a -# case_name=POST /api/admin/teams - [required_omission] name absent -# step_id=step-main -# step_type=test -# technique=required_omission -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Sample week at 11s intervals.", - "displayName": "annually" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_teams_post_schema_violation_name_missing_required_144ca893.hurl b/cases/api_admin_teams_post_schema_violation_name_missing_required_144ca893.hurl deleted file mode 100644 index 670dc7a..0000000 --- a/cases/api_admin_teams_post_schema_violation_name_missing_required_144ca893.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/admin/teams - [schema_violation] name_missing_required ── -# case_id=TC-144ca893 -# case_name=POST /api/admin/teams - [schema_violation] name_missing_required -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Alert on person thresholds then.", - "displayName": "most" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_post_schema_violation_name_too_short_2d1be97b.hurl b/cases/api_admin_teams_post_schema_violation_name_too_short_2d1be97b.hurl deleted file mode 100644 index 1d1b43b..0000000 --- a/cases/api_admin_teams_post_schema_violation_name_too_short_2d1be97b.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - [schema_violation] name_too_short ── -# case_id=TC-2d1be97b -# case_name=POST /api/admin/teams - [schema_violation] name_too_short -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Alert on person thresholds then.", - "displayName": "most", - "name": "" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_post_type_coercion_description_wrong_type_boolean_bf50b6f1.hurl b/cases/api_admin_teams_post_type_coercion_description_wrong_type_boolean_bf50b6f1.hurl deleted file mode 100644 index b183cee..0000000 --- a/cases/api_admin_teams_post_type_coercion_description_wrong_type_boolean_bf50b6f1.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - [type_coercion] description wrong_type_boolean ── -# case_id=TC-bf50b6f1 -# case_name=POST /api/admin/teams - [type_coercion] description wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": true, - "displayName": "yet", - "name": "Ardith Cole" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_post_type_coercion_description_wrong_type_integer_1aea557e.hurl b/cases/api_admin_teams_post_type_coercion_description_wrong_type_integer_1aea557e.hurl deleted file mode 100644 index 1d72f17..0000000 --- a/cases/api_admin_teams_post_type_coercion_description_wrong_type_integer_1aea557e.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - [type_coercion] description wrong_type_integer ── -# case_id=TC-1aea557e -# case_name=POST /api/admin/teams - [type_coercion] description wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": 123, - "displayName": "yet", - "name": "Ardith Cole" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_post_type_coercion_displayname_wrong_type_boolean_97c4c8ca.hurl b/cases/api_admin_teams_post_type_coercion_displayname_wrong_type_boolean_97c4c8ca.hurl deleted file mode 100644 index 3355aa3..0000000 --- a/cases/api_admin_teams_post_type_coercion_displayname_wrong_type_boolean_97c4c8ca.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - [type_coercion] displayName wrong_type_boolean ── -# case_id=TC-97c4c8ca -# case_name=POST /api/admin/teams - [type_coercion] displayName wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Map the happy path through part.", - "displayName": true, - "name": "Ardith Cole" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_post_type_coercion_displayname_wrong_type_integer_759d30e5.hurl b/cases/api_admin_teams_post_type_coercion_displayname_wrong_type_integer_759d30e5.hurl deleted file mode 100644 index bbc24b4..0000000 --- a/cases/api_admin_teams_post_type_coercion_displayname_wrong_type_integer_759d30e5.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - [type_coercion] displayName wrong_type_integer ── -# case_id=TC-759d30e5 -# case_name=POST /api/admin/teams - [type_coercion] displayName wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Map the happy path through part.", - "displayName": 123, - "name": "Ardith Cole" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_post_type_coercion_name_wrong_type_boolean_b516cdc6.hurl b/cases/api_admin_teams_post_type_coercion_name_wrong_type_boolean_b516cdc6.hurl deleted file mode 100644 index 164b9d0..0000000 --- a/cases/api_admin_teams_post_type_coercion_name_wrong_type_boolean_b516cdc6.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - [type_coercion] name wrong_type_boolean ── -# case_id=TC-b516cdc6 -# case_name=POST /api/admin/teams - [type_coercion] name wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Map the happy path through part.", - "displayName": "yet", - "name": true -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_post_type_coercion_name_wrong_type_integer_05c0d231.hurl b/cases/api_admin_teams_post_type_coercion_name_wrong_type_integer_05c0d231.hurl deleted file mode 100644 index 5e97c67..0000000 --- a/cases/api_admin_teams_post_type_coercion_name_wrong_type_integer_05c0d231.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - [type_coercion] name wrong_type_integer ── -# case_id=TC-05c0d231 -# case_name=POST /api/admin/teams - [type_coercion] name wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Map the happy path through part.", - "displayName": "yet", - "name": 123 -} -``` - -HTTP 422 - diff --git a/cases/api_admin_teams_post_unicode_fuzzing_description_bidi_override_d96ca637.hurl b/cases/api_admin_teams_post_unicode_fuzzing_description_bidi_override_d96ca637.hurl deleted file mode 100644 index 449e958..0000000 --- a/cases/api_admin_teams_post_unicode_fuzzing_description_bidi_override_d96ca637.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - [unicode_fuzzing] description bidi_override ── -# case_id=TC-d96ca637 -# case_name=POST /api/admin/teams - [unicode_fuzzing] description bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "‮hello", - "displayName": "example", - "name": "Thomas Castillo" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_post_unicode_fuzzing_description_control_char_8656dd0b.hurl b/cases/api_admin_teams_post_unicode_fuzzing_description_control_char_8656dd0b.hurl deleted file mode 100644 index 6755807..0000000 --- a/cases/api_admin_teams_post_unicode_fuzzing_description_control_char_8656dd0b.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - [unicode_fuzzing] description control_char ── -# case_id=TC-8656dd0b -# case_name=POST /api/admin/teams - [unicode_fuzzing] description control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "hello\u0000world", - "displayName": "example", - "name": "Thomas Castillo" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_post_unicode_fuzzing_description_overlong_432c6afa.hurl b/cases/api_admin_teams_post_unicode_fuzzing_description_overlong_432c6afa.hurl deleted file mode 100644 index 1cc92d7..0000000 --- a/cases/api_admin_teams_post_unicode_fuzzing_description_overlong_432c6afa.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - [unicode_fuzzing] description overlong ── -# case_id=TC-432c6afa -# case_name=POST /api/admin/teams - [unicode_fuzzing] description overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "displayName": "example", - "name": "Thomas Castillo" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_post_unicode_fuzzing_description_zalgo_760794e2.hurl b/cases/api_admin_teams_post_unicode_fuzzing_description_zalgo_760794e2.hurl deleted file mode 100644 index d9ca2dd..0000000 --- a/cases/api_admin_teams_post_unicode_fuzzing_description_zalgo_760794e2.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - [unicode_fuzzing] description zalgo ── -# case_id=TC-760794e2 -# case_name=POST /api/admin/teams - [unicode_fuzzing] description zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "z̀́̂̃̄̅̆̇a", - "displayName": "example", - "name": "Thomas Castillo" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_post_unicode_fuzzing_description_zero_width_5161dc9c.hurl b/cases/api_admin_teams_post_unicode_fuzzing_description_zero_width_5161dc9c.hurl deleted file mode 100644 index 73b7b02..0000000 --- a/cases/api_admin_teams_post_unicode_fuzzing_description_zero_width_5161dc9c.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - [unicode_fuzzing] description zero_width ── -# case_id=TC-5161dc9c -# case_name=POST /api/admin/teams - [unicode_fuzzing] description zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "​hello", - "displayName": "example", - "name": "Thomas Castillo" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_post_unicode_fuzzing_displayname_bidi_override_693c8224.hurl b/cases/api_admin_teams_post_unicode_fuzzing_displayname_bidi_override_693c8224.hurl deleted file mode 100644 index a3c3e0b..0000000 --- a/cases/api_admin_teams_post_unicode_fuzzing_displayname_bidi_override_693c8224.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - [unicode_fuzzing] displayName bidi_override ── -# case_id=TC-693c8224 -# case_name=POST /api/admin/teams - [unicode_fuzzing] displayName bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Review the woman every 2 weeks.", - "displayName": "‮hello", - "name": "Thomas Castillo" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_post_unicode_fuzzing_displayname_control_char_7ead4ab7.hurl b/cases/api_admin_teams_post_unicode_fuzzing_displayname_control_char_7ead4ab7.hurl deleted file mode 100644 index 48e9fa4..0000000 --- a/cases/api_admin_teams_post_unicode_fuzzing_displayname_control_char_7ead4ab7.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - [unicode_fuzzing] displayName control_char ── -# case_id=TC-7ead4ab7 -# case_name=POST /api/admin/teams - [unicode_fuzzing] displayName control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Review the woman every 2 weeks.", - "displayName": "hello\u0000world", - "name": "Thomas Castillo" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_post_unicode_fuzzing_displayname_overlong_3d12d252.hurl b/cases/api_admin_teams_post_unicode_fuzzing_displayname_overlong_3d12d252.hurl deleted file mode 100644 index b40c8be..0000000 --- a/cases/api_admin_teams_post_unicode_fuzzing_displayname_overlong_3d12d252.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - [unicode_fuzzing] displayName overlong ── -# case_id=TC-3d12d252 -# case_name=POST /api/admin/teams - [unicode_fuzzing] displayName overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Review the woman every 2 weeks.", - "displayName": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "name": "Thomas Castillo" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_post_unicode_fuzzing_displayname_zalgo_6474b9c1.hurl b/cases/api_admin_teams_post_unicode_fuzzing_displayname_zalgo_6474b9c1.hurl deleted file mode 100644 index bf3a1ad..0000000 --- a/cases/api_admin_teams_post_unicode_fuzzing_displayname_zalgo_6474b9c1.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - [unicode_fuzzing] displayName zalgo ── -# case_id=TC-6474b9c1 -# case_name=POST /api/admin/teams - [unicode_fuzzing] displayName zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Review the woman every 2 weeks.", - "displayName": "z̀́̂̃̄̅̆̇a", - "name": "Thomas Castillo" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_post_unicode_fuzzing_displayname_zero_width_8b028ce1.hurl b/cases/api_admin_teams_post_unicode_fuzzing_displayname_zero_width_8b028ce1.hurl deleted file mode 100644 index 8cb7aa4..0000000 --- a/cases/api_admin_teams_post_unicode_fuzzing_displayname_zero_width_8b028ce1.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - [unicode_fuzzing] displayName zero_width ── -# case_id=TC-8b028ce1 -# case_name=POST /api/admin/teams - [unicode_fuzzing] displayName zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Review the woman every 2 weeks.", - "displayName": "​hello", - "name": "Thomas Castillo" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_post_unicode_fuzzing_name_bidi_override_19447855.hurl b/cases/api_admin_teams_post_unicode_fuzzing_name_bidi_override_19447855.hurl deleted file mode 100644 index b212481..0000000 --- a/cases/api_admin_teams_post_unicode_fuzzing_name_bidi_override_19447855.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - [unicode_fuzzing] name bidi_override ── -# case_id=TC-19447855 -# case_name=POST /api/admin/teams - [unicode_fuzzing] name bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Review the woman every 2 weeks.", - "displayName": "example", - "name": "‮hello" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_post_unicode_fuzzing_name_control_char_4e8b3875.hurl b/cases/api_admin_teams_post_unicode_fuzzing_name_control_char_4e8b3875.hurl deleted file mode 100644 index ad5cf22..0000000 --- a/cases/api_admin_teams_post_unicode_fuzzing_name_control_char_4e8b3875.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - [unicode_fuzzing] name control_char ── -# case_id=TC-4e8b3875 -# case_name=POST /api/admin/teams - [unicode_fuzzing] name control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Review the woman every 2 weeks.", - "displayName": "example", - "name": "hello\u0000world" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_post_unicode_fuzzing_name_overlong_ee78ddc5.hurl b/cases/api_admin_teams_post_unicode_fuzzing_name_overlong_ee78ddc5.hurl deleted file mode 100644 index 9f97995..0000000 --- a/cases/api_admin_teams_post_unicode_fuzzing_name_overlong_ee78ddc5.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - [unicode_fuzzing] name overlong ── -# case_id=TC-ee78ddc5 -# case_name=POST /api/admin/teams - [unicode_fuzzing] name overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Review the woman every 2 weeks.", - "displayName": "example", - "name": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_post_unicode_fuzzing_name_zalgo_b42d8584.hurl b/cases/api_admin_teams_post_unicode_fuzzing_name_zalgo_b42d8584.hurl deleted file mode 100644 index 103009e..0000000 --- a/cases/api_admin_teams_post_unicode_fuzzing_name_zalgo_b42d8584.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - [unicode_fuzzing] name zalgo ── -# case_id=TC-b42d8584 -# case_name=POST /api/admin/teams - [unicode_fuzzing] name zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Review the woman every 2 weeks.", - "displayName": "example", - "name": "z̀́̂̃̄̅̆̇a" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_post_unicode_fuzzing_name_zero_width_76a6b2ca.hurl b/cases/api_admin_teams_post_unicode_fuzzing_name_zero_width_76a6b2ca.hurl deleted file mode 100644 index d3f1838..0000000 --- a/cases/api_admin_teams_post_unicode_fuzzing_name_zero_width_76a6b2ca.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - [unicode_fuzzing] name zero_width ── -# case_id=TC-76a6b2ca -# case_name=POST /api/admin/teams - [unicode_fuzzing] name zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Review the woman every 2 weeks.", - "displayName": "example", - "name": "​hello" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_teams_post_valid_request_with_all_required_fields_17f73440.hurl b/cases/api_admin_teams_post_valid_request_with_all_required_fields_17f73440.hurl deleted file mode 100644 index 66f3b9e..0000000 --- a/cases/api_admin_teams_post_valid_request_with_all_required_fields_17f73440.hurl +++ /dev/null @@ -1,30 +0,0 @@ -# ── POST /api/admin/teams - valid request with all required fields ── -# case_id=TC-17f73440 -# case_name=POST /api/admin/teams - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Explicitly name the year before you enlist it.", - "displayName": "downstairs", - "name": "Amie Paul" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.isDefault" exists -jsonpath "$.isDeletable" exists -jsonpath "$.name" exists -jsonpath "$.createdAt" exists -jsonpath "$.description" exists -jsonpath "$.displayName" exists -jsonpath "$.id" exists - diff --git a/cases/api_admin_teams_post_wrong_content_type_text_plain_bd5b4e9e.hurl b/cases/api_admin_teams_post_wrong_content_type_text_plain_bd5b4e9e.hurl deleted file mode 100644 index 76fc873..0000000 --- a/cases/api_admin_teams_post_wrong_content_type_text_plain_bd5b4e9e.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/admin/teams - wrong content-type (text/plain) ── -# case_id=TC-bd5b4e9e -# case_name=POST /api/admin/teams - wrong content-type (text/plain) -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/admin/teams -Content-Type: text/plain -```json -{ - "description": "Explicitly name the person before you wrap it.", - "displayName": "should", - "name": "Chloe Oliver" -} -``` - -HTTP 415 - diff --git a/cases/api_admin_teams_sequence_chain_delete_api_admin_grants_id_70b060a1.hurl b/cases/api_admin_teams_sequence_chain_delete_api_admin_grants_id_70b060a1.hurl deleted file mode 100644 index 1c29620..0000000 --- a/cases/api_admin_teams_sequence_chain_delete_api_admin_grants_id_70b060a1.hurl +++ /dev/null @@ -1,44 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/teams → DELETE /api/admin/grants/{id} -# case_id=TC-70b060a1 -# case_name=sequence chain: /api/admin/teams → DELETE /api/admin/grants/{id} -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/teams [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/teams - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Ours child be ready for irritation.", - "displayName": "daily", - "name": "Cordell Marshall" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via DELETE /api/admin/grants/{id} [test] ── -# step_id=step-test -# step_type=test -# title=use via DELETE /api/admin/grants/{id} -# depends_on=step-setup - -DELETE {{base_url}}/api/admin/grants/{{id}} - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_teams_sequence_chain_delete_api_admin_users_id_f0f67b06.hurl b/cases/api_admin_teams_sequence_chain_delete_api_admin_users_id_f0f67b06.hurl deleted file mode 100644 index c2a6801..0000000 --- a/cases/api_admin_teams_sequence_chain_delete_api_admin_users_id_f0f67b06.hurl +++ /dev/null @@ -1,44 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/teams → DELETE /api/admin/users/{id} -# case_id=TC-f0f67b06 -# case_name=sequence chain: /api/admin/teams → DELETE /api/admin/users/{id} -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/teams [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/teams - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Invite review for the group in Birmingham.", - "displayName": "eventually", - "name": "Robyn Williams" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via DELETE /api/admin/users/{id} [test] ── -# step_id=step-test -# step_type=test -# title=use via DELETE /api/admin/users/{id} -# depends_on=step-setup - -DELETE {{base_url}}/api/admin/users/{{id}} - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_grants_6aeda09f.hurl b/cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_grants_6aeda09f.hurl deleted file mode 100644 index 491aca1..0000000 --- a/cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_grants_6aeda09f.hurl +++ /dev/null @@ -1,44 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/teams → GET /api/admin/teams/{id}/grants -# case_id=TC-6aeda09f -# case_name=sequence chain: /api/admin/teams → GET /api/admin/teams/{id}/grants -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/teams [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/teams - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "They ski patiently to stabilize the year.", - "displayName": "fiercely", - "name": "Cassandra Robbins" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via GET /api/admin/teams/{id}/grants [test] ── -# step_id=step-test -# step_type=test -# title=use via GET /api/admin/teams/{id}/grants -# depends_on=step-setup - -GET {{base_url}}/api/admin/teams/{{id}}/grants - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_members_0cb6ef87.hurl b/cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_members_0cb6ef87.hurl deleted file mode 100644 index 02479c0..0000000 --- a/cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_members_0cb6ef87.hurl +++ /dev/null @@ -1,44 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/teams → GET /api/admin/teams/{id}/members -# case_id=TC-0cb6ef87 -# case_name=sequence chain: /api/admin/teams → GET /api/admin/teams/{id}/members -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/teams [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/teams - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Mind the hand, then celebrate!", - "displayName": "ride", - "name": "Dolores Grady" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via GET /api/admin/teams/{id}/members [test] ── -# step_id=step-test -# step_type=test -# title=use via GET /api/admin/teams/{id}/members -# depends_on=step-setup - -GET {{base_url}}/api/admin/teams/{{id}}/members - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_services_3642a068.hurl b/cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_services_3642a068.hurl deleted file mode 100644 index dff1e62..0000000 --- a/cases/api_admin_teams_sequence_chain_get_api_admin_teams_id_services_3642a068.hurl +++ /dev/null @@ -1,44 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/teams → GET /api/admin/teams/{id}/services -# case_id=TC-3642a068 -# case_name=sequence chain: /api/admin/teams → GET /api/admin/teams/{id}/services -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/teams [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/teams - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Track problem over time weekly.", - "displayName": "of", - "name": "Owen Perez" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via GET /api/admin/teams/{id}/services [test] ── -# step_id=step-test -# step_type=test -# title=use via GET /api/admin/teams/{id}/services -# depends_on=step-setup - -GET {{base_url}}/api/admin/teams/{{id}}/services - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_teams_sequence_chain_post_api_admin_teams_id_grants_1b66938a.hurl b/cases/api_admin_teams_sequence_chain_post_api_admin_teams_id_grants_1b66938a.hurl deleted file mode 100644 index 3fbe3eb..0000000 --- a/cases/api_admin_teams_sequence_chain_post_api_admin_teams_id_grants_1b66938a.hurl +++ /dev/null @@ -1,56 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/teams → POST /api/admin/teams/{id}/grants -# case_id=TC-1b66938a -# case_name=sequence chain: /api/admin/teams → POST /api/admin/teams/{id}/grants -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/teams [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/teams - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Evenings in Oakland invite quieter man.", - "displayName": "which", - "name": "Clifton Shields" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via POST /api/admin/teams/{id}/grants [test] ── -# step_id=step-test -# step_type=test -# title=use via POST /api/admin/teams/{id}/grants -# depends_on=step-setup - -POST {{base_url}}/api/admin/teams/{{id}}/grants -Content-Type: application/json -```json -{ - "branches": [ - "it" - ], - "expiresAt": "2001-12-10T08:50:19Z", - "granteeTeamId": "722fd61c-8b80-44f6-9e81-c9c8550ab73d", - "granteeUserId": "a1efd1eb-3a36-4f78-85fb-7edd1d4af481", - "serviceId": "2a7ed0b1-582d-4271-9b40-91828aded5f0" -} -``` - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_teams_sequence_chain_post_api_admin_teams_id_members_210690e6.hurl b/cases/api_admin_teams_sequence_chain_post_api_admin_teams_id_members_210690e6.hurl deleted file mode 100644 index 8a0ee99..0000000 --- a/cases/api_admin_teams_sequence_chain_post_api_admin_teams_id_members_210690e6.hurl +++ /dev/null @@ -1,51 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/teams → POST /api/admin/teams/{id}/members -# case_id=TC-210690e6 -# case_name=sequence chain: /api/admin/teams → POST /api/admin/teams/{id}/members -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/teams [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/teams - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Weekends reserve time for Animation and fact.", - "displayName": "today", - "name": "Jeffrey Lyons" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via POST /api/admin/teams/{id}/members [test] ── -# step_id=step-test -# step_type=test -# title=use via POST /api/admin/teams/{id}/members -# depends_on=step-setup - -POST {{base_url}}/api/admin/teams/{{id}}/members -Content-Type: application/json -```json -{ - "role": "owner", - "userId": "45f53f9f-487d-4010-8fff-c2d438433278" -} -``` - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_teams_sequence_chain_put_api_admin_services_serviceid_team_8cbdf061.hurl b/cases/api_admin_teams_sequence_chain_put_api_admin_services_serviceid_team_8cbdf061.hurl deleted file mode 100644 index be2149e..0000000 --- a/cases/api_admin_teams_sequence_chain_put_api_admin_services_serviceid_team_8cbdf061.hurl +++ /dev/null @@ -1,50 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/teams → PUT /api/admin/services/{serviceId}/team -# case_id=TC-8cbdf061 -# case_name=sequence chain: /api/admin/teams → PUT /api/admin/services/{serviceId}/team -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/teams [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/teams - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Optimize company for light clarity.", - "displayName": "many", - "name": "Christina Patterson" -} -``` - -HTTP * - -[Captures] -serviceId: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via PUT /api/admin/services/{serviceId}/team [test] ── -# step_id=step-test -# step_type=test -# title=use via PUT /api/admin/services/{serviceId}/team -# depends_on=step-setup - -PUT {{base_url}}/api/admin/services/{{serviceId}}/team -Content-Type: application/json -```json -{ - "teamId": "40d2db88-109b-49a0-8983-e2740333822a" -} -``` - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_teams_sequence_chain_put_api_admin_users_id_2d5ea99d.hurl b/cases/api_admin_teams_sequence_chain_put_api_admin_users_id_2d5ea99d.hurl deleted file mode 100644 index 6b07181..0000000 --- a/cases/api_admin_teams_sequence_chain_put_api_admin_users_id_2d5ea99d.hurl +++ /dev/null @@ -1,51 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/teams → PUT /api/admin/users/{id} -# case_id=TC-2d5ea99d -# case_name=sequence chain: /api/admin/teams → PUT /api/admin/users/{id} -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/teams [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/teams - -POST {{base_url}}/api/admin/teams -Content-Type: application/json -```json -{ - "description": "Stage number behind feature flags.", - "displayName": "sew", - "name": "Stanley Purdy" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via PUT /api/admin/users/{id} [test] ── -# step_id=step-test -# step_type=test -# title=use via PUT /api/admin/users/{id} -# depends_on=step-setup - -PUT {{base_url}}/api/admin/users/{{id}} -Content-Type: application/json -```json -{ - "isActive": false, - "role": "super_admin" -} -``` - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_users_get_auth_chain_e4ef12fa.hurl b/cases/api_admin_users_get_auth_chain_e4ef12fa.hurl deleted file mode 100644 index da20d31..0000000 --- a/cases/api_admin_users_get_auth_chain_e4ef12fa.hurl +++ /dev/null @@ -1,44 +0,0 @@ -# ══════════════════════════════════════════════════ -# auth chain: GET /api/admin/users -# case_id=TC-e4ef12fa -# case_name=auth chain: GET /api/admin/users -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── authenticate via POST /api/tokens [setup] ── -# step_id=step-auth -# step_type=setup -# title=authenticate via POST /api/tokens - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Jakob Jensen", - "scope": "write" -} -``` - -HTTP * - -[Captures] -authToken: jsonpath "$.token" - -[Asserts] -status < 300 - -# ── GET /api/admin/users with auth token [test] ── -# step_id=step-test -# step_type=test -# title=GET /api/admin/users with auth token -# depends_on=step-auth - -GET {{base_url}}/api/admin/users -Authorization: Bearer {{authToken}} - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_users_get_owasp_api2_broken_authentication_aaffe36c.hurl b/cases/api_admin_users_get_owasp_api2_broken_authentication_aaffe36c.hurl deleted file mode 100644 index 71f0d88..0000000 --- a/cases/api_admin_users_get_owasp_api2_broken_authentication_aaffe36c.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] GET /api/admin/users — broken authentication ── -# case_id=TC-aaffe36c -# case_name=[OWASP-API2] GET /api/admin/users — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/admin/users - -HTTP 401 - diff --git a/cases/api_admin_users_get_owasp_api5_function_level_authorization_missing_3724bb26.hurl b/cases/api_admin_users_get_owasp_api5_function_level_authorization_missing_3724bb26.hurl deleted file mode 100644 index c263b3f..0000000 --- a/cases/api_admin_users_get_owasp_api5_function_level_authorization_missing_3724bb26.hurl +++ /dev/null @@ -1,13 +0,0 @@ -# ── [OWASP-API5] GET /api/admin/users — function-level authorization missing ── -# case_id=TC-3724bb26 -# case_name=[OWASP-API5] GET /api/admin/users — function-level authorization missing -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -GET {{base_url}}/api/admin/users -Authorization: Bearer {{user_token}} - -HTTP 403 - diff --git a/cases/api_admin_users_get_valid_request_with_all_required_fields_e7fb82c9.hurl b/cases/api_admin_users_get_valid_request_with_all_required_fields_e7fb82c9.hurl deleted file mode 100644 index 1c82d4f..0000000 --- a/cases/api_admin_users_get_valid_request_with_all_required_fields_e7fb82c9.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── GET /api/admin/users - valid request with all required fields ── -# case_id=TC-e7fb82c9 -# case_name=GET /api/admin/users - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -GET {{base_url}}/api/admin/users - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.users" exists - diff --git a/cases/api_admin_users_id_delete_idempotent_second_call_must_be_safe_380dcf78.hurl b/cases/api_admin_users_id_delete_idempotent_second_call_must_be_safe_380dcf78.hurl deleted file mode 100644 index 858736b..0000000 --- a/cases/api_admin_users_id_delete_idempotent_second_call_must_be_safe_380dcf78.hurl +++ /dev/null @@ -1,33 +0,0 @@ -# ══════════════════════════════════════════════════ -# DELETE /api/admin/users/{id} - idempotent: second call must be safe -# case_id=TC-380dcf78 -# case_name=DELETE /api/admin/users/{id} - idempotent: second call must be safe -# case_kind=chain -# priority=P2 -# ══════════════════════════════════════════════════ - -# ── DELETE /api/admin/users/{id} — first call [setup] ── -# step_id=step-setup -# step_type=setup -# title=DELETE /api/admin/users/{id} — first call - -DELETE {{base_url}}/api/admin/users/{id} - -HTTP 200 - -[Asserts] -duration < 2000 - -# ── DELETE /api/admin/users/{id} — identical second call must be safe [test] ── -# step_id=step-test -# step_type=test -# title=DELETE /api/admin/users/{id} — identical second call must be safe -# depends_on=step-setup - -DELETE {{base_url}}/api/admin/users/{id} - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_users_id_delete_idor_id_0_zero_id_f8eac138.hurl b/cases/api_admin_users_id_delete_idor_id_0_zero_id_f8eac138.hurl deleted file mode 100644 index cb17122..0000000 --- a/cases/api_admin_users_id_delete_idor_id_0_zero_id_f8eac138.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── DELETE /api/admin/users/{id} - IDOR id=0 (zero_id) ── -# case_id=TC-f8eac138 -# case_name=DELETE /api/admin/users/{id} - IDOR id=0 (zero_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -DELETE {{base_url}}/api/admin/users/0 - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_users_id_delete_idor_id_99999_alt_id_f53c958f.hurl b/cases/api_admin_users_id_delete_idor_id_99999_alt_id_f53c958f.hurl deleted file mode 100644 index eef2278..0000000 --- a/cases/api_admin_users_id_delete_idor_id_99999_alt_id_f53c958f.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── DELETE /api/admin/users/{id} - IDOR id=99999 (alt_id) ── -# case_id=TC-f53c958f -# case_name=DELETE /api/admin/users/{id} - IDOR id=99999 (alt_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -DELETE {{base_url}}/api/admin/users/99999 - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_users_id_delete_missing_required_param_id_abfeb37c.hurl b/cases/api_admin_users_id_delete_missing_required_param_id_abfeb37c.hurl deleted file mode 100644 index 2f64d33..0000000 --- a/cases/api_admin_users_id_delete_missing_required_param_id_abfeb37c.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── DELETE /api/admin/users/{id} - missing required param "id" ── -# case_id=TC-abfeb37c -# case_name=DELETE /api/admin/users/{id} - missing required param "id" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -DELETE {{base_url}}/api/admin/users/1 - -HTTP 422 - diff --git a/cases/api_admin_users_id_delete_owasp_api1_bola_unauthorized_access_073a78a5.hurl b/cases/api_admin_users_id_delete_owasp_api1_bola_unauthorized_access_073a78a5.hurl deleted file mode 100644 index bb549c8..0000000 --- a/cases/api_admin_users_id_delete_owasp_api1_bola_unauthorized_access_073a78a5.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API1] DELETE /api/admin/users/{id} — BOLA unauthorized access ── -# case_id=TC-073a78a5 -# case_name=[OWASP-API1] DELETE /api/admin/users/{id} — BOLA unauthorized access -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/users/{{other_resource_id}} - -HTTP 403 - diff --git a/cases/api_admin_users_id_delete_owasp_api2_broken_authentication_5cc69e63.hurl b/cases/api_admin_users_id_delete_owasp_api2_broken_authentication_5cc69e63.hurl deleted file mode 100644 index a0e4871..0000000 --- a/cases/api_admin_users_id_delete_owasp_api2_broken_authentication_5cc69e63.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] DELETE /api/admin/users/{id} — broken authentication ── -# case_id=TC-5cc69e63 -# case_name=[OWASP-API2] DELETE /api/admin/users/{id} — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/users/{id} - -HTTP 401 - diff --git a/cases/api_admin_users_id_delete_owasp_api5_function_level_authorization_missing_4c861285.hurl b/cases/api_admin_users_id_delete_owasp_api5_function_level_authorization_missing_4c861285.hurl deleted file mode 100644 index 91e139e..0000000 --- a/cases/api_admin_users_id_delete_owasp_api5_function_level_authorization_missing_4c861285.hurl +++ /dev/null @@ -1,13 +0,0 @@ -# ── [OWASP-API5] DELETE /api/admin/users/{id} — function-level authorization missing ── -# case_id=TC-4c861285 -# case_name=[OWASP-API5] DELETE /api/admin/users/{id} — function-level authorization missing -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -DELETE {{base_url}}/api/admin/users/{id} -Authorization: Bearer {{user_token}} - -HTTP 403 - diff --git a/cases/api_admin_users_id_delete_owasp_api7_injection_path_traversal_9a54d420.hurl b/cases/api_admin_users_id_delete_owasp_api7_injection_path_traversal_9a54d420.hurl deleted file mode 100644 index db4ad2b..0000000 --- a/cases/api_admin_users_id_delete_owasp_api7_injection_path_traversal_9a54d420.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] DELETE /api/admin/users/{id} — injection (path-traversal) ── -# case_id=TC-9a54d420 -# case_name=[OWASP-API7] DELETE /api/admin/users/{id} — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/users/..%2F..%2F..%2Fetc%2Fpasswd -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_users_id_delete_owasp_api7_injection_sqli_35704eb4.hurl b/cases/api_admin_users_id_delete_owasp_api7_injection_sqli_35704eb4.hurl deleted file mode 100644 index 0a045e8..0000000 --- a/cases/api_admin_users_id_delete_owasp_api7_injection_sqli_35704eb4.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] DELETE /api/admin/users/{id} — injection (sqli) ── -# case_id=TC-35704eb4 -# case_name=[OWASP-API7] DELETE /api/admin/users/{id} — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/users/%27%20OR%201=1-- -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_users_id_delete_owasp_api7_injection_xss_ae1228c7.hurl b/cases/api_admin_users_id_delete_owasp_api7_injection_xss_ae1228c7.hurl deleted file mode 100644 index a0d26d7..0000000 --- a/cases/api_admin_users_id_delete_owasp_api7_injection_xss_ae1228c7.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] DELETE /api/admin/users/{id} — injection (xss) ── -# case_id=TC-ae1228c7 -# case_name=[OWASP-API7] DELETE /api/admin/users/{id} — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/users/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_users_id_delete_valid_request_with_all_required_fields_fd2d7e20.hurl b/cases/api_admin_users_id_delete_valid_request_with_all_required_fields_fd2d7e20.hurl deleted file mode 100644 index f65ceba..0000000 --- a/cases/api_admin_users_id_delete_valid_request_with_all_required_fields_fd2d7e20.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── DELETE /api/admin/users/{id} - valid request with all required fields ── -# case_id=TC-fd2d7e20 -# case_name=DELETE /api/admin/users/{id} - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -DELETE {{base_url}}/api/admin/users/{id} - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.ok" exists - diff --git a/cases/api_admin_users_id_options_owasp_api8_cors_security_configuration_e0b5b44a.hurl b/cases/api_admin_users_id_options_owasp_api8_cors_security_configuration_e0b5b44a.hurl deleted file mode 100644 index 3041b34..0000000 --- a/cases/api_admin_users_id_options_owasp_api8_cors_security_configuration_e0b5b44a.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/admin/users/{id} — CORS security configuration ── -# case_id=TC-e0b5b44a -# case_name=[OWASP-API8] OPTIONS /api/admin/users/{id} — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/admin/users/{id} -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_admin_users_id_put_idempotent_second_call_must_be_safe_383d2878.hurl b/cases/api_admin_users_id_put_idempotent_second_call_must_be_safe_383d2878.hurl deleted file mode 100644 index ce8253a..0000000 --- a/cases/api_admin_users_id_put_idempotent_second_call_must_be_safe_383d2878.hurl +++ /dev/null @@ -1,47 +0,0 @@ -# ══════════════════════════════════════════════════ -# PUT /api/admin/users/{id} - idempotent: second call must be safe -# case_id=TC-383d2878 -# case_name=PUT /api/admin/users/{id} - idempotent: second call must be safe -# case_kind=chain -# priority=P2 -# ══════════════════════════════════════════════════ - -# ── PUT /api/admin/users/{id} — first call [setup] ── -# step_id=step-setup -# step_type=setup -# title=PUT /api/admin/users/{id} — first call - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": false, - "role": "team_owner" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - -# ── PUT /api/admin/users/{id} — identical second call must be safe [test] ── -# step_id=step-test -# step_type=test -# title=PUT /api/admin/users/{id} — identical second call must be safe -# depends_on=step-setup - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": false, - "role": "team_owner" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_users_id_put_idor_id_0_zero_id_1420839c.hurl b/cases/api_admin_users_id_put_idor_id_0_zero_id_1420839c.hurl deleted file mode 100644 index 174d5f8..0000000 --- a/cases/api_admin_users_id_put_idor_id_0_zero_id_1420839c.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── PUT /api/admin/users/{id} - IDOR id=0 (zero_id) ── -# case_id=TC-1420839c -# case_name=PUT /api/admin/users/{id} - IDOR id=0 (zero_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -PUT {{base_url}}/api/admin/users/0 - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_users_id_put_idor_id_99999_alt_id_b306fbb7.hurl b/cases/api_admin_users_id_put_idor_id_99999_alt_id_b306fbb7.hurl deleted file mode 100644 index 8982860..0000000 --- a/cases/api_admin_users_id_put_idor_id_99999_alt_id_b306fbb7.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── PUT /api/admin/users/{id} - IDOR id=99999 (alt_id) ── -# case_id=TC-b306fbb7 -# case_name=PUT /api/admin/users/{id} - IDOR id=99999 (alt_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -PUT {{base_url}}/api/admin/users/99999 - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_users_id_put_invalid_isactive_wrong_type_string_for_boolean_9a696767.hurl b/cases/api_admin_users_id_put_invalid_isactive_wrong_type_string_for_boolean_9a696767.hurl deleted file mode 100644 index 2a499de..0000000 --- a/cases/api_admin_users_id_put_invalid_isactive_wrong_type_string_for_boolean_9a696767.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/users/{id} - invalid isActive: wrong type (string for boolean) ── -# case_id=TC-9a696767 -# case_name=PUT /api/admin/users/{id} - invalid isActive: wrong type (string for boolean) -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P2 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": "not_a_boolean", - "role": "super_admin" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_users_id_put_invalid_role_value_not_in_enum_be8b477d.hurl b/cases/api_admin_users_id_put_invalid_role_value_not_in_enum_be8b477d.hurl deleted file mode 100644 index 5f2fb8a..0000000 --- a/cases/api_admin_users_id_put_invalid_role_value_not_in_enum_be8b477d.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/users/{id} - invalid role: value not in enum ── -# case_id=TC-be8b477d -# case_name=PUT /api/admin/users/{id} - invalid role: value not in enum -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P2 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": true, - "role": "__invalid_enum__" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_users_id_put_isactive_false_307b2101.hurl b/cases/api_admin_users_id_put_isactive_false_307b2101.hurl deleted file mode 100644 index 1ddcd12..0000000 --- a/cases/api_admin_users_id_put_isactive_false_307b2101.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/users/{id} - isActive = false ── -# case_id=TC-307b2101 -# case_name=PUT /api/admin/users/{id} - isActive = false -# step_id=step-main -# step_type=test -# technique=decision_table -# priority=P1 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": false, - "role": "team_member" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_users_id_put_isactive_true_920617a8.hurl b/cases/api_admin_users_id_put_isactive_true_920617a8.hurl deleted file mode 100644 index e689f1e..0000000 --- a/cases/api_admin_users_id_put_isactive_true_920617a8.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/users/{id} - isActive = true ── -# case_id=TC-920617a8 -# case_name=PUT /api/admin/users/{id} - isActive = true -# step_id=step-main -# step_type=test -# technique=decision_table -# priority=P1 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": true, - "role": "super_admin" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_users_id_put_mass_assignment_financial_probe_9e2cf67b.hurl b/cases/api_admin_users_id_put_mass_assignment_financial_probe_9e2cf67b.hurl deleted file mode 100644 index 55d8fae..0000000 --- a/cases/api_admin_users_id_put_mass_assignment_financial_probe_9e2cf67b.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PUT /api/admin/users/{id} - [mass_assignment] financial probe ── -# case_id=TC-9e2cf67b -# case_name=PUT /api/admin/users/{id} - [mass_assignment] financial probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "balance": 1, - "credits": 1, - "discount": 0, - "isActive": true, - "price": 1, - "role": "super_admin" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_users_id_put_mass_assignment_identity_probe_4fb556e6.hurl b/cases/api_admin_users_id_put_mass_assignment_identity_probe_4fb556e6.hurl deleted file mode 100644 index 53016b2..0000000 --- a/cases/api_admin_users_id_put_mass_assignment_identity_probe_4fb556e6.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PUT /api/admin/users/{id} - [mass_assignment] identity probe ── -# case_id=TC-4fb556e6 -# case_name=PUT /api/admin/users/{id} - [mass_assignment] identity probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "createdBy": "__probe__", - "isActive": true, - "ownerId": "__probe__", - "role": "super_admin", - "userId": "__probe__", - "user_id": "__probe__" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_users_id_put_mass_assignment_privilege_probe_a6a6cd31.hurl b/cases/api_admin_users_id_put_mass_assignment_privilege_probe_a6a6cd31.hurl deleted file mode 100644 index dd3d9c1..0000000 --- a/cases/api_admin_users_id_put_mass_assignment_privilege_probe_a6a6cd31.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/users/{id} - [mass_assignment] privilege probe ── -# case_id=TC-a6a6cd31 -# case_name=PUT /api/admin/users/{id} - [mass_assignment] privilege probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "admin": true, - "isActive": true, - "isAdmin": true, - "is_admin": true, - "role": "__probe__" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_users_id_put_mass_assignment_status_probe_1054f864.hurl b/cases/api_admin_users_id_put_mass_assignment_status_probe_1054f864.hurl deleted file mode 100644 index d4c4a06..0000000 --- a/cases/api_admin_users_id_put_mass_assignment_status_probe_1054f864.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PUT /api/admin/users/{id} - [mass_assignment] status probe ── -# case_id=TC-1054f864 -# case_name=PUT /api/admin/users/{id} - [mass_assignment] status probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "approved": true, - "banned": false, - "disabled": false, - "isActive": true, - "role": "super_admin", - "verified": true -} -``` - -HTTP 400 - diff --git a/cases/api_admin_users_id_put_missing_required_param_id_fe77f880.hurl b/cases/api_admin_users_id_put_missing_required_param_id_fe77f880.hurl deleted file mode 100644 index bfe5316..0000000 --- a/cases/api_admin_users_id_put_missing_required_param_id_fe77f880.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── PUT /api/admin/users/{id} - missing required param "id" ── -# case_id=TC-fe77f880 -# case_name=PUT /api/admin/users/{id} - missing required param "id" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -PUT {{base_url}}/api/admin/users/1 - -HTTP 422 - diff --git a/cases/api_admin_users_id_put_mutation_isactive_integer_instead_of_boolean_56c3f6cc.hurl b/cases/api_admin_users_id_put_mutation_isactive_integer_instead_of_boolean_56c3f6cc.hurl deleted file mode 100644 index 0f3de0e..0000000 --- a/cases/api_admin_users_id_put_mutation_isactive_integer_instead_of_boolean_56c3f6cc.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PUT /api/admin/users/{id} - mutation: isActive integer instead of boolean ── -# case_id=TC-56c3f6cc -# case_name=PUT /api/admin/users/{id} - mutation: isActive integer instead of boolean -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": 1, - "role": "super_admin" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_users_id_put_mutation_isactive_null_value_48706298.hurl b/cases/api_admin_users_id_put_mutation_isactive_null_value_48706298.hurl deleted file mode 100644 index 055b2b5..0000000 --- a/cases/api_admin_users_id_put_mutation_isactive_null_value_48706298.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PUT /api/admin/users/{id} - mutation: isActive null value ── -# case_id=TC-48706298 -# case_name=PUT /api/admin/users/{id} - mutation: isActive null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": null, - "role": "super_admin" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_users_id_put_mutation_isactive_string_instead_of_boolean_c83a8b69.hurl b/cases/api_admin_users_id_put_mutation_isactive_string_instead_of_boolean_c83a8b69.hurl deleted file mode 100644 index ea4b56f..0000000 --- a/cases/api_admin_users_id_put_mutation_isactive_string_instead_of_boolean_c83a8b69.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PUT /api/admin/users/{id} - mutation: isActive string instead of boolean ── -# case_id=TC-c83a8b69 -# case_name=PUT /api/admin/users/{id} - mutation: isActive string instead of boolean -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": "yes", - "role": "super_admin" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_users_id_put_mutation_role_empty_string_f4802a98.hurl b/cases/api_admin_users_id_put_mutation_role_empty_string_f4802a98.hurl deleted file mode 100644 index 2ecaad1..0000000 --- a/cases/api_admin_users_id_put_mutation_role_empty_string_f4802a98.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PUT /api/admin/users/{id} - mutation: role empty string ── -# case_id=TC-f4802a98 -# case_name=PUT /api/admin/users/{id} - mutation: role empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": false, - "role": "" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_users_id_put_mutation_role_integer_instead_of_string_1d2d0cbd.hurl b/cases/api_admin_users_id_put_mutation_role_integer_instead_of_string_1d2d0cbd.hurl deleted file mode 100644 index beb566a..0000000 --- a/cases/api_admin_users_id_put_mutation_role_integer_instead_of_string_1d2d0cbd.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PUT /api/admin/users/{id} - mutation: role integer instead of string ── -# case_id=TC-1d2d0cbd -# case_name=PUT /api/admin/users/{id} - mutation: role integer instead of string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": false, - "role": 12345 -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_users_id_put_mutation_role_null_value_091acd05.hurl b/cases/api_admin_users_id_put_mutation_role_null_value_091acd05.hurl deleted file mode 100644 index d0e6a39..0000000 --- a/cases/api_admin_users_id_put_mutation_role_null_value_091acd05.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PUT /api/admin/users/{id} - mutation: role null value ── -# case_id=TC-091acd05 -# case_name=PUT /api/admin/users/{id} - mutation: role null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": false, - "role": null -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_users_id_put_mutation_role_oversized_string_300_chars_786de8b3.hurl b/cases/api_admin_users_id_put_mutation_role_oversized_string_300_chars_786de8b3.hurl deleted file mode 100644 index cfaa166..0000000 --- a/cases/api_admin_users_id_put_mutation_role_oversized_string_300_chars_786de8b3.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PUT /api/admin/users/{id} - mutation: role oversized string (300 chars) ── -# case_id=TC-786de8b3 -# case_name=PUT /api/admin/users/{id} - mutation: role oversized string (300 chars) -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": false, - "role": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_users_id_put_null_injection_isactive_c8deaf48.hurl b/cases/api_admin_users_id_put_null_injection_isactive_c8deaf48.hurl deleted file mode 100644 index 5ceb90f..0000000 --- a/cases/api_admin_users_id_put_null_injection_isactive_c8deaf48.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/users/{id} - null injection: isActive ── -# case_id=TC-c8deaf48 -# case_name=PUT /api/admin/users/{id} - null injection: isActive -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": null, - "role": "super_admin" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_users_id_put_null_injection_role_e890383a.hurl b/cases/api_admin_users_id_put_null_injection_role_e890383a.hurl deleted file mode 100644 index 2a28479..0000000 --- a/cases/api_admin_users_id_put_null_injection_role_e890383a.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/users/{id} - null injection: role ── -# case_id=TC-e890383a -# case_name=PUT /api/admin/users/{id} - null injection: role -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": false, - "role": null -} -``` - -HTTP 422 - diff --git a/cases/api_admin_users_id_put_owasp_api1_bola_unauthorized_access_91b47863.hurl b/cases/api_admin_users_id_put_owasp_api1_bola_unauthorized_access_91b47863.hurl deleted file mode 100644 index 8d9b3b8..0000000 --- a/cases/api_admin_users_id_put_owasp_api1_bola_unauthorized_access_91b47863.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API1] PUT /api/admin/users/{id} — BOLA unauthorized access ── -# case_id=TC-91b47863 -# case_name=[OWASP-API1] PUT /api/admin/users/{id} — BOLA unauthorized access -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/users/{{other_resource_id}} - -HTTP 403 - diff --git a/cases/api_admin_users_id_put_owasp_api2_broken_authentication_3552a6c6.hurl b/cases/api_admin_users_id_put_owasp_api2_broken_authentication_3552a6c6.hurl deleted file mode 100644 index 6f73ef5..0000000 --- a/cases/api_admin_users_id_put_owasp_api2_broken_authentication_3552a6c6.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] PUT /api/admin/users/{id} — broken authentication ── -# case_id=TC-3552a6c6 -# case_name=[OWASP-API2] PUT /api/admin/users/{id} — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/users/{id} - -HTTP 401 - diff --git a/cases/api_admin_users_id_put_owasp_api3_bopla_property_level_access_4ae5244a.hurl b/cases/api_admin_users_id_put_owasp_api3_bopla_property_level_access_4ae5244a.hurl deleted file mode 100644 index f8d2e1a..0000000 --- a/cases/api_admin_users_id_put_owasp_api3_bopla_property_level_access_4ae5244a.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── [OWASP-API3] PUT /api/admin/users/{id} — BOPLA property-level access ── -# case_id=TC-4ae5244a -# case_name=[OWASP-API3] PUT /api/admin/users/{id} — BOPLA property-level access -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": true, - "is_admin": true, - "role": "admin" -} -``` - -HTTP 200 - -[Asserts] -jsonpath "$.is_admin" != true -jsonpath "$.role" != "admin" - diff --git a/cases/api_admin_users_id_put_owasp_api5_function_level_authorization_missing_8f0d7884.hurl b/cases/api_admin_users_id_put_owasp_api5_function_level_authorization_missing_8f0d7884.hurl deleted file mode 100644 index 2490995..0000000 --- a/cases/api_admin_users_id_put_owasp_api5_function_level_authorization_missing_8f0d7884.hurl +++ /dev/null @@ -1,13 +0,0 @@ -# ── [OWASP-API5] PUT /api/admin/users/{id} — function-level authorization missing ── -# case_id=TC-8f0d7884 -# case_name=[OWASP-API5] PUT /api/admin/users/{id} — function-level authorization missing -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -PUT {{base_url}}/api/admin/users/{id} -Authorization: Bearer {{user_token}} - -HTTP 403 - diff --git a/cases/api_admin_users_id_put_owasp_api6_mass_assignment_38dd166b.hurl b/cases/api_admin_users_id_put_owasp_api6_mass_assignment_38dd166b.hurl deleted file mode 100644 index 9cd2e00..0000000 --- a/cases/api_admin_users_id_put_owasp_api6_mass_assignment_38dd166b.hurl +++ /dev/null @@ -1,27 +0,0 @@ -# ── [OWASP-API6] PUT /api/admin/users/{id} — mass assignment ── -# case_id=TC-38dd166b -# case_name=[OWASP-API6] PUT /api/admin/users/{id} — mass assignment -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "createdAt": "2000-01-01T00:00:00Z", - "id": 99999, - "isActive": false, - "role": "team_member", - "updatedAt": "2000-01-01T00:00:00Z" -} -``` - -HTTP 200 - -[Asserts] -jsonpath "$.id" != 99999 -jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" -jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" - diff --git a/cases/api_admin_users_id_put_owasp_api7_injection_path_traversal_e9f5a9c9.hurl b/cases/api_admin_users_id_put_owasp_api7_injection_path_traversal_e9f5a9c9.hurl deleted file mode 100644 index 6d46993..0000000 --- a/cases/api_admin_users_id_put_owasp_api7_injection_path_traversal_e9f5a9c9.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] PUT /api/admin/users/{id} — injection (path-traversal) ── -# case_id=TC-e9f5a9c9 -# case_name=[OWASP-API7] PUT /api/admin/users/{id} — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/users/..%2F..%2F..%2Fetc%2Fpasswd -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_users_id_put_owasp_api7_injection_sqli_c653b26d.hurl b/cases/api_admin_users_id_put_owasp_api7_injection_sqli_c653b26d.hurl deleted file mode 100644 index a7d0478..0000000 --- a/cases/api_admin_users_id_put_owasp_api7_injection_sqli_c653b26d.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] PUT /api/admin/users/{id} — injection (sqli) ── -# case_id=TC-c653b26d -# case_name=[OWASP-API7] PUT /api/admin/users/{id} — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/users/%27%20OR%201=1-- -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_users_id_put_owasp_api7_injection_xss_51b9a625.hurl b/cases/api_admin_users_id_put_owasp_api7_injection_xss_51b9a625.hurl deleted file mode 100644 index 16facc6..0000000 --- a/cases/api_admin_users_id_put_owasp_api7_injection_xss_51b9a625.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] PUT /api/admin/users/{id} — injection (xss) ── -# case_id=TC-51b9a625 -# case_name=[OWASP-API7] PUT /api/admin/users/{id} — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PUT {{base_url}}/api/admin/users/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_users_id_put_role_guest_d671319d.hurl b/cases/api_admin_users_id_put_role_guest_d671319d.hurl deleted file mode 100644 index c83ecdb..0000000 --- a/cases/api_admin_users_id_put_role_guest_d671319d.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/users/{id} - role = guest ── -# case_id=TC-d671319d -# case_name=PUT /api/admin/users/{id} - role = guest -# step_id=step-main -# step_type=test -# technique=decision_table -# priority=P1 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": false, - "role": "guest" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_users_id_put_role_super_admin_72c28c85.hurl b/cases/api_admin_users_id_put_role_super_admin_72c28c85.hurl deleted file mode 100644 index 5d7daf3..0000000 --- a/cases/api_admin_users_id_put_role_super_admin_72c28c85.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/users/{id} - role = super_admin ── -# case_id=TC-72c28c85 -# case_name=PUT /api/admin/users/{id} - role = super_admin -# step_id=step-main -# step_type=test -# technique=decision_table -# priority=P1 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": false, - "role": "super_admin" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_users_id_put_role_team_member_c19312b9.hurl b/cases/api_admin_users_id_put_role_team_member_c19312b9.hurl deleted file mode 100644 index ff75088..0000000 --- a/cases/api_admin_users_id_put_role_team_member_c19312b9.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/users/{id} - role = team_member ── -# case_id=TC-c19312b9 -# case_name=PUT /api/admin/users/{id} - role = team_member -# step_id=step-main -# step_type=test -# technique=decision_table -# priority=P1 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": false, - "role": "team_member" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_users_id_put_role_team_owner_c8807eae.hurl b/cases/api_admin_users_id_put_role_team_owner_c8807eae.hurl deleted file mode 100644 index 160e0e0..0000000 --- a/cases/api_admin_users_id_put_role_team_owner_c8807eae.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── PUT /api/admin/users/{id} - role = team_owner ── -# case_id=TC-c8807eae -# case_name=PUT /api/admin/users/{id} - role = team_owner -# step_id=step-main -# step_type=test -# technique=decision_table -# priority=P1 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": true, - "role": "team_owner" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_users_id_put_schema_violation_isactive_wrong_type_891572b6.hurl b/cases/api_admin_users_id_put_schema_violation_isactive_wrong_type_891572b6.hurl deleted file mode 100644 index 60c0056..0000000 --- a/cases/api_admin_users_id_put_schema_violation_isactive_wrong_type_891572b6.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/users/{id} - [schema_violation] isActive_wrong_type ── -# case_id=TC-891572b6 -# case_name=PUT /api/admin/users/{id} - [schema_violation] isActive_wrong_type -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": "not_a_boolean", - "role": "team_owner" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_users_id_put_schema_violation_role_invalid_enum_3765a2be.hurl b/cases/api_admin_users_id_put_schema_violation_role_invalid_enum_3765a2be.hurl deleted file mode 100644 index d78e2f6..0000000 --- a/cases/api_admin_users_id_put_schema_violation_role_invalid_enum_3765a2be.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/users/{id} - [schema_violation] role_invalid_enum ── -# case_id=TC-3765a2be -# case_name=PUT /api/admin/users/{id} - [schema_violation] role_invalid_enum -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": true, - "role": "__invalid__" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_users_id_put_type_coercion_isactive_wrong_type_integer_308337db.hurl b/cases/api_admin_users_id_put_type_coercion_isactive_wrong_type_integer_308337db.hurl deleted file mode 100644 index 20e0298..0000000 --- a/cases/api_admin_users_id_put_type_coercion_isactive_wrong_type_integer_308337db.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/users/{id} - [type_coercion] isActive wrong_type_integer ── -# case_id=TC-308337db -# case_name=PUT /api/admin/users/{id} - [type_coercion] isActive wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": 1, - "role": "super_admin" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_users_id_put_type_coercion_isactive_wrong_type_string_4a329fab.hurl b/cases/api_admin_users_id_put_type_coercion_isactive_wrong_type_string_4a329fab.hurl deleted file mode 100644 index aa1d226..0000000 --- a/cases/api_admin_users_id_put_type_coercion_isactive_wrong_type_string_4a329fab.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/users/{id} - [type_coercion] isActive wrong_type_string ── -# case_id=TC-4a329fab -# case_name=PUT /api/admin/users/{id} - [type_coercion] isActive wrong_type_string -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": "not_a_boolean", - "role": "super_admin" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_users_id_put_type_coercion_role_wrong_type_boolean_c4d77768.hurl b/cases/api_admin_users_id_put_type_coercion_role_wrong_type_boolean_c4d77768.hurl deleted file mode 100644 index 5aca29f..0000000 --- a/cases/api_admin_users_id_put_type_coercion_role_wrong_type_boolean_c4d77768.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/users/{id} - [type_coercion] role wrong_type_boolean ── -# case_id=TC-c4d77768 -# case_name=PUT /api/admin/users/{id} - [type_coercion] role wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": false, - "role": true -} -``` - -HTTP 422 - diff --git a/cases/api_admin_users_id_put_type_coercion_role_wrong_type_integer_60c61680.hurl b/cases/api_admin_users_id_put_type_coercion_role_wrong_type_integer_60c61680.hurl deleted file mode 100644 index b2ac718..0000000 --- a/cases/api_admin_users_id_put_type_coercion_role_wrong_type_integer_60c61680.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/users/{id} - [type_coercion] role wrong_type_integer ── -# case_id=TC-60c61680 -# case_name=PUT /api/admin/users/{id} - [type_coercion] role wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": false, - "role": 123 -} -``` - -HTTP 422 - diff --git a/cases/api_admin_users_id_put_unicode_fuzzing_role_bidi_override_a2217373.hurl b/cases/api_admin_users_id_put_unicode_fuzzing_role_bidi_override_a2217373.hurl deleted file mode 100644 index a132704..0000000 --- a/cases/api_admin_users_id_put_unicode_fuzzing_role_bidi_override_a2217373.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/users/{id} - [unicode_fuzzing] role bidi_override ── -# case_id=TC-a2217373 -# case_name=PUT /api/admin/users/{id} - [unicode_fuzzing] role bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": false, - "role": "‮hello" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_users_id_put_unicode_fuzzing_role_control_char_be44c91e.hurl b/cases/api_admin_users_id_put_unicode_fuzzing_role_control_char_be44c91e.hurl deleted file mode 100644 index ee4cafd..0000000 --- a/cases/api_admin_users_id_put_unicode_fuzzing_role_control_char_be44c91e.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/users/{id} - [unicode_fuzzing] role control_char ── -# case_id=TC-be44c91e -# case_name=PUT /api/admin/users/{id} - [unicode_fuzzing] role control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": false, - "role": "hello\u0000world" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_users_id_put_unicode_fuzzing_role_overlong_4c95b987.hurl b/cases/api_admin_users_id_put_unicode_fuzzing_role_overlong_4c95b987.hurl deleted file mode 100644 index 53df495..0000000 --- a/cases/api_admin_users_id_put_unicode_fuzzing_role_overlong_4c95b987.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/users/{id} - [unicode_fuzzing] role overlong ── -# case_id=TC-4c95b987 -# case_name=PUT /api/admin/users/{id} - [unicode_fuzzing] role overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": false, - "role": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_users_id_put_unicode_fuzzing_role_zalgo_d015a170.hurl b/cases/api_admin_users_id_put_unicode_fuzzing_role_zalgo_d015a170.hurl deleted file mode 100644 index e797bc5..0000000 --- a/cases/api_admin_users_id_put_unicode_fuzzing_role_zalgo_d015a170.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/users/{id} - [unicode_fuzzing] role zalgo ── -# case_id=TC-d015a170 -# case_name=PUT /api/admin/users/{id} - [unicode_fuzzing] role zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": false, - "role": "z̀́̂̃̄̅̆̇a" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_users_id_put_unicode_fuzzing_role_zero_width_b1e60615.hurl b/cases/api_admin_users_id_put_unicode_fuzzing_role_zero_width_b1e60615.hurl deleted file mode 100644 index 15006e4..0000000 --- a/cases/api_admin_users_id_put_unicode_fuzzing_role_zero_width_b1e60615.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/users/{id} - [unicode_fuzzing] role zero_width ── -# case_id=TC-b1e60615 -# case_name=PUT /api/admin/users/{id} - [unicode_fuzzing] role zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": false, - "role": "​hello" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_users_id_put_valid_request_with_all_required_fields_d7979f2a.hurl b/cases/api_admin_users_id_put_valid_request_with_all_required_fields_d7979f2a.hurl deleted file mode 100644 index def37f1..0000000 --- a/cases/api_admin_users_id_put_valid_request_with_all_required_fields_d7979f2a.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PUT /api/admin/users/{id} - valid request with all required fields ── -# case_id=TC-d7979f2a -# case_name=PUT /api/admin/users/{id} - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: application/json -```json -{ - "isActive": true, - "role": "team_owner" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.ok" exists - diff --git a/cases/api_admin_users_id_put_wrong_content_type_text_plain_69ba511c.hurl b/cases/api_admin_users_id_put_wrong_content_type_text_plain_69ba511c.hurl deleted file mode 100644 index cdc2a43..0000000 --- a/cases/api_admin_users_id_put_wrong_content_type_text_plain_69ba511c.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── PUT /api/admin/users/{id} - wrong content-type (text/plain) ── -# case_id=TC-69ba511c -# case_name=PUT /api/admin/users/{id} - wrong content-type (text/plain) -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -PUT {{base_url}}/api/admin/users/{id} -Content-Type: text/plain -```json -{ - "isActive": false, - "role": "super_admin" -} -``` - -HTTP 415 - diff --git a/cases/api_admin_users_options_owasp_api8_cors_security_configuration_d0d06277.hurl b/cases/api_admin_users_options_owasp_api8_cors_security_configuration_d0d06277.hurl deleted file mode 100644 index 20ad14c..0000000 --- a/cases/api_admin_users_options_owasp_api8_cors_security_configuration_d0d06277.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/admin/users — CORS security configuration ── -# case_id=TC-d0d06277 -# case_name=[OWASP-API8] OPTIONS /api/admin/users — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/admin/users -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_admin_webhooks_get_auth_chain_c741d9e1.hurl b/cases/api_admin_webhooks_get_auth_chain_c741d9e1.hurl deleted file mode 100644 index 70a5099..0000000 --- a/cases/api_admin_webhooks_get_auth_chain_c741d9e1.hurl +++ /dev/null @@ -1,44 +0,0 @@ -# ══════════════════════════════════════════════════ -# auth chain: GET /api/admin/webhooks -# case_id=TC-c741d9e1 -# case_name=auth chain: GET /api/admin/webhooks -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── authenticate via POST /api/tokens [setup] ── -# step_id=step-auth -# step_type=setup -# title=authenticate via POST /api/tokens - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Jakob Jensen", - "scope": "write" -} -``` - -HTTP * - -[Captures] -authToken: jsonpath "$.token" - -[Asserts] -status < 300 - -# ── GET /api/admin/webhooks with auth token [test] ── -# step_id=step-test -# step_type=test -# title=GET /api/admin/webhooks with auth token -# depends_on=step-auth - -GET {{base_url}}/api/admin/webhooks -Authorization: Bearer {{authToken}} - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_webhooks_get_owasp_api2_broken_authentication_ec46e5a8.hurl b/cases/api_admin_webhooks_get_owasp_api2_broken_authentication_ec46e5a8.hurl deleted file mode 100644 index 0b9eb95..0000000 --- a/cases/api_admin_webhooks_get_owasp_api2_broken_authentication_ec46e5a8.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] GET /api/admin/webhooks — broken authentication ── -# case_id=TC-ec46e5a8 -# case_name=[OWASP-API2] GET /api/admin/webhooks — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/admin/webhooks - -HTTP 401 - diff --git a/cases/api_admin_webhooks_get_owasp_api5_function_level_authorization_missing_a2ef426c.hurl b/cases/api_admin_webhooks_get_owasp_api5_function_level_authorization_missing_a2ef426c.hurl deleted file mode 100644 index 7f42fcc..0000000 --- a/cases/api_admin_webhooks_get_owasp_api5_function_level_authorization_missing_a2ef426c.hurl +++ /dev/null @@ -1,13 +0,0 @@ -# ── [OWASP-API5] GET /api/admin/webhooks — function-level authorization missing ── -# case_id=TC-a2ef426c -# case_name=[OWASP-API5] GET /api/admin/webhooks — function-level authorization missing -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -GET {{base_url}}/api/admin/webhooks -Authorization: Bearer {{user_token}} - -HTTP 403 - diff --git a/cases/api_admin_webhooks_get_valid_request_with_all_required_fields_c3e5fa48.hurl b/cases/api_admin_webhooks_get_valid_request_with_all_required_fields_c3e5fa48.hurl deleted file mode 100644 index a223002..0000000 --- a/cases/api_admin_webhooks_get_valid_request_with_all_required_fields_c3e5fa48.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── GET /api/admin/webhooks - valid request with all required fields ── -# case_id=TC-c3e5fa48 -# case_name=GET /api/admin/webhooks - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -GET {{base_url}}/api/admin/webhooks - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.webhooks" exists - diff --git a/cases/api_admin_webhooks_id_delete_idempotent_second_call_must_be_safe_854a404a.hurl b/cases/api_admin_webhooks_id_delete_idempotent_second_call_must_be_safe_854a404a.hurl deleted file mode 100644 index fab2ffe..0000000 --- a/cases/api_admin_webhooks_id_delete_idempotent_second_call_must_be_safe_854a404a.hurl +++ /dev/null @@ -1,33 +0,0 @@ -# ══════════════════════════════════════════════════ -# DELETE /api/admin/webhooks/:id - idempotent: second call must be safe -# case_id=TC-854a404a -# case_name=DELETE /api/admin/webhooks/:id - idempotent: second call must be safe -# case_kind=chain -# priority=P2 -# ══════════════════════════════════════════════════ - -# ── DELETE /api/admin/webhooks/:id — first call [setup] ── -# step_id=step-setup -# step_type=setup -# title=DELETE /api/admin/webhooks/:id — first call - -DELETE {{base_url}}/api/admin/webhooks/:id - -HTTP 204 - -[Asserts] -duration < 2000 - -# ── DELETE /api/admin/webhooks/:id — identical second call must be safe [test] ── -# step_id=step-test -# step_type=test -# title=DELETE /api/admin/webhooks/:id — identical second call must be safe -# depends_on=step-setup - -DELETE {{base_url}}/api/admin/webhooks/:id - -HTTP 204 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_webhooks_id_delete_idor_id_00000000_0000_0000_0000_000000000000_nil_uu_2c9e3616.hurl b/cases/api_admin_webhooks_id_delete_idor_id_00000000_0000_0000_0000_000000000000_nil_uu_2c9e3616.hurl deleted file mode 100644 index 27ef2a4..0000000 --- a/cases/api_admin_webhooks_id_delete_idor_id_00000000_0000_0000_0000_000000000000_nil_uu_2c9e3616.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── DELETE /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid) ── -# case_id=TC-2c9e3616 -# case_name=DELETE /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -DELETE {{base_url}}/api/admin/webhooks/:id - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_id_delete_idor_id_00000000_0000_0000_0000_000000000001_alt_uu_101b67d9.hurl b/cases/api_admin_webhooks_id_delete_idor_id_00000000_0000_0000_0000_000000000001_alt_uu_101b67d9.hurl deleted file mode 100644 index f477c57..0000000 --- a/cases/api_admin_webhooks_id_delete_idor_id_00000000_0000_0000_0000_000000000001_alt_uu_101b67d9.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── DELETE /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid) ── -# case_id=TC-101b67d9 -# case_name=DELETE /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -DELETE {{base_url}}/api/admin/webhooks/:id - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_id_delete_missing_required_param_id_25ba00ae.hurl b/cases/api_admin_webhooks_id_delete_missing_required_param_id_25ba00ae.hurl deleted file mode 100644 index c7ea259..0000000 --- a/cases/api_admin_webhooks_id_delete_missing_required_param_id_25ba00ae.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── DELETE /api/admin/webhooks/:id - missing required param "id" ── -# case_id=TC-25ba00ae -# case_name=DELETE /api/admin/webhooks/:id - missing required param "id" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -DELETE {{base_url}}/api/admin/webhooks/:id - -HTTP 422 - diff --git a/cases/api_admin_webhooks_id_delete_owasp_api2_broken_authentication_23cf0c86.hurl b/cases/api_admin_webhooks_id_delete_owasp_api2_broken_authentication_23cf0c86.hurl deleted file mode 100644 index d8bd1cb..0000000 --- a/cases/api_admin_webhooks_id_delete_owasp_api2_broken_authentication_23cf0c86.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] DELETE /api/admin/webhooks/:id — broken authentication ── -# case_id=TC-23cf0c86 -# case_name=[OWASP-API2] DELETE /api/admin/webhooks/:id — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/webhooks/:id - -HTTP 401 - diff --git a/cases/api_admin_webhooks_id_delete_owasp_api5_function_level_authorization_missing_01a13cd8.hurl b/cases/api_admin_webhooks_id_delete_owasp_api5_function_level_authorization_missing_01a13cd8.hurl deleted file mode 100644 index b906b97..0000000 --- a/cases/api_admin_webhooks_id_delete_owasp_api5_function_level_authorization_missing_01a13cd8.hurl +++ /dev/null @@ -1,13 +0,0 @@ -# ── [OWASP-API5] DELETE /api/admin/webhooks/:id — function-level authorization missing ── -# case_id=TC-01a13cd8 -# case_name=[OWASP-API5] DELETE /api/admin/webhooks/:id — function-level authorization missing -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -DELETE {{base_url}}/api/admin/webhooks/:id -Authorization: Bearer {{user_token}} - -HTTP 403 - diff --git a/cases/api_admin_webhooks_id_delete_owasp_api7_injection_path_traversal_bdc77229.hurl b/cases/api_admin_webhooks_id_delete_owasp_api7_injection_path_traversal_bdc77229.hurl deleted file mode 100644 index f5fc775..0000000 --- a/cases/api_admin_webhooks_id_delete_owasp_api7_injection_path_traversal_bdc77229.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] DELETE /api/admin/webhooks/:id — injection (path-traversal) ── -# case_id=TC-bdc77229 -# case_name=[OWASP-API7] DELETE /api/admin/webhooks/:id — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/webhooks/:id -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_delete_owasp_api7_injection_sqli_7e499729.hurl b/cases/api_admin_webhooks_id_delete_owasp_api7_injection_sqli_7e499729.hurl deleted file mode 100644 index 565b522..0000000 --- a/cases/api_admin_webhooks_id_delete_owasp_api7_injection_sqli_7e499729.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] DELETE /api/admin/webhooks/:id — injection (sqli) ── -# case_id=TC-7e499729 -# case_name=[OWASP-API7] DELETE /api/admin/webhooks/:id — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/webhooks/:id -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_delete_owasp_api7_injection_xss_06da467b.hurl b/cases/api_admin_webhooks_id_delete_owasp_api7_injection_xss_06da467b.hurl deleted file mode 100644 index 6e0c7cc..0000000 --- a/cases/api_admin_webhooks_id_delete_owasp_api7_injection_xss_06da467b.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] DELETE /api/admin/webhooks/:id — injection (xss) ── -# case_id=TC-06da467b -# case_name=[OWASP-API7] DELETE /api/admin/webhooks/:id — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/admin/webhooks/:id -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_delete_valid_request_with_all_required_fields_f50edea5.hurl b/cases/api_admin_webhooks_id_delete_valid_request_with_all_required_fields_f50edea5.hurl deleted file mode 100644 index 4f62245..0000000 --- a/cases/api_admin_webhooks_id_delete_valid_request_with_all_required_fields_f50edea5.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── DELETE /api/admin/webhooks/:id - valid request with all required fields ── -# case_id=TC-f50edea5 -# case_name=DELETE /api/admin/webhooks/:id - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -DELETE {{base_url}}/api/admin/webhooks/:id - -HTTP 204 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_webhooks_id_options_owasp_api8_cors_security_configuration_c34b22b5.hurl b/cases/api_admin_webhooks_id_options_owasp_api8_cors_security_configuration_c34b22b5.hurl deleted file mode 100644 index ddb2a0f..0000000 --- a/cases/api_admin_webhooks_id_options_owasp_api8_cors_security_configuration_c34b22b5.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/admin/webhooks/:id — CORS security configuration ── -# case_id=TC-c34b22b5 -# case_name=[OWASP-API8] OPTIONS /api/admin/webhooks/:id — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/admin/webhooks/:id -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_admin_webhooks_id_patch_idor_id_00000000_0000_0000_0000_000000000000_nil_uui_93edf6a3.hurl b/cases/api_admin_webhooks_id_patch_idor_id_00000000_0000_0000_0000_000000000000_nil_uui_93edf6a3.hurl deleted file mode 100644 index cebad17..0000000 --- a/cases/api_admin_webhooks_id_patch_idor_id_00000000_0000_0000_0000_000000000000_nil_uui_93edf6a3.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid) ── -# case_id=TC-93edf6a3 -# case_name=PATCH /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -PATCH {{base_url}}/api/admin/webhooks/:id - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_id_patch_idor_id_00000000_0000_0000_0000_000000000001_alt_uui_e5555fc8.hurl b/cases/api_admin_webhooks_id_patch_idor_id_00000000_0000_0000_0000_000000000001_alt_uui_e5555fc8.hurl deleted file mode 100644 index c8c616a..0000000 --- a/cases/api_admin_webhooks_id_patch_idor_id_00000000_0000_0000_0000_000000000001_alt_uui_e5555fc8.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid) ── -# case_id=TC-e5555fc8 -# case_name=PATCH /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -PATCH {{base_url}}/api/admin/webhooks/:id - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_id_patch_invalid_isactive_wrong_type_string_for_boolean_fbeea8b1.hurl b/cases/api_admin_webhooks_id_patch_invalid_isactive_wrong_type_string_for_boolean_fbeea8b1.hurl deleted file mode 100644 index 284bd69..0000000 --- a/cases/api_admin_webhooks_id_patch_invalid_isactive_wrong_type_string_for_boolean_fbeea8b1.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - invalid isActive: wrong type (string for boolean) ── -# case_id=TC-fbeea8b1 -# case_name=PATCH /api/admin/webhooks/:id - invalid isActive: wrong type (string for boolean) -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "regularly" - ], - "isActive": "not_a_boolean", - "name": "Halle Lewis", - "url": "http://www.technicalschemas.com/web-enabled" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_id_patch_mass_assignment_financial_probe_ed85e04f.hurl b/cases/api_admin_webhooks_id_patch_mass_assignment_financial_probe_ed85e04f.hurl deleted file mode 100644 index 48943f9..0000000 --- a/cases/api_admin_webhooks_id_patch_mass_assignment_financial_probe_ed85e04f.hurl +++ /dev/null @@ -1,27 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - [mass_assignment] financial probe ── -# case_id=TC-ed85e04f -# case_name=PATCH /api/admin/webhooks/:id - [mass_assignment] financial probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "balance": 1, - "credits": 1, - "discount": 0, - "events": [ - "of" - ], - "isActive": false, - "name": "Nathaniel Yang", - "price": 1, - "url": "https://www.forwardinteractive.com/architect/reintermediate/user-centric" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_patch_mass_assignment_identity_probe_1274d148.hurl b/cases/api_admin_webhooks_id_patch_mass_assignment_identity_probe_1274d148.hurl deleted file mode 100644 index 4a9fe7c..0000000 --- a/cases/api_admin_webhooks_id_patch_mass_assignment_identity_probe_1274d148.hurl +++ /dev/null @@ -1,27 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - [mass_assignment] identity probe ── -# case_id=TC-1274d148 -# case_name=PATCH /api/admin/webhooks/:id - [mass_assignment] identity probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "createdBy": "__probe__", - "events": [ - "of" - ], - "isActive": false, - "name": "Nathaniel Yang", - "ownerId": "__probe__", - "url": "https://www.forwardinteractive.com/architect/reintermediate/user-centric", - "userId": "__probe__", - "user_id": "__probe__" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_patch_mass_assignment_privilege_probe_d0ddffec.hurl b/cases/api_admin_webhooks_id_patch_mass_assignment_privilege_probe_d0ddffec.hurl deleted file mode 100644 index d3110e7..0000000 --- a/cases/api_admin_webhooks_id_patch_mass_assignment_privilege_probe_d0ddffec.hurl +++ /dev/null @@ -1,27 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - [mass_assignment] privilege probe ── -# case_id=TC-d0ddffec -# case_name=PATCH /api/admin/webhooks/:id - [mass_assignment] privilege probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "admin": true, - "events": [ - "of" - ], - "isActive": false, - "isAdmin": true, - "is_admin": true, - "name": "Nathaniel Yang", - "role": "__probe__", - "url": "https://www.forwardinteractive.com/architect/reintermediate/user-centric" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_patch_mass_assignment_status_probe_16deab72.hurl b/cases/api_admin_webhooks_id_patch_mass_assignment_status_probe_16deab72.hurl deleted file mode 100644 index e13972b..0000000 --- a/cases/api_admin_webhooks_id_patch_mass_assignment_status_probe_16deab72.hurl +++ /dev/null @@ -1,27 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - [mass_assignment] status probe ── -# case_id=TC-16deab72 -# case_name=PATCH /api/admin/webhooks/:id - [mass_assignment] status probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "approved": true, - "banned": false, - "disabled": false, - "events": [ - "of" - ], - "isActive": false, - "name": "Nathaniel Yang", - "url": "https://www.forwardinteractive.com/architect/reintermediate/user-centric", - "verified": true -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_patch_missing_required_param_id_8a80112e.hurl b/cases/api_admin_webhooks_id_patch_missing_required_param_id_8a80112e.hurl deleted file mode 100644 index 0904de5..0000000 --- a/cases/api_admin_webhooks_id_patch_missing_required_param_id_8a80112e.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - missing required param "id" ── -# case_id=TC-8a80112e -# case_name=PATCH /api/admin/webhooks/:id - missing required param "id" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -PATCH {{base_url}}/api/admin/webhooks/:id - -HTTP 422 - diff --git a/cases/api_admin_webhooks_id_patch_mutation_events_null_value_2d09c873.hurl b/cases/api_admin_webhooks_id_patch_mutation_events_null_value_2d09c873.hurl deleted file mode 100644 index 848971b..0000000 --- a/cases/api_admin_webhooks_id_patch_mutation_events_null_value_2d09c873.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - mutation: events null value ── -# case_id=TC-2d09c873 -# case_name=PATCH /api/admin/webhooks/:id - mutation: events null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": null, - "isActive": false, - "name": "Kristin Burton", - "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_id_patch_mutation_events_object_instead_of_array_309789e7.hurl b/cases/api_admin_webhooks_id_patch_mutation_events_object_instead_of_array_309789e7.hurl deleted file mode 100644 index be11eb7..0000000 --- a/cases/api_admin_webhooks_id_patch_mutation_events_object_instead_of_array_309789e7.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - mutation: events object instead of array ── -# case_id=TC-309789e7 -# case_name=PATCH /api/admin/webhooks/:id - mutation: events object instead of array -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": {}, - "isActive": false, - "name": "Kristin Burton", - "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_id_patch_mutation_events_string_instead_of_array_9439ce9e.hurl b/cases/api_admin_webhooks_id_patch_mutation_events_string_instead_of_array_9439ce9e.hurl deleted file mode 100644 index 43b63b7..0000000 --- a/cases/api_admin_webhooks_id_patch_mutation_events_string_instead_of_array_9439ce9e.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - mutation: events string instead of array ── -# case_id=TC-9439ce9e -# case_name=PATCH /api/admin/webhooks/:id - mutation: events string instead of array -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": "not-an-array", - "isActive": false, - "name": "Kristin Burton", - "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_id_patch_mutation_isactive_integer_instead_of_boolean_161755de.hurl b/cases/api_admin_webhooks_id_patch_mutation_isactive_integer_instead_of_boolean_161755de.hurl deleted file mode 100644 index 8579ab9..0000000 --- a/cases/api_admin_webhooks_id_patch_mutation_isactive_integer_instead_of_boolean_161755de.hurl +++ /dev/null @@ -1,27 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - mutation: isActive integer instead of boolean ── -# case_id=TC-161755de -# case_name=PATCH /api/admin/webhooks/:id - mutation: isActive integer instead of boolean -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "might" - ], - "isActive": 1, - "name": "Kristin Burton", - "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_id_patch_mutation_isactive_null_value_c42eb537.hurl b/cases/api_admin_webhooks_id_patch_mutation_isactive_null_value_c42eb537.hurl deleted file mode 100644 index 0cab3c4..0000000 --- a/cases/api_admin_webhooks_id_patch_mutation_isactive_null_value_c42eb537.hurl +++ /dev/null @@ -1,27 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - mutation: isActive null value ── -# case_id=TC-c42eb537 -# case_name=PATCH /api/admin/webhooks/:id - mutation: isActive null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "might" - ], - "isActive": null, - "name": "Kristin Burton", - "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_id_patch_mutation_isactive_string_instead_of_boolean_be6cb74f.hurl b/cases/api_admin_webhooks_id_patch_mutation_isactive_string_instead_of_boolean_be6cb74f.hurl deleted file mode 100644 index f89160d..0000000 --- a/cases/api_admin_webhooks_id_patch_mutation_isactive_string_instead_of_boolean_be6cb74f.hurl +++ /dev/null @@ -1,27 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - mutation: isActive string instead of boolean ── -# case_id=TC-be6cb74f -# case_name=PATCH /api/admin/webhooks/:id - mutation: isActive string instead of boolean -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "might" - ], - "isActive": "yes", - "name": "Kristin Burton", - "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_id_patch_mutation_name_empty_string_48b3b8ee.hurl b/cases/api_admin_webhooks_id_patch_mutation_name_empty_string_48b3b8ee.hurl deleted file mode 100644 index d83f415..0000000 --- a/cases/api_admin_webhooks_id_patch_mutation_name_empty_string_48b3b8ee.hurl +++ /dev/null @@ -1,27 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - mutation: name empty string ── -# case_id=TC-48b3b8ee -# case_name=PATCH /api/admin/webhooks/:id - mutation: name empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "might" - ], - "isActive": false, - "name": "", - "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_id_patch_mutation_name_integer_instead_of_string_ec8ffbaa.hurl b/cases/api_admin_webhooks_id_patch_mutation_name_integer_instead_of_string_ec8ffbaa.hurl deleted file mode 100644 index a302fbf..0000000 --- a/cases/api_admin_webhooks_id_patch_mutation_name_integer_instead_of_string_ec8ffbaa.hurl +++ /dev/null @@ -1,27 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - mutation: name integer instead of string ── -# case_id=TC-ec8ffbaa -# case_name=PATCH /api/admin/webhooks/:id - mutation: name integer instead of string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "might" - ], - "isActive": false, - "name": 12345, - "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_id_patch_mutation_name_null_value_07005fc1.hurl b/cases/api_admin_webhooks_id_patch_mutation_name_null_value_07005fc1.hurl deleted file mode 100644 index fdc38bf..0000000 --- a/cases/api_admin_webhooks_id_patch_mutation_name_null_value_07005fc1.hurl +++ /dev/null @@ -1,27 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - mutation: name null value ── -# case_id=TC-07005fc1 -# case_name=PATCH /api/admin/webhooks/:id - mutation: name null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "might" - ], - "isActive": false, - "name": null, - "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_id_patch_mutation_name_oversized_string_300_chars_bc9e284b.hurl b/cases/api_admin_webhooks_id_patch_mutation_name_oversized_string_300_chars_bc9e284b.hurl deleted file mode 100644 index e502af0..0000000 --- a/cases/api_admin_webhooks_id_patch_mutation_name_oversized_string_300_chars_bc9e284b.hurl +++ /dev/null @@ -1,27 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - mutation: name oversized string (300 chars) ── -# case_id=TC-bc9e284b -# case_name=PATCH /api/admin/webhooks/:id - mutation: name oversized string (300 chars) -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "might" - ], - "isActive": false, - "name": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_id_patch_null_injection_events_e5f0413f.hurl b/cases/api_admin_webhooks_id_patch_null_injection_events_e5f0413f.hurl deleted file mode 100644 index 5a689f0..0000000 --- a/cases/api_admin_webhooks_id_patch_null_injection_events_e5f0413f.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - null injection: events ── -# case_id=TC-e5f0413f -# case_name=PATCH /api/admin/webhooks/:id - null injection: events -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": null, - "isActive": true, - "name": "Opal Deckow", - "url": "http://www.dynamicmarkets.net/vertical" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_id_patch_null_injection_isactive_f681cd0b.hurl b/cases/api_admin_webhooks_id_patch_null_injection_isactive_f681cd0b.hurl deleted file mode 100644 index 1752d62..0000000 --- a/cases/api_admin_webhooks_id_patch_null_injection_isactive_f681cd0b.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - null injection: isActive ── -# case_id=TC-f681cd0b -# case_name=PATCH /api/admin/webhooks/:id - null injection: isActive -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "aloof" - ], - "isActive": null, - "name": "Opal Deckow", - "url": "http://www.dynamicmarkets.net/vertical" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_id_patch_null_injection_name_abff0001.hurl b/cases/api_admin_webhooks_id_patch_null_injection_name_abff0001.hurl deleted file mode 100644 index a0f9736..0000000 --- a/cases/api_admin_webhooks_id_patch_null_injection_name_abff0001.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - null injection: name ── -# case_id=TC-abff0001 -# case_name=PATCH /api/admin/webhooks/:id - null injection: name -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "aloof" - ], - "isActive": true, - "name": null, - "url": "http://www.dynamicmarkets.net/vertical" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_id_patch_null_injection_url_6597f138.hurl b/cases/api_admin_webhooks_id_patch_null_injection_url_6597f138.hurl deleted file mode 100644 index c8f9a60..0000000 --- a/cases/api_admin_webhooks_id_patch_null_injection_url_6597f138.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - null injection: url ── -# case_id=TC-6597f138 -# case_name=PATCH /api/admin/webhooks/:id - null injection: url -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "aloof" - ], - "isActive": true, - "name": "Opal Deckow", - "url": null -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_id_patch_owasp_api10_ssrf_432c0bdd.hurl b/cases/api_admin_webhooks_id_patch_owasp_api10_ssrf_432c0bdd.hurl deleted file mode 100644 index 85f1258..0000000 --- a/cases/api_admin_webhooks_id_patch_owasp_api10_ssrf_432c0bdd.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── [OWASP-API10] PATCH /api/admin/webhooks/:id — SSRF ── -# case_id=TC-432c0bdd -# case_name=[OWASP-API10] PATCH /api/admin/webhooks/:id — SSRF -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "url": "http://127.0.0.1" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_patch_owasp_api2_broken_authentication_3a1afdb6.hurl b/cases/api_admin_webhooks_id_patch_owasp_api2_broken_authentication_3a1afdb6.hurl deleted file mode 100644 index 2219e15..0000000 --- a/cases/api_admin_webhooks_id_patch_owasp_api2_broken_authentication_3a1afdb6.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] PATCH /api/admin/webhooks/:id — broken authentication ── -# case_id=TC-3a1afdb6 -# case_name=[OWASP-API2] PATCH /api/admin/webhooks/:id — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PATCH {{base_url}}/api/admin/webhooks/:id - -HTTP 401 - diff --git a/cases/api_admin_webhooks_id_patch_owasp_api3_bopla_property_level_access_d7a97bb7.hurl b/cases/api_admin_webhooks_id_patch_owasp_api3_bopla_property_level_access_d7a97bb7.hurl deleted file mode 100644 index 8bd066d..0000000 --- a/cases/api_admin_webhooks_id_patch_owasp_api3_bopla_property_level_access_d7a97bb7.hurl +++ /dev/null @@ -1,29 +0,0 @@ -# ── [OWASP-API3] PATCH /api/admin/webhooks/:id — BOPLA property-level access ── -# case_id=TC-d7a97bb7 -# case_name=[OWASP-API3] PATCH /api/admin/webhooks/:id — BOPLA property-level access -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "leap" - ], - "isActive": true, - "is_admin": true, - "name": "Lacy Mccarthy", - "role": "admin", - "url": "http://www.mainrobust.net/user-centric/empower" -} -``` - -HTTP 200 - -[Asserts] -jsonpath "$.is_admin" != true -jsonpath "$.role" != "admin" - diff --git a/cases/api_admin_webhooks_id_patch_owasp_api5_function_level_authorization_missing_6c16dac4.hurl b/cases/api_admin_webhooks_id_patch_owasp_api5_function_level_authorization_missing_6c16dac4.hurl deleted file mode 100644 index 957b192..0000000 --- a/cases/api_admin_webhooks_id_patch_owasp_api5_function_level_authorization_missing_6c16dac4.hurl +++ /dev/null @@ -1,13 +0,0 @@ -# ── [OWASP-API5] PATCH /api/admin/webhooks/:id — function-level authorization missing ── -# case_id=TC-6c16dac4 -# case_name=[OWASP-API5] PATCH /api/admin/webhooks/:id — function-level authorization missing -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -PATCH {{base_url}}/api/admin/webhooks/:id -Authorization: Bearer {{user_token}} - -HTTP 403 - diff --git a/cases/api_admin_webhooks_id_patch_owasp_api7_injection_path_traversal_b84f711a.hurl b/cases/api_admin_webhooks_id_patch_owasp_api7_injection_path_traversal_b84f711a.hurl deleted file mode 100644 index 196973f..0000000 --- a/cases/api_admin_webhooks_id_patch_owasp_api7_injection_path_traversal_b84f711a.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] PATCH /api/admin/webhooks/:id — injection (path-traversal) ── -# case_id=TC-b84f711a -# case_name=[OWASP-API7] PATCH /api/admin/webhooks/:id — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PATCH {{base_url}}/api/admin/webhooks/:id -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_patch_owasp_api7_injection_sqli_e249a62c.hurl b/cases/api_admin_webhooks_id_patch_owasp_api7_injection_sqli_e249a62c.hurl deleted file mode 100644 index e03ca55..0000000 --- a/cases/api_admin_webhooks_id_patch_owasp_api7_injection_sqli_e249a62c.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] PATCH /api/admin/webhooks/:id — injection (sqli) ── -# case_id=TC-e249a62c -# case_name=[OWASP-API7] PATCH /api/admin/webhooks/:id — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PATCH {{base_url}}/api/admin/webhooks/:id -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_patch_owasp_api7_injection_xss_e86a894c.hurl b/cases/api_admin_webhooks_id_patch_owasp_api7_injection_xss_e86a894c.hurl deleted file mode 100644 index c2302a3..0000000 --- a/cases/api_admin_webhooks_id_patch_owasp_api7_injection_xss_e86a894c.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] PATCH /api/admin/webhooks/:id — injection (xss) ── -# case_id=TC-e86a894c -# case_name=[OWASP-API7] PATCH /api/admin/webhooks/:id — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -PATCH {{base_url}}/api/admin/webhooks/:id -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_patch_schema_violation_isactive_wrong_type_a0047765.hurl b/cases/api_admin_webhooks_id_patch_schema_violation_isactive_wrong_type_a0047765.hurl deleted file mode 100644 index 4e2604a..0000000 --- a/cases/api_admin_webhooks_id_patch_schema_violation_isactive_wrong_type_a0047765.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - [schema_violation] isActive_wrong_type ── -# case_id=TC-a0047765 -# case_name=PATCH /api/admin/webhooks/:id - [schema_violation] isActive_wrong_type -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "whatever" - ], - "isActive": "not_a_boolean", - "name": "Alexander Gordon", - "url": "https://www.grouptechnologies.net/deliverables/web-enabled/generate/e-enable" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_id_patch_type_coercion_events_wrong_type_string_ce35cd41.hurl b/cases/api_admin_webhooks_id_patch_type_coercion_events_wrong_type_string_ce35cd41.hurl deleted file mode 100644 index 10f2a28..0000000 --- a/cases/api_admin_webhooks_id_patch_type_coercion_events_wrong_type_string_ce35cd41.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - [type_coercion] events wrong_type_string ── -# case_id=TC-ce35cd41 -# case_name=PATCH /api/admin/webhooks/:id - [type_coercion] events wrong_type_string -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": "not_an_array", - "isActive": false, - "name": "Emile Jones", - "url": "https://www.financeoptimize.com/transform/cross-media/technologies" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_id_patch_type_coercion_isactive_wrong_type_integer_4c590e85.hurl b/cases/api_admin_webhooks_id_patch_type_coercion_isactive_wrong_type_integer_4c590e85.hurl deleted file mode 100644 index c07191b..0000000 --- a/cases/api_admin_webhooks_id_patch_type_coercion_isactive_wrong_type_integer_4c590e85.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - [type_coercion] isActive wrong_type_integer ── -# case_id=TC-4c590e85 -# case_name=PATCH /api/admin/webhooks/:id - [type_coercion] isActive wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "some" - ], - "isActive": 1, - "name": "Emile Jones", - "url": "https://www.financeoptimize.com/transform/cross-media/technologies" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_id_patch_type_coercion_isactive_wrong_type_string_db8dd398.hurl b/cases/api_admin_webhooks_id_patch_type_coercion_isactive_wrong_type_string_db8dd398.hurl deleted file mode 100644 index b5e5caf..0000000 --- a/cases/api_admin_webhooks_id_patch_type_coercion_isactive_wrong_type_string_db8dd398.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - [type_coercion] isActive wrong_type_string ── -# case_id=TC-db8dd398 -# case_name=PATCH /api/admin/webhooks/:id - [type_coercion] isActive wrong_type_string -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "some" - ], - "isActive": "not_a_boolean", - "name": "Emile Jones", - "url": "https://www.financeoptimize.com/transform/cross-media/technologies" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_id_patch_type_coercion_name_wrong_type_boolean_e2d843b1.hurl b/cases/api_admin_webhooks_id_patch_type_coercion_name_wrong_type_boolean_e2d843b1.hurl deleted file mode 100644 index 3a8524a..0000000 --- a/cases/api_admin_webhooks_id_patch_type_coercion_name_wrong_type_boolean_e2d843b1.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - [type_coercion] name wrong_type_boolean ── -# case_id=TC-e2d843b1 -# case_name=PATCH /api/admin/webhooks/:id - [type_coercion] name wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "some" - ], - "isActive": false, - "name": true, - "url": "https://www.financeoptimize.com/transform/cross-media/technologies" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_id_patch_type_coercion_name_wrong_type_integer_849247d2.hurl b/cases/api_admin_webhooks_id_patch_type_coercion_name_wrong_type_integer_849247d2.hurl deleted file mode 100644 index 857c1f1..0000000 --- a/cases/api_admin_webhooks_id_patch_type_coercion_name_wrong_type_integer_849247d2.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - [type_coercion] name wrong_type_integer ── -# case_id=TC-849247d2 -# case_name=PATCH /api/admin/webhooks/:id - [type_coercion] name wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "some" - ], - "isActive": false, - "name": 123, - "url": "https://www.financeoptimize.com/transform/cross-media/technologies" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_id_patch_type_coercion_url_wrong_type_boolean_d9bfd2d8.hurl b/cases/api_admin_webhooks_id_patch_type_coercion_url_wrong_type_boolean_d9bfd2d8.hurl deleted file mode 100644 index 639ab48..0000000 --- a/cases/api_admin_webhooks_id_patch_type_coercion_url_wrong_type_boolean_d9bfd2d8.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - [type_coercion] url wrong_type_boolean ── -# case_id=TC-d9bfd2d8 -# case_name=PATCH /api/admin/webhooks/:id - [type_coercion] url wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "some" - ], - "isActive": false, - "name": "Emile Jones", - "url": true -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_id_patch_type_coercion_url_wrong_type_integer_5b388493.hurl b/cases/api_admin_webhooks_id_patch_type_coercion_url_wrong_type_integer_5b388493.hurl deleted file mode 100644 index f3ac357..0000000 --- a/cases/api_admin_webhooks_id_patch_type_coercion_url_wrong_type_integer_5b388493.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - [type_coercion] url wrong_type_integer ── -# case_id=TC-5b388493 -# case_name=PATCH /api/admin/webhooks/:id - [type_coercion] url wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "some" - ], - "isActive": false, - "name": "Emile Jones", - "url": 123 -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_bidi_override_61073126.hurl b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_bidi_override_61073126.hurl deleted file mode 100644 index 45a3f88..0000000 --- a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_bidi_override_61073126.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name bidi_override ── -# case_id=TC-61073126 -# case_name=PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "that" - ], - "isActive": true, - "name": "‮hello", - "url": "https://www.productdrive.io/grow/world-class" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_control_char_9fed73af.hurl b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_control_char_9fed73af.hurl deleted file mode 100644 index ee02296..0000000 --- a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_control_char_9fed73af.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name control_char ── -# case_id=TC-9fed73af -# case_name=PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "that" - ], - "isActive": true, - "name": "hello\u0000world", - "url": "https://www.productdrive.io/grow/world-class" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_overlong_ff322daa.hurl b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_overlong_ff322daa.hurl deleted file mode 100644 index be51679..0000000 --- a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_overlong_ff322daa.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name overlong ── -# case_id=TC-ff322daa -# case_name=PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "that" - ], - "isActive": true, - "name": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "url": "https://www.productdrive.io/grow/world-class" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_zalgo_a31d1299.hurl b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_zalgo_a31d1299.hurl deleted file mode 100644 index fdf15dc..0000000 --- a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_zalgo_a31d1299.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name zalgo ── -# case_id=TC-a31d1299 -# case_name=PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "that" - ], - "isActive": true, - "name": "z̀́̂̃̄̅̆̇a", - "url": "https://www.productdrive.io/grow/world-class" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_zero_width_6bdb26ba.hurl b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_zero_width_6bdb26ba.hurl deleted file mode 100644 index e32ea16..0000000 --- a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_name_zero_width_6bdb26ba.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name zero_width ── -# case_id=TC-6bdb26ba -# case_name=PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "that" - ], - "isActive": true, - "name": "​hello", - "url": "https://www.productdrive.io/grow/world-class" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_bidi_override_36430217.hurl b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_bidi_override_36430217.hurl deleted file mode 100644 index e47d28c..0000000 --- a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_bidi_override_36430217.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url bidi_override ── -# case_id=TC-36430217 -# case_name=PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "that" - ], - "isActive": true, - "name": "Nicole Heller", - "url": "‮hello" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_control_char_ed68863e.hurl b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_control_char_ed68863e.hurl deleted file mode 100644 index 6aaf1c0..0000000 --- a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_control_char_ed68863e.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url control_char ── -# case_id=TC-ed68863e -# case_name=PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "that" - ], - "isActive": true, - "name": "Nicole Heller", - "url": "hello\u0000world" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_overlong_d7318097.hurl b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_overlong_d7318097.hurl deleted file mode 100644 index 467799c..0000000 --- a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_overlong_d7318097.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url overlong ── -# case_id=TC-d7318097 -# case_name=PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "that" - ], - "isActive": true, - "name": "Nicole Heller", - "url": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_zalgo_0a72a45e.hurl b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_zalgo_0a72a45e.hurl deleted file mode 100644 index f1364b4..0000000 --- a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_zalgo_0a72a45e.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url zalgo ── -# case_id=TC-0a72a45e -# case_name=PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "that" - ], - "isActive": true, - "name": "Nicole Heller", - "url": "z̀́̂̃̄̅̆̇a" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_zero_width_61e8a563.hurl b/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_zero_width_61e8a563.hurl deleted file mode 100644 index edbbaf9..0000000 --- a/cases/api_admin_webhooks_id_patch_unicode_fuzzing_url_zero_width_61e8a563.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url zero_width ── -# case_id=TC-61e8a563 -# case_name=PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "that" - ], - "isActive": true, - "name": "Nicole Heller", - "url": "​hello" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_patch_valid_request_with_all_required_fields_415f32a9.hurl b/cases/api_admin_webhooks_id_patch_valid_request_with_all_required_fields_415f32a9.hurl deleted file mode 100644 index 50d996c..0000000 --- a/cases/api_admin_webhooks_id_patch_valid_request_with_all_required_fields_415f32a9.hurl +++ /dev/null @@ -1,35 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - valid request with all required fields ── -# case_id=TC-415f32a9 -# case_name=PATCH /api/admin/webhooks/:id - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: application/json -```json -{ - "events": [ - "none" - ], - "isActive": true, - "name": "Dolly Richards", - "url": "http://www.futuredeliver.org/dynamic" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.createdAt" exists -jsonpath "$.providerType" exists -jsonpath "$.createdBy" exists -jsonpath "$.url" exists -jsonpath "$.name" exists -jsonpath "$.teamId" exists -jsonpath "$.id" exists -jsonpath "$.events" exists -jsonpath "$.isActive" exists - diff --git a/cases/api_admin_webhooks_id_patch_wrong_content_type_text_plain_94225ad6.hurl b/cases/api_admin_webhooks_id_patch_wrong_content_type_text_plain_94225ad6.hurl deleted file mode 100644 index 7ef42bf..0000000 --- a/cases/api_admin_webhooks_id_patch_wrong_content_type_text_plain_94225ad6.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── PATCH /api/admin/webhooks/:id - wrong content-type (text/plain) ── -# case_id=TC-94225ad6 -# case_name=PATCH /api/admin/webhooks/:id - wrong content-type (text/plain) -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -PATCH {{base_url}}/api/admin/webhooks/:id -Content-Type: text/plain -```json -{ - "events": [ - "aloof" - ], - "isActive": true, - "name": "Opal Deckow", - "url": "http://www.dynamicmarkets.net/vertical" -} -``` - -HTTP 415 - diff --git a/cases/api_admin_webhooks_id_test_options_owasp_api8_cors_security_configuration_19ddcfe4.hurl b/cases/api_admin_webhooks_id_test_options_owasp_api8_cors_security_configuration_19ddcfe4.hurl deleted file mode 100644 index 98adc6a..0000000 --- a/cases/api_admin_webhooks_id_test_options_owasp_api8_cors_security_configuration_19ddcfe4.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/admin/webhooks/:id/test — CORS security configuration ── -# case_id=TC-19ddcfe4 -# case_name=[OWASP-API8] OPTIONS /api/admin/webhooks/:id/test — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/admin/webhooks/:id/test -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_admin_webhooks_id_test_post_idempotent_second_call_must_be_safe_ff996bd3.hurl b/cases/api_admin_webhooks_id_test_post_idempotent_second_call_must_be_safe_ff996bd3.hurl deleted file mode 100644 index 6e23ecf..0000000 --- a/cases/api_admin_webhooks_id_test_post_idempotent_second_call_must_be_safe_ff996bd3.hurl +++ /dev/null @@ -1,33 +0,0 @@ -# ══════════════════════════════════════════════════ -# POST /api/admin/webhooks/:id/test - idempotent: second call must be safe -# case_id=TC-ff996bd3 -# case_name=POST /api/admin/webhooks/:id/test - idempotent: second call must be safe -# case_kind=chain -# priority=P2 -# ══════════════════════════════════════════════════ - -# ── POST /api/admin/webhooks/:id/test — first call [setup] ── -# step_id=step-setup -# step_type=setup -# title=POST /api/admin/webhooks/:id/test — first call - -POST {{base_url}}/api/admin/webhooks/:id/test - -HTTP 200 - -[Asserts] -duration < 2000 - -# ── POST /api/admin/webhooks/:id/test — identical second call must be safe [test] ── -# step_id=step-test -# step_type=test -# title=POST /api/admin/webhooks/:id/test — identical second call must be safe -# depends_on=step-setup - -POST {{base_url}}/api/admin/webhooks/:id/test - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_webhooks_id_test_post_idor_id_00000000_0000_0000_0000_000000000000_nil_33f46434.hurl b/cases/api_admin_webhooks_id_test_post_idor_id_00000000_0000_0000_0000_000000000000_nil_33f46434.hurl deleted file mode 100644 index 17ae493..0000000 --- a/cases/api_admin_webhooks_id_test_post_idor_id_00000000_0000_0000_0000_000000000000_nil_33f46434.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── POST /api/admin/webhooks/:id/test - IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid) ── -# case_id=TC-33f46434 -# case_name=POST /api/admin/webhooks/:id/test - IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -POST {{base_url}}/api/admin/webhooks/:id/test - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_id_test_post_idor_id_00000000_0000_0000_0000_000000000001_alt_eb0b8c82.hurl b/cases/api_admin_webhooks_id_test_post_idor_id_00000000_0000_0000_0000_000000000001_alt_eb0b8c82.hurl deleted file mode 100644 index 1a58e9b..0000000 --- a/cases/api_admin_webhooks_id_test_post_idor_id_00000000_0000_0000_0000_000000000001_alt_eb0b8c82.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── POST /api/admin/webhooks/:id/test - IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid) ── -# case_id=TC-eb0b8c82 -# case_name=POST /api/admin/webhooks/:id/test - IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -POST {{base_url}}/api/admin/webhooks/:id/test - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_id_test_post_missing_required_param_id_8f3b353e.hurl b/cases/api_admin_webhooks_id_test_post_missing_required_param_id_8f3b353e.hurl deleted file mode 100644 index 52688ab..0000000 --- a/cases/api_admin_webhooks_id_test_post_missing_required_param_id_8f3b353e.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── POST /api/admin/webhooks/:id/test - missing required param "id" ── -# case_id=TC-8f3b353e -# case_name=POST /api/admin/webhooks/:id/test - missing required param "id" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -POST {{base_url}}/api/admin/webhooks/:id/test - -HTTP 422 - diff --git a/cases/api_admin_webhooks_id_test_post_owasp_api2_broken_authentication_7054030e.hurl b/cases/api_admin_webhooks_id_test_post_owasp_api2_broken_authentication_7054030e.hurl deleted file mode 100644 index a526fa5..0000000 --- a/cases/api_admin_webhooks_id_test_post_owasp_api2_broken_authentication_7054030e.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] POST /api/admin/webhooks/:id/test — broken authentication ── -# case_id=TC-7054030e -# case_name=[OWASP-API2] POST /api/admin/webhooks/:id/test — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/webhooks/:id/test - -HTTP 401 - diff --git a/cases/api_admin_webhooks_id_test_post_owasp_api5_function_level_authorization_missing_908d0d93.hurl b/cases/api_admin_webhooks_id_test_post_owasp_api5_function_level_authorization_missing_908d0d93.hurl deleted file mode 100644 index 830a618..0000000 --- a/cases/api_admin_webhooks_id_test_post_owasp_api5_function_level_authorization_missing_908d0d93.hurl +++ /dev/null @@ -1,13 +0,0 @@ -# ── [OWASP-API5] POST /api/admin/webhooks/:id/test — function-level authorization missing ── -# case_id=TC-908d0d93 -# case_name=[OWASP-API5] POST /api/admin/webhooks/:id/test — function-level authorization missing -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -POST {{base_url}}/api/admin/webhooks/:id/test -Authorization: Bearer {{user_token}} - -HTTP 403 - diff --git a/cases/api_admin_webhooks_id_test_post_owasp_api7_injection_path_traversal_6c16c87b.hurl b/cases/api_admin_webhooks_id_test_post_owasp_api7_injection_path_traversal_6c16c87b.hurl deleted file mode 100644 index 17fdc64..0000000 --- a/cases/api_admin_webhooks_id_test_post_owasp_api7_injection_path_traversal_6c16c87b.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] POST /api/admin/webhooks/:id/test — injection (path-traversal) ── -# case_id=TC-6c16c87b -# case_name=[OWASP-API7] POST /api/admin/webhooks/:id/test — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/webhooks/:id/test -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_test_post_owasp_api7_injection_sqli_7a0227b0.hurl b/cases/api_admin_webhooks_id_test_post_owasp_api7_injection_sqli_7a0227b0.hurl deleted file mode 100644 index 53d5be0..0000000 --- a/cases/api_admin_webhooks_id_test_post_owasp_api7_injection_sqli_7a0227b0.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] POST /api/admin/webhooks/:id/test — injection (sqli) ── -# case_id=TC-7a0227b0 -# case_name=[OWASP-API7] POST /api/admin/webhooks/:id/test — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/webhooks/:id/test -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_test_post_owasp_api7_injection_xss_e8743ba7.hurl b/cases/api_admin_webhooks_id_test_post_owasp_api7_injection_xss_e8743ba7.hurl deleted file mode 100644 index 51a95ab..0000000 --- a/cases/api_admin_webhooks_id_test_post_owasp_api7_injection_xss_e8743ba7.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] POST /api/admin/webhooks/:id/test — injection (xss) ── -# case_id=TC-e8743ba7 -# case_name=[OWASP-API7] POST /api/admin/webhooks/:id/test — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/webhooks/:id/test -```json -null -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_id_test_post_valid_request_with_all_required_fields_ae0a2dc3.hurl b/cases/api_admin_webhooks_id_test_post_valid_request_with_all_required_fields_ae0a2dc3.hurl deleted file mode 100644 index da05ee3..0000000 --- a/cases/api_admin_webhooks_id_test_post_valid_request_with_all_required_fields_ae0a2dc3.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── POST /api/admin/webhooks/:id/test - valid request with all required fields ── -# case_id=TC-ae0a2dc3 -# case_name=POST /api/admin/webhooks/:id/test - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -POST {{base_url}}/api/admin/webhooks/:id/test - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.ok" exists - diff --git a/cases/api_admin_webhooks_options_owasp_api8_cors_security_configuration_3f16f7ab.hurl b/cases/api_admin_webhooks_options_owasp_api8_cors_security_configuration_3f16f7ab.hurl deleted file mode 100644 index 82a359b..0000000 --- a/cases/api_admin_webhooks_options_owasp_api8_cors_security_configuration_3f16f7ab.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/admin/webhooks — CORS security configuration ── -# case_id=TC-3f16f7ab -# case_name=[OWASP-API8] OPTIONS /api/admin/webhooks — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/admin/webhooks -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_admin_webhooks_post_auth_chain_f4c0b7fc.hurl b/cases/api_admin_webhooks_post_auth_chain_f4c0b7fc.hurl deleted file mode 100644 index 67c8c34..0000000 --- a/cases/api_admin_webhooks_post_auth_chain_f4c0b7fc.hurl +++ /dev/null @@ -1,56 +0,0 @@ -# ══════════════════════════════════════════════════ -# auth chain: POST /api/admin/webhooks -# case_id=TC-f4c0b7fc -# case_name=auth chain: POST /api/admin/webhooks -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── authenticate via POST /api/tokens [setup] ── -# step_id=step-auth -# step_type=setup -# title=authenticate via POST /api/tokens - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Jakob Jensen", - "scope": "write" -} -``` - -HTTP * - -[Captures] -authToken: jsonpath "$.token" - -[Asserts] -status < 300 - -# ── POST /api/admin/webhooks with auth token [test] ── -# step_id=step-test -# step_type=test -# title=POST /api/admin/webhooks with auth token -# depends_on=step-auth - -POST {{base_url}}/api/admin/webhooks -Authorization: Bearer {{authToken}} -Content-Type: application/json -```json -{ - "events": [ - "where" - ], - "name": "Lilla Henderson", - "providerType": "shirt", - "teamId": "1e74395d-96d5-4632-bff5-1db94dfc9c0c", - "url": "http://www.brandengage.info/out-of-the-box/end-to-end/engineer/visualize" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_webhooks_post_field_boundary_name_invalid_below_min_7b9e5b4d.hurl b/cases/api_admin_webhooks_post_field_boundary_name_invalid_below_min_7b9e5b4d.hurl deleted file mode 100644 index 6b0f892..0000000 --- a/cases/api_admin_webhooks_post_field_boundary_name_invalid_below_min_7b9e5b4d.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/webhooks - [field_boundary] name invalid_below_min ── -# case_id=TC-7b9e5b4d -# case_name=POST /api/admin/webhooks - [field_boundary] name invalid_below_min -# step_id=step-main -# step_type=test -# technique=field_boundary -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "regularly" - ], - "name": "", - "providerType": "pen", - "teamId": "8e786d80-b9b5-471b-8643-4dea8db9db45", - "url": "http://www.seniorb2b.io/webservices/repurpose/mindshare" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_post_field_boundary_name_valid_min_85b28596.hurl b/cases/api_admin_webhooks_post_field_boundary_name_valid_min_85b28596.hurl deleted file mode 100644 index 4d5c4b5..0000000 --- a/cases/api_admin_webhooks_post_field_boundary_name_valid_min_85b28596.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/webhooks - [field_boundary] name valid_min ── -# case_id=TC-85b28596 -# case_name=POST /api/admin/webhooks - [field_boundary] name valid_min -# step_id=step-main -# step_type=test -# technique=field_boundary -# priority=P1 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "that" - ], - "name": "a", - "providerType": "year", - "teamId": "2078e75e-ac88-4a37-93b9-0aad2a57623c", - "url": "http://www.principalinteractive.net/turn-key/redefine" -} -``` - -HTTP * - -[Asserts] -status >= 200 -status < 300 - diff --git a/cases/api_admin_webhooks_post_idempotent_second_call_must_be_safe_06e188f6.hurl b/cases/api_admin_webhooks_post_idempotent_second_call_must_be_safe_06e188f6.hurl deleted file mode 100644 index 747b854..0000000 --- a/cases/api_admin_webhooks_post_idempotent_second_call_must_be_safe_06e188f6.hurl +++ /dev/null @@ -1,57 +0,0 @@ -# ══════════════════════════════════════════════════ -# POST /api/admin/webhooks - idempotent: second call must be safe -# case_id=TC-06e188f6 -# case_name=POST /api/admin/webhooks - idempotent: second call must be safe -# case_kind=chain -# priority=P2 -# ══════════════════════════════════════════════════ - -# ── POST /api/admin/webhooks — first call [setup] ── -# step_id=step-setup -# step_type=setup -# title=POST /api/admin/webhooks — first call - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "now" - ], - "name": "Anya Wright", - "providerType": "yesterday", - "teamId": "cd7a7947-5e97-4e0c-bd41-40373e8f332b", - "url": "http://www.primaryaction-items.org/enhance/deploy/interfaces" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - -# ── POST /api/admin/webhooks — identical second call must be safe [test] ── -# step_id=step-test -# step_type=test -# title=POST /api/admin/webhooks — identical second call must be safe -# depends_on=step-setup - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "now" - ], - "name": "Anya Wright", - "providerType": "yesterday", - "teamId": "cd7a7947-5e97-4e0c-bd41-40373e8f332b", - "url": "http://www.primaryaction-items.org/enhance/deploy/interfaces" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_webhooks_post_invalid_events_empty_array_violates_minitems_1_41ef09da.hurl b/cases/api_admin_webhooks_post_invalid_events_empty_array_violates_minitems_1_41ef09da.hurl deleted file mode 100644 index 1f4eaa0..0000000 --- a/cases/api_admin_webhooks_post_invalid_events_empty_array_violates_minitems_1_41ef09da.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── POST /api/admin/webhooks - invalid events: empty array violates minItems 1 ── -# case_id=TC-41ef09da -# case_name=POST /api/admin/webhooks - invalid events: empty array violates minItems 1 -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [], - "name": "Beulah Douglas", - "providerType": "his", - "teamId": "4c031d9f-941f-4af7-bf94-9bb5b7ae85a3", - "url": "https://www.investormethodologies.net/maximize" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_invalid_name_empty_string_violates_minlength_1_86292ddb.hurl b/cases/api_admin_webhooks_post_invalid_name_empty_string_violates_minlength_1_86292ddb.hurl deleted file mode 100644 index c6397ec..0000000 --- a/cases/api_admin_webhooks_post_invalid_name_empty_string_violates_minlength_1_86292ddb.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - invalid name: empty string violates minLength 1 ── -# case_id=TC-86292ddb -# case_name=POST /api/admin/webhooks - invalid name: empty string violates minLength 1 -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "as" - ], - "name": "", - "providerType": "his", - "teamId": "4c031d9f-941f-4af7-bf94-9bb5b7ae85a3", - "url": "https://www.investormethodologies.net/maximize" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_mass_assignment_financial_probe_241955ee.hurl b/cases/api_admin_webhooks_post_mass_assignment_financial_probe_241955ee.hurl deleted file mode 100644 index 7e83e2f..0000000 --- a/cases/api_admin_webhooks_post_mass_assignment_financial_probe_241955ee.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/webhooks - [mass_assignment] financial probe ── -# case_id=TC-241955ee -# case_name=POST /api/admin/webhooks - [mass_assignment] financial probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "balance": 1, - "credits": 1, - "discount": 0, - "events": [ - "actor" - ], - "name": "Agustina McKenzie", - "price": 1, - "providerType": "eye", - "teamId": "304932c0-8102-4bb0-bd20-eb20fbf9ab2f", - "url": "http://www.vicemethodologies.com/virtual/metrics" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_mass_assignment_identity_probe_30b18c5f.hurl b/cases/api_admin_webhooks_post_mass_assignment_identity_probe_30b18c5f.hurl deleted file mode 100644 index 354f8fb..0000000 --- a/cases/api_admin_webhooks_post_mass_assignment_identity_probe_30b18c5f.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/webhooks - [mass_assignment] identity probe ── -# case_id=TC-30b18c5f -# case_name=POST /api/admin/webhooks - [mass_assignment] identity probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "createdBy": "__probe__", - "events": [ - "actor" - ], - "name": "Agustina McKenzie", - "ownerId": "__probe__", - "providerType": "eye", - "teamId": "304932c0-8102-4bb0-bd20-eb20fbf9ab2f", - "url": "http://www.vicemethodologies.com/virtual/metrics", - "userId": "__probe__", - "user_id": "__probe__" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_mass_assignment_privilege_probe_f5c743f7.hurl b/cases/api_admin_webhooks_post_mass_assignment_privilege_probe_f5c743f7.hurl deleted file mode 100644 index 5dbd057..0000000 --- a/cases/api_admin_webhooks_post_mass_assignment_privilege_probe_f5c743f7.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/webhooks - [mass_assignment] privilege probe ── -# case_id=TC-f5c743f7 -# case_name=POST /api/admin/webhooks - [mass_assignment] privilege probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "admin": true, - "events": [ - "actor" - ], - "isAdmin": true, - "is_admin": true, - "name": "Agustina McKenzie", - "providerType": "eye", - "role": "__probe__", - "teamId": "304932c0-8102-4bb0-bd20-eb20fbf9ab2f", - "url": "http://www.vicemethodologies.com/virtual/metrics" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_mass_assignment_status_probe_33b56375.hurl b/cases/api_admin_webhooks_post_mass_assignment_status_probe_33b56375.hurl deleted file mode 100644 index bccec2b..0000000 --- a/cases/api_admin_webhooks_post_mass_assignment_status_probe_33b56375.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/webhooks - [mass_assignment] status probe ── -# case_id=TC-33b56375 -# case_name=POST /api/admin/webhooks - [mass_assignment] status probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "approved": true, - "banned": false, - "disabled": false, - "events": [ - "actor" - ], - "name": "Agustina McKenzie", - "providerType": "eye", - "teamId": "304932c0-8102-4bb0-bd20-eb20fbf9ab2f", - "url": "http://www.vicemethodologies.com/virtual/metrics", - "verified": true -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_missing_required_field_events_d6a5b0c7.hurl b/cases/api_admin_webhooks_post_missing_required_field_events_d6a5b0c7.hurl deleted file mode 100644 index b3afd7d..0000000 --- a/cases/api_admin_webhooks_post_missing_required_field_events_d6a5b0c7.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/admin/webhooks - missing required field "events" ── -# case_id=TC-d6a5b0c7 -# case_name=POST /api/admin/webhooks - missing required field "events" -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P1 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "name": "Rebecca Mann", - "providerType": "painter", - "teamId": "1485872f-38ec-4ac0-88b9-3d10f551b3a4", - "url": "https://www.chiefsyndicate.biz/utilize/deliverables/innovate/transition" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_missing_required_field_events_dfcc1c56.hurl b/cases/api_admin_webhooks_post_missing_required_field_events_dfcc1c56.hurl deleted file mode 100644 index 9cefb59..0000000 --- a/cases/api_admin_webhooks_post_missing_required_field_events_dfcc1c56.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/admin/webhooks - missing required field "events" ── -# case_id=TC-dfcc1c56 -# case_name=POST /api/admin/webhooks - missing required field "events" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "name": "Beulah Douglas", - "providerType": "his", - "teamId": "4c031d9f-941f-4af7-bf94-9bb5b7ae85a3", - "url": "https://www.investormethodologies.net/maximize" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_missing_required_field_name_45423b82.hurl b/cases/api_admin_webhooks_post_missing_required_field_name_45423b82.hurl deleted file mode 100644 index fd89229..0000000 --- a/cases/api_admin_webhooks_post_missing_required_field_name_45423b82.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/admin/webhooks - missing required field "name" ── -# case_id=TC-45423b82 -# case_name=POST /api/admin/webhooks - missing required field "name" -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P1 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "Plutonian" - ], - "providerType": "choir", - "teamId": "5289bf89-a443-44f7-a319-2a66891988ac", - "url": "https://www.humandeploy.io/magnetic/roi/maximize/embrace" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_missing_required_field_name_6c83435b.hurl b/cases/api_admin_webhooks_post_missing_required_field_name_6c83435b.hurl deleted file mode 100644 index 35236ec..0000000 --- a/cases/api_admin_webhooks_post_missing_required_field_name_6c83435b.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/admin/webhooks - missing required field "name" ── -# case_id=TC-6c83435b -# case_name=POST /api/admin/webhooks - missing required field "name" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "as" - ], - "providerType": "his", - "teamId": "4c031d9f-941f-4af7-bf94-9bb5b7ae85a3", - "url": "https://www.investormethodologies.net/maximize" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_missing_required_field_url_6ed0d9f4.hurl b/cases/api_admin_webhooks_post_missing_required_field_url_6ed0d9f4.hurl deleted file mode 100644 index ae0d31d..0000000 --- a/cases/api_admin_webhooks_post_missing_required_field_url_6ed0d9f4.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/admin/webhooks - missing required field "url" ── -# case_id=TC-6ed0d9f4 -# case_name=POST /api/admin/webhooks - missing required field "url" -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P1 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "the" - ], - "name": "Carey Jimenez", - "providerType": "hourly", - "teamId": "68326c3d-2def-4030-9c4f-dfcb153eda58" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_missing_required_field_url_f322285b.hurl b/cases/api_admin_webhooks_post_missing_required_field_url_f322285b.hurl deleted file mode 100644 index 9f0f435..0000000 --- a/cases/api_admin_webhooks_post_missing_required_field_url_f322285b.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/admin/webhooks - missing required field "url" ── -# case_id=TC-f322285b -# case_name=POST /api/admin/webhooks - missing required field "url" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "as" - ], - "name": "Beulah Douglas", - "providerType": "his", - "teamId": "4c031d9f-941f-4af7-bf94-9bb5b7ae85a3" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_mutation_events_null_value_2c34fbf1.hurl b/cases/api_admin_webhooks_post_mutation_events_null_value_2c34fbf1.hurl deleted file mode 100644 index 4ea416a..0000000 --- a/cases/api_admin_webhooks_post_mutation_events_null_value_2c34fbf1.hurl +++ /dev/null @@ -1,26 +0,0 @@ -# ── POST /api/admin/webhooks - mutation: events null value ── -# case_id=TC-2c34fbf1 -# case_name=POST /api/admin/webhooks - mutation: events null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": null, - "name": "Javier Bogan", - "providerType": "regiment", - "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", - "url": "http://www.groupembrace.net/engage/best-of-breed/scale" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_post_mutation_events_object_instead_of_array_4a653004.hurl b/cases/api_admin_webhooks_post_mutation_events_object_instead_of_array_4a653004.hurl deleted file mode 100644 index 9c9a8ed..0000000 --- a/cases/api_admin_webhooks_post_mutation_events_object_instead_of_array_4a653004.hurl +++ /dev/null @@ -1,26 +0,0 @@ -# ── POST /api/admin/webhooks - mutation: events object instead of array ── -# case_id=TC-4a653004 -# case_name=POST /api/admin/webhooks - mutation: events object instead of array -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": {}, - "name": "Javier Bogan", - "providerType": "regiment", - "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", - "url": "http://www.groupembrace.net/engage/best-of-breed/scale" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_post_mutation_events_string_instead_of_array_19783d1d.hurl b/cases/api_admin_webhooks_post_mutation_events_string_instead_of_array_19783d1d.hurl deleted file mode 100644 index 9d4c2e9..0000000 --- a/cases/api_admin_webhooks_post_mutation_events_string_instead_of_array_19783d1d.hurl +++ /dev/null @@ -1,26 +0,0 @@ -# ── POST /api/admin/webhooks - mutation: events string instead of array ── -# case_id=TC-19783d1d -# case_name=POST /api/admin/webhooks - mutation: events string instead of array -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": "not-an-array", - "name": "Javier Bogan", - "providerType": "regiment", - "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", - "url": "http://www.groupembrace.net/engage/best-of-breed/scale" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_post_mutation_name_empty_string_f615d2a9.hurl b/cases/api_admin_webhooks_post_mutation_name_empty_string_f615d2a9.hurl deleted file mode 100644 index eac93ce..0000000 --- a/cases/api_admin_webhooks_post_mutation_name_empty_string_f615d2a9.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/webhooks - mutation: name empty string ── -# case_id=TC-f615d2a9 -# case_name=POST /api/admin/webhooks - mutation: name empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "this" - ], - "name": "", - "providerType": "regiment", - "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", - "url": "http://www.groupembrace.net/engage/best-of-breed/scale" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_post_mutation_name_integer_instead_of_string_cf6c122c.hurl b/cases/api_admin_webhooks_post_mutation_name_integer_instead_of_string_cf6c122c.hurl deleted file mode 100644 index e9d2c6d..0000000 --- a/cases/api_admin_webhooks_post_mutation_name_integer_instead_of_string_cf6c122c.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/webhooks - mutation: name integer instead of string ── -# case_id=TC-cf6c122c -# case_name=POST /api/admin/webhooks - mutation: name integer instead of string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "this" - ], - "name": 12345, - "providerType": "regiment", - "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", - "url": "http://www.groupembrace.net/engage/best-of-breed/scale" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_post_mutation_name_null_value_b75000cd.hurl b/cases/api_admin_webhooks_post_mutation_name_null_value_b75000cd.hurl deleted file mode 100644 index 2a0b0c1..0000000 --- a/cases/api_admin_webhooks_post_mutation_name_null_value_b75000cd.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/webhooks - mutation: name null value ── -# case_id=TC-b75000cd -# case_name=POST /api/admin/webhooks - mutation: name null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "this" - ], - "name": null, - "providerType": "regiment", - "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", - "url": "http://www.groupembrace.net/engage/best-of-breed/scale" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_post_mutation_name_oversized_string_300_chars_5be879ce.hurl b/cases/api_admin_webhooks_post_mutation_name_oversized_string_300_chars_5be879ce.hurl deleted file mode 100644 index d6f62c0..0000000 --- a/cases/api_admin_webhooks_post_mutation_name_oversized_string_300_chars_5be879ce.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/webhooks - mutation: name oversized string (300 chars) ── -# case_id=TC-5be879ce -# case_name=POST /api/admin/webhooks - mutation: name oversized string (300 chars) -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "this" - ], - "name": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "providerType": "regiment", - "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", - "url": "http://www.groupembrace.net/engage/best-of-breed/scale" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_post_mutation_providertype_empty_string_9b991c26.hurl b/cases/api_admin_webhooks_post_mutation_providertype_empty_string_9b991c26.hurl deleted file mode 100644 index dfab187..0000000 --- a/cases/api_admin_webhooks_post_mutation_providertype_empty_string_9b991c26.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/webhooks - mutation: providerType empty string ── -# case_id=TC-9b991c26 -# case_name=POST /api/admin/webhooks - mutation: providerType empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "this" - ], - "name": "Javier Bogan", - "providerType": "", - "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", - "url": "http://www.groupembrace.net/engage/best-of-breed/scale" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_post_mutation_providertype_integer_instead_of_string_83e13d1b.hurl b/cases/api_admin_webhooks_post_mutation_providertype_integer_instead_of_string_83e13d1b.hurl deleted file mode 100644 index b98f14c..0000000 --- a/cases/api_admin_webhooks_post_mutation_providertype_integer_instead_of_string_83e13d1b.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/webhooks - mutation: providerType integer instead of string ── -# case_id=TC-83e13d1b -# case_name=POST /api/admin/webhooks - mutation: providerType integer instead of string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "this" - ], - "name": "Javier Bogan", - "providerType": 12345, - "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", - "url": "http://www.groupembrace.net/engage/best-of-breed/scale" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_post_mutation_providertype_null_value_595d67fc.hurl b/cases/api_admin_webhooks_post_mutation_providertype_null_value_595d67fc.hurl deleted file mode 100644 index dd078c8..0000000 --- a/cases/api_admin_webhooks_post_mutation_providertype_null_value_595d67fc.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/admin/webhooks - mutation: providerType null value ── -# case_id=TC-595d67fc -# case_name=POST /api/admin/webhooks - mutation: providerType null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "this" - ], - "name": "Javier Bogan", - "providerType": null, - "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", - "url": "http://www.groupembrace.net/engage/best-of-breed/scale" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_post_name_at_max_plus_one_invalid_boundary_94214268.hurl b/cases/api_admin_webhooks_post_name_at_max_plus_one_invalid_boundary_94214268.hurl deleted file mode 100644 index 23ead34..0000000 --- a/cases/api_admin_webhooks_post_name_at_max_plus_one_invalid_boundary_94214268.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - name at max_plus_one_invalid boundary ── -# case_id=TC-94214268 -# case_name=POST /api/admin/webhooks - name at max_plus_one_invalid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "these" - ], - "name": "IOYvYIBkAQYqFIqDJMZycrqRFIVCjZIMbSjDHSMaqySSJJGZbEevnwNUYIPXWkWwHWoWMoAdnxnBkAPWCFrpnBgxDdlsucOVjhDdRObECkUodPRyLJNwwstZUaRwXafrnWjLfrJjRGEeTNKnkRrBzcspeyWjjpHjsLvGfcgxXrgoqgfZptELkyLFdklDpBUEtlqfaHPyFoMWMGjhbPWSrFIuUhQHvQOZmItpXjLrWGQNFNXHxaZDTmDNLFhUJSOO", - "providerType": "infrequently", - "teamId": "4a6f39f6-5059-431c-b5eb-9711769c6023", - "url": "http://www.juniorexpedite.com/partnerships" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_name_at_max_valid_boundary_d8fb6781.hurl b/cases/api_admin_webhooks_post_name_at_max_valid_boundary_d8fb6781.hurl deleted file mode 100644 index 79eac96..0000000 --- a/cases/api_admin_webhooks_post_name_at_max_valid_boundary_d8fb6781.hurl +++ /dev/null @@ -1,27 +0,0 @@ -# ── POST /api/admin/webhooks - name at max_valid boundary ── -# case_id=TC-d8fb6781 -# case_name=POST /api/admin/webhooks - name at max_valid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P1 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "these" - ], - "name": "SncWFCUvZpQFNFdrRgNJvYbFANxRmLnQRwBDZqHrTHNxToOSzvIyMmzYXYNlTmqxqecveYPPJkHsbPGoaolHtERzLSSWSCxHgCRyXtiMrbXGLHWZPsGbytTNsOuzeJeHwrLudLzbVBdbBDdVDJAEXLewLKAlJsnbYaiuzbPulctRaehbdWqhpaxcUFmpSCgDEsQEUPqkVaYFLwaCaeKPlKLmHypHEUNlnmuYwzseXfFSYIVfMKOFtwTgnGGRbhK", - "providerType": "infrequently", - "teamId": "4a6f39f6-5059-431c-b5eb-9711769c6023", - "url": "http://www.juniorexpedite.com/partnerships" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_webhooks_post_name_at_min_minus_one_invalid_boundary_5b4327aa.hurl b/cases/api_admin_webhooks_post_name_at_min_minus_one_invalid_boundary_5b4327aa.hurl deleted file mode 100644 index ea39ab4..0000000 --- a/cases/api_admin_webhooks_post_name_at_min_minus_one_invalid_boundary_5b4327aa.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - name at min_minus_one_invalid boundary ── -# case_id=TC-5b4327aa -# case_name=POST /api/admin/webhooks - name at min_minus_one_invalid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "these" - ], - "name": "b", - "providerType": "infrequently", - "teamId": "4a6f39f6-5059-431c-b5eb-9711769c6023", - "url": "http://www.juniorexpedite.com/partnerships" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_name_at_min_valid_boundary_72f21135.hurl b/cases/api_admin_webhooks_post_name_at_min_valid_boundary_72f21135.hurl deleted file mode 100644 index 7236816..0000000 --- a/cases/api_admin_webhooks_post_name_at_min_valid_boundary_72f21135.hurl +++ /dev/null @@ -1,27 +0,0 @@ -# ── POST /api/admin/webhooks - name at min_valid boundary ── -# case_id=TC-72f21135 -# case_name=POST /api/admin/webhooks - name at min_valid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P1 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "these" - ], - "name": "u", - "providerType": "infrequently", - "teamId": "4a6f39f6-5059-431c-b5eb-9711769c6023", - "url": "http://www.juniorexpedite.com/partnerships" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_admin_webhooks_post_null_injection_events_35254559.hurl b/cases/api_admin_webhooks_post_null_injection_events_35254559.hurl deleted file mode 100644 index 46a80b8..0000000 --- a/cases/api_admin_webhooks_post_null_injection_events_35254559.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── POST /api/admin/webhooks - null injection: events ── -# case_id=TC-35254559 -# case_name=POST /api/admin/webhooks - null injection: events -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": null, - "name": "Tanner Gardner", - "providerType": "patiently", - "teamId": "19ccbd87-5161-4a81-beda-3e6a1d5aa25e", - "url": "https://www.seniorsynergies.info/one-to-one" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_null_injection_name_169dbf8c.hurl b/cases/api_admin_webhooks_post_null_injection_name_169dbf8c.hurl deleted file mode 100644 index c04cfdf..0000000 --- a/cases/api_admin_webhooks_post_null_injection_name_169dbf8c.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - null injection: name ── -# case_id=TC-169dbf8c -# case_name=POST /api/admin/webhooks - null injection: name -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "from" - ], - "name": null, - "providerType": "patiently", - "teamId": "19ccbd87-5161-4a81-beda-3e6a1d5aa25e", - "url": "https://www.seniorsynergies.info/one-to-one" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_null_injection_providertype_d40094c4.hurl b/cases/api_admin_webhooks_post_null_injection_providertype_d40094c4.hurl deleted file mode 100644 index 0cac38e..0000000 --- a/cases/api_admin_webhooks_post_null_injection_providertype_d40094c4.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - null injection: providerType ── -# case_id=TC-d40094c4 -# case_name=POST /api/admin/webhooks - null injection: providerType -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "from" - ], - "name": "Tanner Gardner", - "providerType": null, - "teamId": "19ccbd87-5161-4a81-beda-3e6a1d5aa25e", - "url": "https://www.seniorsynergies.info/one-to-one" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_null_injection_teamid_4f42ea82.hurl b/cases/api_admin_webhooks_post_null_injection_teamid_4f42ea82.hurl deleted file mode 100644 index aa8ce76..0000000 --- a/cases/api_admin_webhooks_post_null_injection_teamid_4f42ea82.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - null injection: teamId ── -# case_id=TC-4f42ea82 -# case_name=POST /api/admin/webhooks - null injection: teamId -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "from" - ], - "name": "Tanner Gardner", - "providerType": "patiently", - "teamId": null, - "url": "https://www.seniorsynergies.info/one-to-one" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_null_injection_url_52359f32.hurl b/cases/api_admin_webhooks_post_null_injection_url_52359f32.hurl deleted file mode 100644 index 89eda70..0000000 --- a/cases/api_admin_webhooks_post_null_injection_url_52359f32.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - null injection: url ── -# case_id=TC-52359f32 -# case_name=POST /api/admin/webhooks - null injection: url -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "from" - ], - "name": "Tanner Gardner", - "providerType": "patiently", - "teamId": "19ccbd87-5161-4a81-beda-3e6a1d5aa25e", - "url": null -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_owasp_api10_ssrf_fa3b21f3.hurl b/cases/api_admin_webhooks_post_owasp_api10_ssrf_fa3b21f3.hurl deleted file mode 100644 index bf4ab94..0000000 --- a/cases/api_admin_webhooks_post_owasp_api10_ssrf_fa3b21f3.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── [OWASP-API10] POST /api/admin/webhooks — SSRF ── -# case_id=TC-fa3b21f3 -# case_name=[OWASP-API10] POST /api/admin/webhooks — SSRF -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "url": "http://127.0.0.1" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_owasp_api2_broken_authentication_f690ca7e.hurl b/cases/api_admin_webhooks_post_owasp_api2_broken_authentication_f690ca7e.hurl deleted file mode 100644 index 0cbff48..0000000 --- a/cases/api_admin_webhooks_post_owasp_api2_broken_authentication_f690ca7e.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] POST /api/admin/webhooks — broken authentication ── -# case_id=TC-f690ca7e -# case_name=[OWASP-API2] POST /api/admin/webhooks — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/webhooks - -HTTP 401 - diff --git a/cases/api_admin_webhooks_post_owasp_api5_function_level_authorization_missing_d8d5bdac.hurl b/cases/api_admin_webhooks_post_owasp_api5_function_level_authorization_missing_d8d5bdac.hurl deleted file mode 100644 index e3c1838..0000000 --- a/cases/api_admin_webhooks_post_owasp_api5_function_level_authorization_missing_d8d5bdac.hurl +++ /dev/null @@ -1,13 +0,0 @@ -# ── [OWASP-API5] POST /api/admin/webhooks — function-level authorization missing ── -# case_id=TC-d8d5bdac -# case_name=[OWASP-API5] POST /api/admin/webhooks — function-level authorization missing -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -POST {{base_url}}/api/admin/webhooks -Authorization: Bearer {{user_token}} - -HTTP 403 - diff --git a/cases/api_admin_webhooks_post_owasp_api6_mass_assignment_1b59ba48.hurl b/cases/api_admin_webhooks_post_owasp_api6_mass_assignment_1b59ba48.hurl deleted file mode 100644 index aab94d6..0000000 --- a/cases/api_admin_webhooks_post_owasp_api6_mass_assignment_1b59ba48.hurl +++ /dev/null @@ -1,32 +0,0 @@ -# ── [OWASP-API6] POST /api/admin/webhooks — mass assignment ── -# case_id=TC-1b59ba48 -# case_name=[OWASP-API6] POST /api/admin/webhooks — mass assignment -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "createdAt": "2000-01-01T00:00:00Z", - "events": [ - "Lebanese" - ], - "id": 99999, - "name": "Rowan Bartell", - "providerType": "Polish", - "teamId": "5bfa6b50-a743-4866-b2b2-f649decc8c37", - "updatedAt": "2000-01-01T00:00:00Z", - "url": "https://www.regionalfacilitate.com/users/intuitive" -} -``` - -HTTP 201 - -[Asserts] -jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" -jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" -jsonpath "$.id" != 99999 - diff --git a/cases/api_admin_webhooks_post_owasp_api7_injection_path_traversal_a39cab42.hurl b/cases/api_admin_webhooks_post_owasp_api7_injection_path_traversal_a39cab42.hurl deleted file mode 100644 index 97640f0..0000000 --- a/cases/api_admin_webhooks_post_owasp_api7_injection_path_traversal_a39cab42.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── [OWASP-API7] POST /api/admin/webhooks — injection (path-traversal) ── -# case_id=TC-a39cab42 -# case_name=[OWASP-API7] POST /api/admin/webhooks — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "providerType": "../../../etc/passwd" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_owasp_api7_injection_sqli_03accab7.hurl b/cases/api_admin_webhooks_post_owasp_api7_injection_sqli_03accab7.hurl deleted file mode 100644 index 5708b9a..0000000 --- a/cases/api_admin_webhooks_post_owasp_api7_injection_sqli_03accab7.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── [OWASP-API7] POST /api/admin/webhooks — injection (sqli) ── -# case_id=TC-03accab7 -# case_name=[OWASP-API7] POST /api/admin/webhooks — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "providerType": "' OR 1=1--" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_owasp_api7_injection_xss_a1a1e257.hurl b/cases/api_admin_webhooks_post_owasp_api7_injection_xss_a1a1e257.hurl deleted file mode 100644 index c2337d8..0000000 --- a/cases/api_admin_webhooks_post_owasp_api7_injection_xss_a1a1e257.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── [OWASP-API7] POST /api/admin/webhooks — injection (xss) ── -# case_id=TC-a1a1e257 -# case_name=[OWASP-API7] POST /api/admin/webhooks — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "providerType": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_required_omission_events_absent_09946d4c.hurl b/cases/api_admin_webhooks_post_required_omission_events_absent_09946d4c.hurl deleted file mode 100644 index a3fd8f9..0000000 --- a/cases/api_admin_webhooks_post_required_omission_events_absent_09946d4c.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── POST /api/admin/webhooks - [required_omission] events absent ── -# case_id=TC-09946d4c -# case_name=POST /api/admin/webhooks - [required_omission] events absent -# step_id=step-main -# step_type=test -# technique=required_omission -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "name": "Molly Hudson", - "providerType": "next", - "teamId": "6c927896-300a-4cc9-a530-93b2a15d5633", - "url": "http://www.humanusers.name/engage" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_post_required_omission_name_absent_d0373487.hurl b/cases/api_admin_webhooks_post_required_omission_name_absent_d0373487.hurl deleted file mode 100644 index b8ae1db..0000000 --- a/cases/api_admin_webhooks_post_required_omission_name_absent_d0373487.hurl +++ /dev/null @@ -1,27 +0,0 @@ -# ── POST /api/admin/webhooks - [required_omission] name absent ── -# case_id=TC-d0373487 -# case_name=POST /api/admin/webhooks - [required_omission] name absent -# step_id=step-main -# step_type=test -# technique=required_omission -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "it" - ], - "providerType": "few", - "teamId": "949cf797-62f1-45ef-9b37-71379d7223ec", - "url": "http://www.regionalproactive.io/scalable" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_post_required_omission_url_absent_6d3bc221.hurl b/cases/api_admin_webhooks_post_required_omission_url_absent_6d3bc221.hurl deleted file mode 100644 index 3caf7a0..0000000 --- a/cases/api_admin_webhooks_post_required_omission_url_absent_6d3bc221.hurl +++ /dev/null @@ -1,27 +0,0 @@ -# ── POST /api/admin/webhooks - [required_omission] url absent ── -# case_id=TC-6d3bc221 -# case_name=POST /api/admin/webhooks - [required_omission] url absent -# step_id=step-main -# step_type=test -# technique=required_omission -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "last" - ], - "name": "Alvina Powell", - "providerType": "itself", - "teamId": "3652daaf-fcaf-461d-97f6-ccc7da39f569" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_admin_webhooks_post_schema_violation_events_missing_required_e4df148d.hurl b/cases/api_admin_webhooks_post_schema_violation_events_missing_required_e4df148d.hurl deleted file mode 100644 index 607ad59..0000000 --- a/cases/api_admin_webhooks_post_schema_violation_events_missing_required_e4df148d.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/admin/webhooks - [schema_violation] events_missing_required ── -# case_id=TC-e4df148d -# case_name=POST /api/admin/webhooks - [schema_violation] events_missing_required -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "name": "Raphael Davies", - "providerType": "me", - "teamId": "8afc12a7-a242-4e1f-b05b-4ade3fb01c0f", - "url": "https://www.legacyincubate.io/seize" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_schema_violation_events_too_few_items_a0bdf58b.hurl b/cases/api_admin_webhooks_post_schema_violation_events_too_few_items_a0bdf58b.hurl deleted file mode 100644 index 7821270..0000000 --- a/cases/api_admin_webhooks_post_schema_violation_events_too_few_items_a0bdf58b.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── POST /api/admin/webhooks - [schema_violation] events_too_few_items ── -# case_id=TC-a0bdf58b -# case_name=POST /api/admin/webhooks - [schema_violation] events_too_few_items -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [], - "name": "Raphael Davies", - "providerType": "me", - "teamId": "8afc12a7-a242-4e1f-b05b-4ade3fb01c0f", - "url": "https://www.legacyincubate.io/seize" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_schema_violation_name_missing_required_7b8cab12.hurl b/cases/api_admin_webhooks_post_schema_violation_name_missing_required_7b8cab12.hurl deleted file mode 100644 index cc5dcb0..0000000 --- a/cases/api_admin_webhooks_post_schema_violation_name_missing_required_7b8cab12.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/admin/webhooks - [schema_violation] name_missing_required ── -# case_id=TC-7b8cab12 -# case_name=POST /api/admin/webhooks - [schema_violation] name_missing_required -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "hundred" - ], - "providerType": "me", - "teamId": "8afc12a7-a242-4e1f-b05b-4ade3fb01c0f", - "url": "https://www.legacyincubate.io/seize" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_schema_violation_name_too_short_b49ea6fa.hurl b/cases/api_admin_webhooks_post_schema_violation_name_too_short_b49ea6fa.hurl deleted file mode 100644 index 4e390e5..0000000 --- a/cases/api_admin_webhooks_post_schema_violation_name_too_short_b49ea6fa.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [schema_violation] name_too_short ── -# case_id=TC-b49ea6fa -# case_name=POST /api/admin/webhooks - [schema_violation] name_too_short -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "hundred" - ], - "name": "", - "providerType": "me", - "teamId": "8afc12a7-a242-4e1f-b05b-4ade3fb01c0f", - "url": "https://www.legacyincubate.io/seize" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_schema_violation_url_missing_required_4d32f3c3.hurl b/cases/api_admin_webhooks_post_schema_violation_url_missing_required_4d32f3c3.hurl deleted file mode 100644 index 4d72a21..0000000 --- a/cases/api_admin_webhooks_post_schema_violation_url_missing_required_4d32f3c3.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/admin/webhooks - [schema_violation] url_missing_required ── -# case_id=TC-4d32f3c3 -# case_name=POST /api/admin/webhooks - [schema_violation] url_missing_required -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "hundred" - ], - "name": "Raphael Davies", - "providerType": "me", - "teamId": "8afc12a7-a242-4e1f-b05b-4ade3fb01c0f" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_type_coercion_events_wrong_type_string_07b6f191.hurl b/cases/api_admin_webhooks_post_type_coercion_events_wrong_type_string_07b6f191.hurl deleted file mode 100644 index dda8c17..0000000 --- a/cases/api_admin_webhooks_post_type_coercion_events_wrong_type_string_07b6f191.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── POST /api/admin/webhooks - [type_coercion] events wrong_type_string ── -# case_id=TC-07b6f191 -# case_name=POST /api/admin/webhooks - [type_coercion] events wrong_type_string -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": "not_an_array", - "name": "Horace Evans", - "providerType": "impress", - "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", - "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_type_coercion_name_wrong_type_boolean_49b71fc3.hurl b/cases/api_admin_webhooks_post_type_coercion_name_wrong_type_boolean_49b71fc3.hurl deleted file mode 100644 index 9724cfb..0000000 --- a/cases/api_admin_webhooks_post_type_coercion_name_wrong_type_boolean_49b71fc3.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [type_coercion] name wrong_type_boolean ── -# case_id=TC-49b71fc3 -# case_name=POST /api/admin/webhooks - [type_coercion] name wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "improvised" - ], - "name": true, - "providerType": "impress", - "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", - "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_type_coercion_name_wrong_type_integer_39c60504.hurl b/cases/api_admin_webhooks_post_type_coercion_name_wrong_type_integer_39c60504.hurl deleted file mode 100644 index 44eb462..0000000 --- a/cases/api_admin_webhooks_post_type_coercion_name_wrong_type_integer_39c60504.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [type_coercion] name wrong_type_integer ── -# case_id=TC-39c60504 -# case_name=POST /api/admin/webhooks - [type_coercion] name wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "improvised" - ], - "name": 123, - "providerType": "impress", - "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", - "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_type_coercion_providertype_wrong_type_boolean_2f2c0975.hurl b/cases/api_admin_webhooks_post_type_coercion_providertype_wrong_type_boolean_2f2c0975.hurl deleted file mode 100644 index af3c4a9..0000000 --- a/cases/api_admin_webhooks_post_type_coercion_providertype_wrong_type_boolean_2f2c0975.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [type_coercion] providerType wrong_type_boolean ── -# case_id=TC-2f2c0975 -# case_name=POST /api/admin/webhooks - [type_coercion] providerType wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "improvised" - ], - "name": "Horace Evans", - "providerType": true, - "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", - "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_type_coercion_providertype_wrong_type_integer_e227c019.hurl b/cases/api_admin_webhooks_post_type_coercion_providertype_wrong_type_integer_e227c019.hurl deleted file mode 100644 index 2aef96e..0000000 --- a/cases/api_admin_webhooks_post_type_coercion_providertype_wrong_type_integer_e227c019.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [type_coercion] providerType wrong_type_integer ── -# case_id=TC-e227c019 -# case_name=POST /api/admin/webhooks - [type_coercion] providerType wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "improvised" - ], - "name": "Horace Evans", - "providerType": 123, - "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", - "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_type_coercion_teamid_wrong_type_boolean_b27447cc.hurl b/cases/api_admin_webhooks_post_type_coercion_teamid_wrong_type_boolean_b27447cc.hurl deleted file mode 100644 index 8aba387..0000000 --- a/cases/api_admin_webhooks_post_type_coercion_teamid_wrong_type_boolean_b27447cc.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [type_coercion] teamId wrong_type_boolean ── -# case_id=TC-b27447cc -# case_name=POST /api/admin/webhooks - [type_coercion] teamId wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "improvised" - ], - "name": "Horace Evans", - "providerType": "impress", - "teamId": true, - "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_type_coercion_teamid_wrong_type_integer_5db01d88.hurl b/cases/api_admin_webhooks_post_type_coercion_teamid_wrong_type_integer_5db01d88.hurl deleted file mode 100644 index 61a053c..0000000 --- a/cases/api_admin_webhooks_post_type_coercion_teamid_wrong_type_integer_5db01d88.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [type_coercion] teamId wrong_type_integer ── -# case_id=TC-5db01d88 -# case_name=POST /api/admin/webhooks - [type_coercion] teamId wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "improvised" - ], - "name": "Horace Evans", - "providerType": "impress", - "teamId": 123, - "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_type_coercion_url_wrong_type_boolean_2d482d43.hurl b/cases/api_admin_webhooks_post_type_coercion_url_wrong_type_boolean_2d482d43.hurl deleted file mode 100644 index 60ff278..0000000 --- a/cases/api_admin_webhooks_post_type_coercion_url_wrong_type_boolean_2d482d43.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [type_coercion] url wrong_type_boolean ── -# case_id=TC-2d482d43 -# case_name=POST /api/admin/webhooks - [type_coercion] url wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "improvised" - ], - "name": "Horace Evans", - "providerType": "impress", - "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", - "url": true -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_type_coercion_url_wrong_type_integer_ea2aab8e.hurl b/cases/api_admin_webhooks_post_type_coercion_url_wrong_type_integer_ea2aab8e.hurl deleted file mode 100644 index 0f98ad7..0000000 --- a/cases/api_admin_webhooks_post_type_coercion_url_wrong_type_integer_ea2aab8e.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [type_coercion] url wrong_type_integer ── -# case_id=TC-ea2aab8e -# case_name=POST /api/admin/webhooks - [type_coercion] url wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "improvised" - ], - "name": "Horace Evans", - "providerType": "impress", - "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", - "url": 123 -} -``` - -HTTP 422 - diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_name_bidi_override_07e9eae2.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_name_bidi_override_07e9eae2.hurl deleted file mode 100644 index 6bed958..0000000 --- a/cases/api_admin_webhooks_post_unicode_fuzzing_name_bidi_override_07e9eae2.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [unicode_fuzzing] name bidi_override ── -# case_id=TC-07e9eae2 -# case_name=POST /api/admin/webhooks - [unicode_fuzzing] name bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "you" - ], - "name": "‮hello", - "providerType": "anyway", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_name_control_char_5943393b.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_name_control_char_5943393b.hurl deleted file mode 100644 index d1ecd5b..0000000 --- a/cases/api_admin_webhooks_post_unicode_fuzzing_name_control_char_5943393b.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [unicode_fuzzing] name control_char ── -# case_id=TC-5943393b -# case_name=POST /api/admin/webhooks - [unicode_fuzzing] name control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "you" - ], - "name": "hello\u0000world", - "providerType": "anyway", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_name_overlong_bee28f66.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_name_overlong_bee28f66.hurl deleted file mode 100644 index d93f666..0000000 --- a/cases/api_admin_webhooks_post_unicode_fuzzing_name_overlong_bee28f66.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [unicode_fuzzing] name overlong ── -# case_id=TC-bee28f66 -# case_name=POST /api/admin/webhooks - [unicode_fuzzing] name overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "you" - ], - "name": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "providerType": "anyway", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_name_zalgo_a7f8f480.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_name_zalgo_a7f8f480.hurl deleted file mode 100644 index 5ad751d..0000000 --- a/cases/api_admin_webhooks_post_unicode_fuzzing_name_zalgo_a7f8f480.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [unicode_fuzzing] name zalgo ── -# case_id=TC-a7f8f480 -# case_name=POST /api/admin/webhooks - [unicode_fuzzing] name zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "you" - ], - "name": "z̀́̂̃̄̅̆̇a", - "providerType": "anyway", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_name_zero_width_2a6bf0cb.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_name_zero_width_2a6bf0cb.hurl deleted file mode 100644 index 27c7d64..0000000 --- a/cases/api_admin_webhooks_post_unicode_fuzzing_name_zero_width_2a6bf0cb.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [unicode_fuzzing] name zero_width ── -# case_id=TC-2a6bf0cb -# case_name=POST /api/admin/webhooks - [unicode_fuzzing] name zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "you" - ], - "name": "​hello", - "providerType": "anyway", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_bidi_override_8724a676.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_bidi_override_8724a676.hurl deleted file mode 100644 index 8aa327f..0000000 --- a/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_bidi_override_8724a676.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [unicode_fuzzing] providerType bidi_override ── -# case_id=TC-8724a676 -# case_name=POST /api/admin/webhooks - [unicode_fuzzing] providerType bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "‮hello", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_control_char_dc945e0e.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_control_char_dc945e0e.hurl deleted file mode 100644 index bcdf3da..0000000 --- a/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_control_char_dc945e0e.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [unicode_fuzzing] providerType control_char ── -# case_id=TC-dc945e0e -# case_name=POST /api/admin/webhooks - [unicode_fuzzing] providerType control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "hello\u0000world", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_overlong_2cc3a01a.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_overlong_2cc3a01a.hurl deleted file mode 100644 index 2ace227..0000000 --- a/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_overlong_2cc3a01a.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [unicode_fuzzing] providerType overlong ── -# case_id=TC-2cc3a01a -# case_name=POST /api/admin/webhooks - [unicode_fuzzing] providerType overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_zalgo_07152569.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_zalgo_07152569.hurl deleted file mode 100644 index 0cbb6e3..0000000 --- a/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_zalgo_07152569.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [unicode_fuzzing] providerType zalgo ── -# case_id=TC-07152569 -# case_name=POST /api/admin/webhooks - [unicode_fuzzing] providerType zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "z̀́̂̃̄̅̆̇a", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_zero_width_e32282d7.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_zero_width_e32282d7.hurl deleted file mode 100644 index dfd6a4f..0000000 --- a/cases/api_admin_webhooks_post_unicode_fuzzing_providertype_zero_width_e32282d7.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [unicode_fuzzing] providerType zero_width ── -# case_id=TC-e32282d7 -# case_name=POST /api/admin/webhooks - [unicode_fuzzing] providerType zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "​hello", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_bidi_override_0c229c2d.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_bidi_override_0c229c2d.hurl deleted file mode 100644 index 66bd1a9..0000000 --- a/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_bidi_override_0c229c2d.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [unicode_fuzzing] teamId bidi_override ── -# case_id=TC-0c229c2d -# case_name=POST /api/admin/webhooks - [unicode_fuzzing] teamId bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "anyway", - "teamId": "‮hello", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_control_char_f031554f.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_control_char_f031554f.hurl deleted file mode 100644 index aff01e4..0000000 --- a/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_control_char_f031554f.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [unicode_fuzzing] teamId control_char ── -# case_id=TC-f031554f -# case_name=POST /api/admin/webhooks - [unicode_fuzzing] teamId control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "anyway", - "teamId": "hello\u0000world", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_overlong_7de8af57.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_overlong_7de8af57.hurl deleted file mode 100644 index 517c042..0000000 --- a/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_overlong_7de8af57.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [unicode_fuzzing] teamId overlong ── -# case_id=TC-7de8af57 -# case_name=POST /api/admin/webhooks - [unicode_fuzzing] teamId overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "anyway", - "teamId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_zalgo_bba333a6.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_zalgo_bba333a6.hurl deleted file mode 100644 index fd553eb..0000000 --- a/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_zalgo_bba333a6.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [unicode_fuzzing] teamId zalgo ── -# case_id=TC-bba333a6 -# case_name=POST /api/admin/webhooks - [unicode_fuzzing] teamId zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "anyway", - "teamId": "z̀́̂̃̄̅̆̇a", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_zero_width_3128deb0.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_zero_width_3128deb0.hurl deleted file mode 100644 index ce1ee48..0000000 --- a/cases/api_admin_webhooks_post_unicode_fuzzing_teamid_zero_width_3128deb0.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [unicode_fuzzing] teamId zero_width ── -# case_id=TC-3128deb0 -# case_name=POST /api/admin/webhooks - [unicode_fuzzing] teamId zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "anyway", - "teamId": "​hello", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_url_bidi_override_caf839d6.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_url_bidi_override_caf839d6.hurl deleted file mode 100644 index 2112228..0000000 --- a/cases/api_admin_webhooks_post_unicode_fuzzing_url_bidi_override_caf839d6.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [unicode_fuzzing] url bidi_override ── -# case_id=TC-caf839d6 -# case_name=POST /api/admin/webhooks - [unicode_fuzzing] url bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "anyway", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "‮hello" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_url_control_char_c4479bd1.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_url_control_char_c4479bd1.hurl deleted file mode 100644 index 77c794d..0000000 --- a/cases/api_admin_webhooks_post_unicode_fuzzing_url_control_char_c4479bd1.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [unicode_fuzzing] url control_char ── -# case_id=TC-c4479bd1 -# case_name=POST /api/admin/webhooks - [unicode_fuzzing] url control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "anyway", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "hello\u0000world" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_url_overlong_132333e4.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_url_overlong_132333e4.hurl deleted file mode 100644 index 14b68c7..0000000 --- a/cases/api_admin_webhooks_post_unicode_fuzzing_url_overlong_132333e4.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [unicode_fuzzing] url overlong ── -# case_id=TC-132333e4 -# case_name=POST /api/admin/webhooks - [unicode_fuzzing] url overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "anyway", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_url_zalgo_6343c227.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_url_zalgo_6343c227.hurl deleted file mode 100644 index 7274d24..0000000 --- a/cases/api_admin_webhooks_post_unicode_fuzzing_url_zalgo_6343c227.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [unicode_fuzzing] url zalgo ── -# case_id=TC-6343c227 -# case_name=POST /api/admin/webhooks - [unicode_fuzzing] url zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "anyway", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "z̀́̂̃̄̅̆̇a" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_unicode_fuzzing_url_zero_width_d101973c.hurl b/cases/api_admin_webhooks_post_unicode_fuzzing_url_zero_width_d101973c.hurl deleted file mode 100644 index 4d58a9a..0000000 --- a/cases/api_admin_webhooks_post_unicode_fuzzing_url_zero_width_d101973c.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - [unicode_fuzzing] url zero_width ── -# case_id=TC-d101973c -# case_name=POST /api/admin/webhooks - [unicode_fuzzing] url zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "anyway", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "​hello" -} -``` - -HTTP 400 - diff --git a/cases/api_admin_webhooks_post_valid_request_with_all_required_fields_42a4fab4.hurl b/cases/api_admin_webhooks_post_valid_request_with_all_required_fields_42a4fab4.hurl deleted file mode 100644 index 386df28..0000000 --- a/cases/api_admin_webhooks_post_valid_request_with_all_required_fields_42a4fab4.hurl +++ /dev/null @@ -1,36 +0,0 @@ -# ── POST /api/admin/webhooks - valid request with all required fields ── -# case_id=TC-42a4fab4 -# case_name=POST /api/admin/webhooks - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "set" - ], - "name": "Fletcher Mendez", - "providerType": "these", - "teamId": "7b7e7d08-a4c7-4b59-a185-b2a7b8576f2e", - "url": "http://www.nationalcross-platform.org/infomediaries/killer/technologies/frictionless" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.createdBy" exists -jsonpath "$.isActive" exists -jsonpath "$.providerType" exists -jsonpath "$.teamId" exists -jsonpath "$.name" exists -jsonpath "$.url" exists -jsonpath "$.createdAt" exists -jsonpath "$.id" exists -jsonpath "$.events" exists - diff --git a/cases/api_admin_webhooks_post_wrong_content_type_text_plain_7a40055b.hurl b/cases/api_admin_webhooks_post_wrong_content_type_text_plain_7a40055b.hurl deleted file mode 100644 index 5c62e58..0000000 --- a/cases/api_admin_webhooks_post_wrong_content_type_text_plain_7a40055b.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/admin/webhooks - wrong content-type (text/plain) ── -# case_id=TC-7a40055b -# case_name=POST /api/admin/webhooks - wrong content-type (text/plain) -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/admin/webhooks -Content-Type: text/plain -```json -{ - "events": [ - "from" - ], - "name": "Tanner Gardner", - "providerType": "patiently", - "teamId": "19ccbd87-5161-4a81-beda-3e6a1d5aa25e", - "url": "https://www.seniorsynergies.info/one-to-one" -} -``` - -HTTP 415 - diff --git a/cases/api_admin_webhooks_sequence_chain_delete_api_admin_grants_id_8ef3fbbb.hurl b/cases/api_admin_webhooks_sequence_chain_delete_api_admin_grants_id_8ef3fbbb.hurl deleted file mode 100644 index 5e3012f..0000000 --- a/cases/api_admin_webhooks_sequence_chain_delete_api_admin_grants_id_8ef3fbbb.hurl +++ /dev/null @@ -1,48 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/webhooks → DELETE /api/admin/grants/{id} -# case_id=TC-8ef3fbbb -# case_name=sequence chain: /api/admin/webhooks → DELETE /api/admin/grants/{id} -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/webhooks [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/webhooks - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "today" - ], - "name": "Abe Collier", - "providerType": "listen", - "teamId": "7fae1382-a4cd-4c6d-9387-4f7b3c489c4e", - "url": "https://www.staffclicks-and-mortar.biz/monetize/monetize/initiatives" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via DELETE /api/admin/grants/{id} [test] ── -# step_id=step-test -# step_type=test -# title=use via DELETE /api/admin/grants/{id} -# depends_on=step-setup - -DELETE {{base_url}}/api/admin/grants/{{id}} - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_webhooks_sequence_chain_delete_api_admin_users_id_763b85b6.hurl b/cases/api_admin_webhooks_sequence_chain_delete_api_admin_users_id_763b85b6.hurl deleted file mode 100644 index b5bcf8e..0000000 --- a/cases/api_admin_webhooks_sequence_chain_delete_api_admin_users_id_763b85b6.hurl +++ /dev/null @@ -1,48 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/webhooks → DELETE /api/admin/users/{id} -# case_id=TC-763b85b6 -# case_name=sequence chain: /api/admin/webhooks → DELETE /api/admin/users/{id} -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/webhooks [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/webhooks - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "other" - ], - "name": "Payton Yang", - "providerType": "anyone", - "teamId": "e7136d75-172b-46d0-8e7e-838fb2a645b4", - "url": "http://www.investorarchitectures.com/viral/real-time" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via DELETE /api/admin/users/{id} [test] ── -# step_id=step-test -# step_type=test -# title=use via DELETE /api/admin/users/{id} -# depends_on=step-setup - -DELETE {{base_url}}/api/admin/users/{{id}} - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_grants_83289d9f.hurl b/cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_grants_83289d9f.hurl deleted file mode 100644 index 044c166..0000000 --- a/cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_grants_83289d9f.hurl +++ /dev/null @@ -1,48 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/webhooks → GET /api/admin/teams/{id}/grants -# case_id=TC-83289d9f -# case_name=sequence chain: /api/admin/webhooks → GET /api/admin/teams/{id}/grants -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/webhooks [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/webhooks - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "yourself" - ], - "name": "Janis Santos", - "providerType": "owing", - "teamId": "f1f952e5-15e9-4e13-9296-ebf46b9a6f04", - "url": "http://www.corporateproductize.org/vortals" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via GET /api/admin/teams/{id}/grants [test] ── -# step_id=step-test -# step_type=test -# title=use via GET /api/admin/teams/{id}/grants -# depends_on=step-setup - -GET {{base_url}}/api/admin/teams/{{id}}/grants - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_members_969a9fae.hurl b/cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_members_969a9fae.hurl deleted file mode 100644 index ba9fffb..0000000 --- a/cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_members_969a9fae.hurl +++ /dev/null @@ -1,48 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/webhooks → GET /api/admin/teams/{id}/members -# case_id=TC-969a9fae -# case_name=sequence chain: /api/admin/webhooks → GET /api/admin/teams/{id}/members -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/webhooks [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/webhooks - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "another" - ], - "name": "Roxanne Barber", - "providerType": "well", - "teamId": "360fddbd-2bf8-4533-b759-353946ddb3bb", - "url": "https://www.corporateimplement.net/recontextualize/extensible/leading-edge" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via GET /api/admin/teams/{id}/members [test] ── -# step_id=step-test -# step_type=test -# title=use via GET /api/admin/teams/{id}/members -# depends_on=step-setup - -GET {{base_url}}/api/admin/teams/{{id}}/members - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_services_ce956549.hurl b/cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_services_ce956549.hurl deleted file mode 100644 index cb2b4fc..0000000 --- a/cases/api_admin_webhooks_sequence_chain_get_api_admin_teams_id_services_ce956549.hurl +++ /dev/null @@ -1,48 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/webhooks → GET /api/admin/teams/{id}/services -# case_id=TC-ce956549 -# case_name=sequence chain: /api/admin/webhooks → GET /api/admin/teams/{id}/services -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/webhooks [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/webhooks - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "does" - ], - "name": "Joanne Peterson", - "providerType": "extremely", - "teamId": "85472ea1-82f2-4e21-8559-2c86837acb46", - "url": "http://www.nationalroi.io/integrated/integrated/target/action-items" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via GET /api/admin/teams/{id}/services [test] ── -# step_id=step-test -# step_type=test -# title=use via GET /api/admin/teams/{id}/services -# depends_on=step-setup - -GET {{base_url}}/api/admin/teams/{{id}}/services - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_webhooks_sequence_chain_post_api_admin_teams_id_grants_02ba968a.hurl b/cases/api_admin_webhooks_sequence_chain_post_api_admin_teams_id_grants_02ba968a.hurl deleted file mode 100644 index 601d054..0000000 --- a/cases/api_admin_webhooks_sequence_chain_post_api_admin_teams_id_grants_02ba968a.hurl +++ /dev/null @@ -1,60 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/webhooks → POST /api/admin/teams/{id}/grants -# case_id=TC-02ba968a -# case_name=sequence chain: /api/admin/webhooks → POST /api/admin/teams/{id}/grants -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/webhooks [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/webhooks - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "him" - ], - "name": "Cayla Rosenbaum", - "providerType": "ours", - "teamId": "ccd3929e-a106-4df3-8d31-66697e80dbe3", - "url": "https://www.seniore-enable.name/synergies/end-to-end/integrate/e-tailers" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via POST /api/admin/teams/{id}/grants [test] ── -# step_id=step-test -# step_type=test -# title=use via POST /api/admin/teams/{id}/grants -# depends_on=step-setup - -POST {{base_url}}/api/admin/teams/{{id}}/grants -Content-Type: application/json -```json -{ - "branches": [ - "i.e." - ], - "expiresAt": "2011-10-23T02:54:47Z", - "granteeTeamId": "d189b00e-5719-4cc5-b97a-a00f62029da1", - "granteeUserId": "77c00823-081e-4450-9ea4-1bd04aabfdee", - "serviceId": "433f7b49-b2b9-485d-a48e-d48715ed6be5" -} -``` - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_webhooks_sequence_chain_post_api_admin_teams_id_members_393f686a.hurl b/cases/api_admin_webhooks_sequence_chain_post_api_admin_teams_id_members_393f686a.hurl deleted file mode 100644 index 6893191..0000000 --- a/cases/api_admin_webhooks_sequence_chain_post_api_admin_teams_id_members_393f686a.hurl +++ /dev/null @@ -1,55 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/webhooks → POST /api/admin/teams/{id}/members -# case_id=TC-393f686a -# case_name=sequence chain: /api/admin/webhooks → POST /api/admin/teams/{id}/members -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/webhooks [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/webhooks - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "outside" - ], - "name": "Marlene Jacobs", - "providerType": "for", - "teamId": "c8d6d6a7-3cc6-4d33-b8b1-b6c03d928bf7", - "url": "http://www.internalbrand.info/impactful/transform/web-enabled/e-commerce" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via POST /api/admin/teams/{id}/members [test] ── -# step_id=step-test -# step_type=test -# title=use via POST /api/admin/teams/{id}/members -# depends_on=step-setup - -POST {{base_url}}/api/admin/teams/{{id}}/members -Content-Type: application/json -```json -{ - "role": "member", - "userId": "6dc4ae45-29b7-456d-b346-b29b27cb5494" -} -``` - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_webhooks_sequence_chain_put_api_admin_services_serviceid_team_256209eb.hurl b/cases/api_admin_webhooks_sequence_chain_put_api_admin_services_serviceid_team_256209eb.hurl deleted file mode 100644 index d46a7a6..0000000 --- a/cases/api_admin_webhooks_sequence_chain_put_api_admin_services_serviceid_team_256209eb.hurl +++ /dev/null @@ -1,54 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/webhooks → PUT /api/admin/services/{serviceId}/team -# case_id=TC-256209eb -# case_name=sequence chain: /api/admin/webhooks → PUT /api/admin/services/{serviceId}/team -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/webhooks [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/webhooks - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "throughout" - ], - "name": "Pablo Hoffman", - "providerType": "barely", - "teamId": "cc3b8d87-6c30-464d-a451-ec70a317a56a", - "url": "http://www.futuresynergize.org/evolve" -} -``` - -HTTP * - -[Captures] -serviceId: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via PUT /api/admin/services/{serviceId}/team [test] ── -# step_id=step-test -# step_type=test -# title=use via PUT /api/admin/services/{serviceId}/team -# depends_on=step-setup - -PUT {{base_url}}/api/admin/services/{{serviceId}}/team -Content-Type: application/json -```json -{ - "teamId": "fbaecfc9-d46e-4518-8fc8-3534e881b114" -} -``` - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_admin_webhooks_sequence_chain_put_api_admin_users_id_88a6983e.hurl b/cases/api_admin_webhooks_sequence_chain_put_api_admin_users_id_88a6983e.hurl deleted file mode 100644 index fc187a0..0000000 --- a/cases/api_admin_webhooks_sequence_chain_put_api_admin_users_id_88a6983e.hurl +++ /dev/null @@ -1,55 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/admin/webhooks → PUT /api/admin/users/{id} -# case_id=TC-88a6983e -# case_name=sequence chain: /api/admin/webhooks → PUT /api/admin/users/{id} -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/admin/webhooks [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/admin/webhooks - -POST {{base_url}}/api/admin/webhooks -Content-Type: application/json -```json -{ - "events": [ - "only" - ], - "name": "Dawson Matthews", - "providerType": "that", - "teamId": "7c2b8aba-98b4-477e-b7fe-f53f6306f514", - "url": "http://www.financecultivate.com/envisioneer/enable/synergies/strategize" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via PUT /api/admin/users/{id} [test] ── -# step_id=step-test -# step_type=test -# title=use via PUT /api/admin/users/{id} -# depends_on=step-setup - -PUT {{base_url}}/api/admin/users/{{id}} -Content-Type: application/json -```json -{ - "isActive": false, - "role": "super_admin" -} -``` - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_catalog_get_auth_chain_bde6cda3.hurl b/cases/api_catalog_get_auth_chain_bde6cda3.hurl deleted file mode 100644 index fe3c73d..0000000 --- a/cases/api_catalog_get_auth_chain_bde6cda3.hurl +++ /dev/null @@ -1,44 +0,0 @@ -# ══════════════════════════════════════════════════ -# auth chain: GET /api/catalog -# case_id=TC-bde6cda3 -# case_name=auth chain: GET /api/catalog -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── authenticate via POST /api/tokens [setup] ── -# step_id=step-auth -# step_type=setup -# title=authenticate via POST /api/tokens - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Jakob Jensen", - "scope": "write" -} -``` - -HTTP * - -[Captures] -authToken: jsonpath "$.token" - -[Asserts] -status < 300 - -# ── GET /api/catalog with auth token [test] ── -# step_id=step-test -# step_type=test -# title=GET /api/catalog with auth token -# depends_on=step-auth - -GET {{base_url}}/api/catalog -Authorization: Bearer {{authToken}} - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_catalog_get_owasp_api2_broken_authentication_e1fa3406.hurl b/cases/api_catalog_get_owasp_api2_broken_authentication_e1fa3406.hurl deleted file mode 100644 index 7f98cd6..0000000 --- a/cases/api_catalog_get_owasp_api2_broken_authentication_e1fa3406.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] GET /api/catalog — broken authentication ── -# case_id=TC-e1fa3406 -# case_name=[OWASP-API2] GET /api/catalog — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/catalog - -HTTP 401 - diff --git a/cases/api_catalog_get_valid_request_with_all_required_fields_c9b53fc1.hurl b/cases/api_catalog_get_valid_request_with_all_required_fields_c9b53fc1.hurl deleted file mode 100644 index 2956055..0000000 --- a/cases/api_catalog_get_valid_request_with_all_required_fields_c9b53fc1.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── GET /api/catalog - valid request with all required fields ── -# case_id=TC-c9b53fc1 -# case_name=GET /api/catalog - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -GET {{base_url}}/api/catalog - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.services" exists - diff --git a/cases/api_catalog_options_owasp_api8_cors_security_configuration_e3ff3623.hurl b/cases/api_catalog_options_owasp_api8_cors_security_configuration_e3ff3623.hurl deleted file mode 100644 index d359a57..0000000 --- a/cases/api_catalog_options_owasp_api8_cors_security_configuration_e3ff3623.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/catalog — CORS security configuration ── -# case_id=TC-e3ff3623 -# case_name=[OWASP-API8] OPTIONS /api/catalog — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/catalog -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_catalog_serviceid_delete_idempotent_second_call_must_be_safe_84233d9e.hurl b/cases/api_catalog_serviceid_delete_idempotent_second_call_must_be_safe_84233d9e.hurl deleted file mode 100644 index 81b936c..0000000 --- a/cases/api_catalog_serviceid_delete_idempotent_second_call_must_be_safe_84233d9e.hurl +++ /dev/null @@ -1,33 +0,0 @@ -# ══════════════════════════════════════════════════ -# DELETE /api/catalog/:serviceId - idempotent: second call must be safe -# case_id=TC-84233d9e -# case_name=DELETE /api/catalog/:serviceId - idempotent: second call must be safe -# case_kind=chain -# priority=P2 -# ══════════════════════════════════════════════════ - -# ── DELETE /api/catalog/:serviceId — first call [setup] ── -# step_id=step-setup -# step_type=setup -# title=DELETE /api/catalog/:serviceId — first call - -DELETE {{base_url}}/api/catalog/:serviceId - -HTTP 200 - -[Asserts] -duration < 2000 - -# ── DELETE /api/catalog/:serviceId — identical second call must be safe [test] ── -# step_id=step-test -# step_type=test -# title=DELETE /api/catalog/:serviceId — identical second call must be safe -# depends_on=step-setup - -DELETE {{base_url}}/api/catalog/:serviceId - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_catalog_serviceid_delete_idor_serviceid_00000000_0000_0000_0000_000000000000_c4621de0.hurl b/cases/api_catalog_serviceid_delete_idor_serviceid_00000000_0000_0000_0000_000000000000_c4621de0.hurl deleted file mode 100644 index f75a766..0000000 --- a/cases/api_catalog_serviceid_delete_idor_serviceid_00000000_0000_0000_0000_000000000000_c4621de0.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── DELETE /api/catalog/:serviceId - IDOR serviceId=00000000-0000-0000-0000-000000000000 (nil_uuid) ── -# case_id=TC-c4621de0 -# case_name=DELETE /api/catalog/:serviceId - IDOR serviceId=00000000-0000-0000-0000-000000000000 (nil_uuid) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -DELETE {{base_url}}/api/catalog/:serviceId - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_catalog_serviceid_delete_idor_serviceid_00000000_0000_0000_0000_000000000001_e72a9984.hurl b/cases/api_catalog_serviceid_delete_idor_serviceid_00000000_0000_0000_0000_000000000001_e72a9984.hurl deleted file mode 100644 index 6f652a8..0000000 --- a/cases/api_catalog_serviceid_delete_idor_serviceid_00000000_0000_0000_0000_000000000001_e72a9984.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── DELETE /api/catalog/:serviceId - IDOR serviceId=00000000-0000-0000-0000-000000000001 (alt_uuid) ── -# case_id=TC-e72a9984 -# case_name=DELETE /api/catalog/:serviceId - IDOR serviceId=00000000-0000-0000-0000-000000000001 (alt_uuid) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -DELETE {{base_url}}/api/catalog/:serviceId - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_catalog_serviceid_delete_missing_required_param_serviceid_3209e4f6.hurl b/cases/api_catalog_serviceid_delete_missing_required_param_serviceid_3209e4f6.hurl deleted file mode 100644 index e694ee2..0000000 --- a/cases/api_catalog_serviceid_delete_missing_required_param_serviceid_3209e4f6.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── DELETE /api/catalog/:serviceId - missing required param "serviceId" ── -# case_id=TC-3209e4f6 -# case_name=DELETE /api/catalog/:serviceId - missing required param "serviceId" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -DELETE {{base_url}}/api/catalog/:serviceId - -HTTP 422 - diff --git a/cases/api_catalog_serviceid_delete_owasp_api2_broken_authentication_be467598.hurl b/cases/api_catalog_serviceid_delete_owasp_api2_broken_authentication_be467598.hurl deleted file mode 100644 index 14b97b0..0000000 --- a/cases/api_catalog_serviceid_delete_owasp_api2_broken_authentication_be467598.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] DELETE /api/catalog/:serviceId — broken authentication ── -# case_id=TC-be467598 -# case_name=[OWASP-API2] DELETE /api/catalog/:serviceId — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/catalog/:serviceId - -HTTP 401 - diff --git a/cases/api_catalog_serviceid_delete_owasp_api5_function_level_authorization_missing_c88f572b.hurl b/cases/api_catalog_serviceid_delete_owasp_api5_function_level_authorization_missing_c88f572b.hurl deleted file mode 100644 index 492d579..0000000 --- a/cases/api_catalog_serviceid_delete_owasp_api5_function_level_authorization_missing_c88f572b.hurl +++ /dev/null @@ -1,13 +0,0 @@ -# ── [OWASP-API5] DELETE /api/catalog/:serviceId — function-level authorization missing ── -# case_id=TC-c88f572b -# case_name=[OWASP-API5] DELETE /api/catalog/:serviceId — function-level authorization missing -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -DELETE {{base_url}}/api/catalog/:serviceId -Authorization: Bearer {{user_token}} - -HTTP 403 - diff --git a/cases/api_catalog_serviceid_delete_owasp_api7_injection_path_traversal_c37e4439.hurl b/cases/api_catalog_serviceid_delete_owasp_api7_injection_path_traversal_c37e4439.hurl deleted file mode 100644 index 607c9ae..0000000 --- a/cases/api_catalog_serviceid_delete_owasp_api7_injection_path_traversal_c37e4439.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] DELETE /api/catalog/:serviceId — injection (path-traversal) ── -# case_id=TC-c37e4439 -# case_name=[OWASP-API7] DELETE /api/catalog/:serviceId — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/catalog/:serviceId -```json -null -``` - -HTTP 400 - diff --git a/cases/api_catalog_serviceid_delete_owasp_api7_injection_sqli_d27beca6.hurl b/cases/api_catalog_serviceid_delete_owasp_api7_injection_sqli_d27beca6.hurl deleted file mode 100644 index f1398f3..0000000 --- a/cases/api_catalog_serviceid_delete_owasp_api7_injection_sqli_d27beca6.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] DELETE /api/catalog/:serviceId — injection (sqli) ── -# case_id=TC-d27beca6 -# case_name=[OWASP-API7] DELETE /api/catalog/:serviceId — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/catalog/:serviceId -```json -null -``` - -HTTP 400 - diff --git a/cases/api_catalog_serviceid_delete_owasp_api7_injection_xss_bfdae539.hurl b/cases/api_catalog_serviceid_delete_owasp_api7_injection_xss_bfdae539.hurl deleted file mode 100644 index 2478cdc..0000000 --- a/cases/api_catalog_serviceid_delete_owasp_api7_injection_xss_bfdae539.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] DELETE /api/catalog/:serviceId — injection (xss) ── -# case_id=TC-bfdae539 -# case_name=[OWASP-API7] DELETE /api/catalog/:serviceId — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/catalog/:serviceId -```json -null -``` - -HTTP 400 - diff --git a/cases/api_catalog_serviceid_delete_valid_request_with_all_required_fields_b2745533.hurl b/cases/api_catalog_serviceid_delete_valid_request_with_all_required_fields_b2745533.hurl deleted file mode 100644 index 0cf2ea7..0000000 --- a/cases/api_catalog_serviceid_delete_valid_request_with_all_required_fields_b2745533.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── DELETE /api/catalog/:serviceId - valid request with all required fields ── -# case_id=TC-b2745533 -# case_name=DELETE /api/catalog/:serviceId - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -DELETE {{base_url}}/api/catalog/:serviceId - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.ok" exists - diff --git a/cases/api_catalog_serviceid_options_owasp_api8_cors_security_configuration_dc211e18.hurl b/cases/api_catalog_serviceid_options_owasp_api8_cors_security_configuration_dc211e18.hurl deleted file mode 100644 index 26f844d..0000000 --- a/cases/api_catalog_serviceid_options_owasp_api8_cors_security_configuration_dc211e18.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/catalog/:serviceId — CORS security configuration ── -# case_id=TC-dc211e18 -# case_name=[OWASP-API8] OPTIONS /api/catalog/:serviceId — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/catalog/:serviceId -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_diff_get_auth_chain_6af54553.hurl b/cases/api_diff_get_auth_chain_6af54553.hurl deleted file mode 100644 index 60a48b4..0000000 --- a/cases/api_diff_get_auth_chain_6af54553.hurl +++ /dev/null @@ -1,44 +0,0 @@ -# ══════════════════════════════════════════════════ -# auth chain: GET /api/diff -# case_id=TC-6af54553 -# case_name=auth chain: GET /api/diff -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── authenticate via POST /api/tokens [setup] ── -# step_id=step-auth -# step_type=setup -# title=authenticate via POST /api/tokens - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Jakob Jensen", - "scope": "write" -} -``` - -HTTP * - -[Captures] -authToken: jsonpath "$.token" - -[Asserts] -status < 300 - -# ── GET /api/diff with auth token [test] ──── -# step_id=step-test -# step_type=test -# title=GET /api/diff with auth token -# depends_on=step-auth - -GET {{base_url}}/api/diff -Authorization: Bearer {{authToken}} - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_diff_get_missing_required_param_from_436315da.hurl b/cases/api_diff_get_missing_required_param_from_436315da.hurl deleted file mode 100644 index 921d56e..0000000 --- a/cases/api_diff_get_missing_required_param_from_436315da.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── GET /api/diff - missing required param "from" ── -# case_id=TC-436315da -# case_name=GET /api/diff - missing required param "from" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -GET {{base_url}}/api/diff?to=valid - -HTTP 422 - diff --git a/cases/api_diff_get_missing_required_param_to_592a212d.hurl b/cases/api_diff_get_missing_required_param_to_592a212d.hurl deleted file mode 100644 index 7f7f1c6..0000000 --- a/cases/api_diff_get_missing_required_param_to_592a212d.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── GET /api/diff - missing required param "to" ── -# case_id=TC-592a212d -# case_name=GET /api/diff - missing required param "to" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -GET {{base_url}}/api/diff?from=valid - -HTTP 422 - diff --git a/cases/api_diff_get_owasp_api2_broken_authentication_f6e6d81e.hurl b/cases/api_diff_get_owasp_api2_broken_authentication_f6e6d81e.hurl deleted file mode 100644 index f5a8f39..0000000 --- a/cases/api_diff_get_owasp_api2_broken_authentication_f6e6d81e.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] GET /api/diff — broken authentication ── -# case_id=TC-f6e6d81e -# case_name=[OWASP-API2] GET /api/diff — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/diff - -HTTP 401 - diff --git a/cases/api_diff_get_owasp_api7_injection_path_traversal_d2e88748.hurl b/cases/api_diff_get_owasp_api7_injection_path_traversal_d2e88748.hurl deleted file mode 100644 index f738676..0000000 --- a/cases/api_diff_get_owasp_api7_injection_path_traversal_d2e88748.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/diff — injection (path-traversal) ── -# case_id=TC-d2e88748 -# case_name=[OWASP-API7] GET /api/diff — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/diff?from=..%2F..%2F..%2Fetc%2Fpasswd -```json -null -``` - -HTTP 400 - diff --git a/cases/api_diff_get_owasp_api7_injection_sqli_2add12cf.hurl b/cases/api_diff_get_owasp_api7_injection_sqli_2add12cf.hurl deleted file mode 100644 index 0c431a9..0000000 --- a/cases/api_diff_get_owasp_api7_injection_sqli_2add12cf.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/diff — injection (sqli) ── -# case_id=TC-2add12cf -# case_name=[OWASP-API7] GET /api/diff — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/diff?from=%27+OR+1%3D1-- -```json -null -``` - -HTTP 400 - diff --git a/cases/api_diff_get_owasp_api7_injection_xss_1fb05370.hurl b/cases/api_diff_get_owasp_api7_injection_xss_1fb05370.hurl deleted file mode 100644 index daf69d4..0000000 --- a/cases/api_diff_get_owasp_api7_injection_xss_1fb05370.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/diff — injection (xss) ── -# case_id=TC-1fb05370 -# case_name=[OWASP-API7] GET /api/diff — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/diff?from=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E -```json -null -``` - -HTTP 400 - diff --git a/cases/api_diff_get_valid_request_with_all_required_fields_f98b2b82.hurl b/cases/api_diff_get_valid_request_with_all_required_fields_f98b2b82.hurl deleted file mode 100644 index 40863bb..0000000 --- a/cases/api_diff_get_valid_request_with_all_required_fields_f98b2b82.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── GET /api/diff - valid request with all required fields ── -# case_id=TC-f98b2b82 -# case_name=GET /api/diff - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -GET {{base_url}}/api/diff - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.added" exists -jsonpath "$.modified" exists -jsonpath "$.removed" exists - diff --git a/cases/api_diff_options_owasp_api8_cors_security_configuration_95a63795.hurl b/cases/api_diff_options_owasp_api8_cors_security_configuration_95a63795.hurl deleted file mode 100644 index cc65940..0000000 --- a/cases/api_diff_options_owasp_api8_cors_security_configuration_95a63795.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/diff — CORS security configuration ── -# case_id=TC-95a63795 -# case_name=[OWASP-API8] OPTIONS /api/diff — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/diff -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_me_get_auth_chain_646f48bb.hurl b/cases/api_me_get_auth_chain_646f48bb.hurl deleted file mode 100644 index ba5837e..0000000 --- a/cases/api_me_get_auth_chain_646f48bb.hurl +++ /dev/null @@ -1,44 +0,0 @@ -# ══════════════════════════════════════════════════ -# auth chain: GET /api/me -# case_id=TC-646f48bb -# case_name=auth chain: GET /api/me -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── authenticate via POST /api/tokens [setup] ── -# step_id=step-auth -# step_type=setup -# title=authenticate via POST /api/tokens - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Jakob Jensen", - "scope": "write" -} -``` - -HTTP * - -[Captures] -authToken: jsonpath "$.token" - -[Asserts] -status < 300 - -# ── GET /api/me with auth token [test] ────── -# step_id=step-test -# step_type=test -# title=GET /api/me with auth token -# depends_on=step-auth - -GET {{base_url}}/api/me -Authorization: Bearer {{authToken}} - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_me_get_owasp_api2_broken_authentication_16f4aef5.hurl b/cases/api_me_get_owasp_api2_broken_authentication_16f4aef5.hurl deleted file mode 100644 index 3174737..0000000 --- a/cases/api_me_get_owasp_api2_broken_authentication_16f4aef5.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] GET /api/me — broken authentication ── -# case_id=TC-16f4aef5 -# case_name=[OWASP-API2] GET /api/me — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/me - -HTTP 401 - diff --git a/cases/api_me_get_valid_request_with_all_required_fields_cb06322f.hurl b/cases/api_me_get_valid_request_with_all_required_fields_cb06322f.hurl deleted file mode 100644 index 58cfbaf..0000000 --- a/cases/api_me_get_valid_request_with_all_required_fields_cb06322f.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── GET /api/me - valid request with all required fields ── -# case_id=TC-cb06322f -# case_name=GET /api/me - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -GET {{base_url}}/api/me - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.id" exists -jsonpath "$.role" exists -jsonpath "$.teams" exists -jsonpath "$.email" exists - diff --git a/cases/api_me_options_owasp_api8_cors_security_configuration_8d947b43.hurl b/cases/api_me_options_owasp_api8_cors_security_configuration_8d947b43.hurl deleted file mode 100644 index 0f81b51..0000000 --- a/cases/api_me_options_owasp_api8_cors_security_configuration_8d947b43.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/me — CORS security configuration ── -# case_id=TC-8d947b43 -# case_name=[OWASP-API8] OPTIONS /api/me — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/me -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_search_get_auth_chain_e66b7d53.hurl b/cases/api_search_get_auth_chain_e66b7d53.hurl deleted file mode 100644 index 27b9a72..0000000 --- a/cases/api_search_get_auth_chain_e66b7d53.hurl +++ /dev/null @@ -1,44 +0,0 @@ -# ══════════════════════════════════════════════════ -# auth chain: GET /api/search -# case_id=TC-e66b7d53 -# case_name=auth chain: GET /api/search -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── authenticate via POST /api/tokens [setup] ── -# step_id=step-auth -# step_type=setup -# title=authenticate via POST /api/tokens - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Jakob Jensen", - "scope": "write" -} -``` - -HTTP * - -[Captures] -authToken: jsonpath "$.token" - -[Asserts] -status < 300 - -# ── GET /api/search with auth token [test] ── -# step_id=step-test -# step_type=test -# title=GET /api/search with auth token -# depends_on=step-auth - -GET {{base_url}}/api/search -Authorization: Bearer {{authToken}} - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_search_get_missing_required_param_q_128363b8.hurl b/cases/api_search_get_missing_required_param_q_128363b8.hurl deleted file mode 100644 index 98e9d39..0000000 --- a/cases/api_search_get_missing_required_param_q_128363b8.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── GET /api/search - missing required param "q" ── -# case_id=TC-128363b8 -# case_name=GET /api/search - missing required param "q" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -GET {{base_url}}/api/search?branch=valid&service=valid - -HTTP 422 - diff --git a/cases/api_search_get_owasp_api2_broken_authentication_6e192176.hurl b/cases/api_search_get_owasp_api2_broken_authentication_6e192176.hurl deleted file mode 100644 index 1dac706..0000000 --- a/cases/api_search_get_owasp_api2_broken_authentication_6e192176.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] GET /api/search — broken authentication ── -# case_id=TC-6e192176 -# case_name=[OWASP-API2] GET /api/search — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/search - -HTTP 401 - diff --git a/cases/api_search_get_owasp_api7_injection_path_traversal_30f18b95.hurl b/cases/api_search_get_owasp_api7_injection_path_traversal_30f18b95.hurl deleted file mode 100644 index f3ea9c4..0000000 --- a/cases/api_search_get_owasp_api7_injection_path_traversal_30f18b95.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/search — injection (path-traversal) ── -# case_id=TC-30f18b95 -# case_name=[OWASP-API7] GET /api/search — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/search?q=..%2F..%2F..%2Fetc%2Fpasswd -```json -null -``` - -HTTP 400 - diff --git a/cases/api_search_get_owasp_api7_injection_sqli_b0d05c32.hurl b/cases/api_search_get_owasp_api7_injection_sqli_b0d05c32.hurl deleted file mode 100644 index 7c43088..0000000 --- a/cases/api_search_get_owasp_api7_injection_sqli_b0d05c32.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/search — injection (sqli) ── -# case_id=TC-b0d05c32 -# case_name=[OWASP-API7] GET /api/search — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/search?q=%27+OR+1%3D1-- -```json -null -``` - -HTTP 400 - diff --git a/cases/api_search_get_owasp_api7_injection_xss_b1a5ce9b.hurl b/cases/api_search_get_owasp_api7_injection_xss_b1a5ce9b.hurl deleted file mode 100644 index 72e0fc6..0000000 --- a/cases/api_search_get_owasp_api7_injection_xss_b1a5ce9b.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/search — injection (xss) ── -# case_id=TC-b1a5ce9b -# case_name=[OWASP-API7] GET /api/search — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/search?q=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E -```json -null -``` - -HTTP 400 - diff --git a/cases/api_search_get_valid_request_with_all_required_fields_65fdbcb4.hurl b/cases/api_search_get_valid_request_with_all_required_fields_65fdbcb4.hurl deleted file mode 100644 index 7c57ec2..0000000 --- a/cases/api_search_get_valid_request_with_all_required_fields_65fdbcb4.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── GET /api/search - valid request with all required fields ── -# case_id=TC-65fdbcb4 -# case_name=GET /api/search - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -GET {{base_url}}/api/search - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.results" exists - diff --git a/cases/api_search_options_owasp_api8_cors_security_configuration_e799f553.hurl b/cases/api_search_options_owasp_api8_cors_security_configuration_e799f553.hurl deleted file mode 100644 index 6ed996c..0000000 --- a/cases/api_search_options_owasp_api8_cors_security_configuration_e799f553.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/search — CORS security configuration ── -# case_id=TC-e799f553 -# case_name=[OWASP-API8] OPTIONS /api/search — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/search -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_specs_service_branch_openapi_json_get_missing_required_param_branch_dd4faa6a.hurl b/cases/api_specs_service_branch_openapi_json_get_missing_required_param_branch_dd4faa6a.hurl deleted file mode 100644 index dee7235..0000000 --- a/cases/api_specs_service_branch_openapi_json_get_missing_required_param_branch_dd4faa6a.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── GET /api/specs/{service}/{branch}/openapi.json - missing required param "branch" ── -# case_id=TC-dd4faa6a -# case_name=GET /api/specs/{service}/{branch}/openapi.json - missing required param "branch" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -GET {{base_url}}/api/specs/1/1/openapi.json - -HTTP 422 - diff --git a/cases/api_specs_service_branch_openapi_json_get_missing_required_param_service_14b52fbb.hurl b/cases/api_specs_service_branch_openapi_json_get_missing_required_param_service_14b52fbb.hurl deleted file mode 100644 index f3f6cfb..0000000 --- a/cases/api_specs_service_branch_openapi_json_get_missing_required_param_service_14b52fbb.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── GET /api/specs/{service}/{branch}/openapi.json - missing required param "service" ── -# case_id=TC-14b52fbb -# case_name=GET /api/specs/{service}/{branch}/openapi.json - missing required param "service" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -GET {{base_url}}/api/specs/1/1/openapi.json - -HTTP 422 - diff --git a/cases/api_specs_service_branch_openapi_json_get_owasp_api2_broken_authentication_5b840153.hurl b/cases/api_specs_service_branch_openapi_json_get_owasp_api2_broken_authentication_5b840153.hurl deleted file mode 100644 index ceb8c5f..0000000 --- a/cases/api_specs_service_branch_openapi_json_get_owasp_api2_broken_authentication_5b840153.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] GET /api/specs/{service}/{branch}/openapi.json — broken authentication ── -# case_id=TC-5b840153 -# case_name=[OWASP-API2] GET /api/specs/{service}/{branch}/openapi.json — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/specs/{service}/{branch}/openapi.json - -HTTP 401 - diff --git a/cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_path_traversal_217a31ae.hurl b/cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_path_traversal_217a31ae.hurl deleted file mode 100644 index 5a31a15..0000000 --- a/cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_path_traversal_217a31ae.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/specs/{service}/{branch}/openapi.json — injection (path-traversal) ── -# case_id=TC-217a31ae -# case_name=[OWASP-API7] GET /api/specs/{service}/{branch}/openapi.json — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/specs/..%2F..%2F..%2Fetc%2Fpasswd/{branch}/openapi.json -```json -null -``` - -HTTP 400 - diff --git a/cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_sqli_3e62652b.hurl b/cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_sqli_3e62652b.hurl deleted file mode 100644 index 4d86ac2..0000000 --- a/cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_sqli_3e62652b.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/specs/{service}/{branch}/openapi.json — injection (sqli) ── -# case_id=TC-3e62652b -# case_name=[OWASP-API7] GET /api/specs/{service}/{branch}/openapi.json — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/specs/%27%20OR%201=1--/{branch}/openapi.json -```json -null -``` - -HTTP 400 - diff --git a/cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_xss_69cf35a6.hurl b/cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_xss_69cf35a6.hurl deleted file mode 100644 index 8e8f208..0000000 --- a/cases/api_specs_service_branch_openapi_json_get_owasp_api7_injection_xss_69cf35a6.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/specs/{service}/{branch}/openapi.json — injection (xss) ── -# case_id=TC-69cf35a6 -# case_name=[OWASP-API7] GET /api/specs/{service}/{branch}/openapi.json — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/specs/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/{branch}/openapi.json -```json -null -``` - -HTTP 400 - diff --git a/cases/api_specs_service_branch_openapi_json_get_valid_request_with_all_required_fields_e159fefe.hurl b/cases/api_specs_service_branch_openapi_json_get_valid_request_with_all_required_fields_e159fefe.hurl deleted file mode 100644 index a2d194b..0000000 --- a/cases/api_specs_service_branch_openapi_json_get_valid_request_with_all_required_fields_e159fefe.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── GET /api/specs/{service}/{branch}/openapi.json - valid request with all required fields ── -# case_id=TC-e159fefe -# case_name=GET /api/specs/{service}/{branch}/openapi.json - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -GET {{base_url}}/api/specs/{service}/{branch}/openapi.json - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_specs_service_branch_openapi_json_options_owasp_api8_cors_security_configura_ecd6daec.hurl b/cases/api_specs_service_branch_openapi_json_options_owasp_api8_cors_security_configura_ecd6daec.hurl deleted file mode 100644 index fd54aed..0000000 --- a/cases/api_specs_service_branch_openapi_json_options_owasp_api8_cors_security_configura_ecd6daec.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/specs/{service}/{branch}/openapi.json — CORS security configuration ── -# case_id=TC-ecd6daec -# case_name=[OWASP-API8] OPTIONS /api/specs/{service}/{branch}/openapi.json — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/specs/{service}/{branch}/openapi.json -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_specs_service_versions_get_missing_required_param_branch_e71dd727.hurl b/cases/api_specs_service_versions_get_missing_required_param_branch_e71dd727.hurl deleted file mode 100644 index 3b04163..0000000 --- a/cases/api_specs_service_versions_get_missing_required_param_branch_e71dd727.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── GET /api/specs/:service/versions - missing required param "branch" ── -# case_id=TC-e71dd727 -# case_name=GET /api/specs/:service/versions - missing required param "branch" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -GET {{base_url}}/api/specs/:service/versions - -HTTP 422 - diff --git a/cases/api_specs_service_versions_get_missing_required_param_service_95c1cee7.hurl b/cases/api_specs_service_versions_get_missing_required_param_service_95c1cee7.hurl deleted file mode 100644 index 31c1dc2..0000000 --- a/cases/api_specs_service_versions_get_missing_required_param_service_95c1cee7.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── GET /api/specs/:service/versions - missing required param "service" ── -# case_id=TC-95c1cee7 -# case_name=GET /api/specs/:service/versions - missing required param "service" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -GET {{base_url}}/api/specs/:service/versions?branch=valid - -HTTP 422 - diff --git a/cases/api_specs_service_versions_get_owasp_api2_broken_authentication_9b5eb037.hurl b/cases/api_specs_service_versions_get_owasp_api2_broken_authentication_9b5eb037.hurl deleted file mode 100644 index 90ae3c5..0000000 --- a/cases/api_specs_service_versions_get_owasp_api2_broken_authentication_9b5eb037.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] GET /api/specs/:service/versions — broken authentication ── -# case_id=TC-9b5eb037 -# case_name=[OWASP-API2] GET /api/specs/:service/versions — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/specs/:service/versions - -HTTP 401 - diff --git a/cases/api_specs_service_versions_get_owasp_api7_injection_path_traversal_106c80c0.hurl b/cases/api_specs_service_versions_get_owasp_api7_injection_path_traversal_106c80c0.hurl deleted file mode 100644 index b58757b..0000000 --- a/cases/api_specs_service_versions_get_owasp_api7_injection_path_traversal_106c80c0.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/specs/:service/versions — injection (path-traversal) ── -# case_id=TC-106c80c0 -# case_name=[OWASP-API7] GET /api/specs/:service/versions — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/specs/:service/versions -```json -null -``` - -HTTP 400 - diff --git a/cases/api_specs_service_versions_get_owasp_api7_injection_sqli_ffc707f5.hurl b/cases/api_specs_service_versions_get_owasp_api7_injection_sqli_ffc707f5.hurl deleted file mode 100644 index dd4c0e6..0000000 --- a/cases/api_specs_service_versions_get_owasp_api7_injection_sqli_ffc707f5.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/specs/:service/versions — injection (sqli) ── -# case_id=TC-ffc707f5 -# case_name=[OWASP-API7] GET /api/specs/:service/versions — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/specs/:service/versions -```json -null -``` - -HTTP 400 - diff --git a/cases/api_specs_service_versions_get_owasp_api7_injection_xss_cf42e9f4.hurl b/cases/api_specs_service_versions_get_owasp_api7_injection_xss_cf42e9f4.hurl deleted file mode 100644 index a2c685d..0000000 --- a/cases/api_specs_service_versions_get_owasp_api7_injection_xss_cf42e9f4.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] GET /api/specs/:service/versions — injection (xss) ── -# case_id=TC-cf42e9f4 -# case_name=[OWASP-API7] GET /api/specs/:service/versions — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/specs/:service/versions -```json -null -``` - -HTTP 400 - diff --git a/cases/api_specs_service_versions_get_valid_request_with_all_required_fields_f8bdece6.hurl b/cases/api_specs_service_versions_get_valid_request_with_all_required_fields_f8bdece6.hurl deleted file mode 100644 index e11de6c..0000000 --- a/cases/api_specs_service_versions_get_valid_request_with_all_required_fields_f8bdece6.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── GET /api/specs/:service/versions - valid request with all required fields ── -# case_id=TC-f8bdece6 -# case_name=GET /api/specs/:service/versions - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -GET {{base_url}}/api/specs/:service/versions - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.versions" exists - diff --git a/cases/api_specs_service_versions_options_owasp_api8_cors_security_configuration_d622eda3.hurl b/cases/api_specs_service_versions_options_owasp_api8_cors_security_configuration_d622eda3.hurl deleted file mode 100644 index 8c16444..0000000 --- a/cases/api_specs_service_versions_options_owasp_api8_cors_security_configuration_d622eda3.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/specs/:service/versions — CORS security configuration ── -# case_id=TC-d622eda3 -# case_name=[OWASP-API8] OPTIONS /api/specs/:service/versions — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/specs/:service/versions -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_tokens_get_auth_chain_9d529cfb.hurl b/cases/api_tokens_get_auth_chain_9d529cfb.hurl deleted file mode 100644 index e460156..0000000 --- a/cases/api_tokens_get_auth_chain_9d529cfb.hurl +++ /dev/null @@ -1,44 +0,0 @@ -# ══════════════════════════════════════════════════ -# auth chain: GET /api/tokens -# case_id=TC-9d529cfb -# case_name=auth chain: GET /api/tokens -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── authenticate via POST /api/tokens [setup] ── -# step_id=step-auth -# step_type=setup -# title=authenticate via POST /api/tokens - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Jakob Jensen", - "scope": "write" -} -``` - -HTTP * - -[Captures] -authToken: jsonpath "$.token" - -[Asserts] -status < 300 - -# ── GET /api/tokens with auth token [test] ── -# step_id=step-test -# step_type=test -# title=GET /api/tokens with auth token -# depends_on=step-auth - -GET {{base_url}}/api/tokens -Authorization: Bearer {{authToken}} - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_tokens_get_owasp_api2_broken_authentication_dcecca87.hurl b/cases/api_tokens_get_owasp_api2_broken_authentication_dcecca87.hurl deleted file mode 100644 index f56feab..0000000 --- a/cases/api_tokens_get_owasp_api2_broken_authentication_dcecca87.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] GET /api/tokens — broken authentication ── -# case_id=TC-dcecca87 -# case_name=[OWASP-API2] GET /api/tokens — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -GET {{base_url}}/api/tokens - -HTTP 401 - diff --git a/cases/api_tokens_get_valid_request_with_all_required_fields_abcd14ab.hurl b/cases/api_tokens_get_valid_request_with_all_required_fields_abcd14ab.hurl deleted file mode 100644 index 972521c..0000000 --- a/cases/api_tokens_get_valid_request_with_all_required_fields_abcd14ab.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── GET /api/tokens - valid request with all required fields ── -# case_id=TC-abcd14ab -# case_name=GET /api/tokens - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -GET {{base_url}}/api/tokens - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.tokens" exists - diff --git a/cases/api_tokens_id_delete_idempotent_second_call_must_be_safe_ea338ec1.hurl b/cases/api_tokens_id_delete_idempotent_second_call_must_be_safe_ea338ec1.hurl deleted file mode 100644 index bf3a498..0000000 --- a/cases/api_tokens_id_delete_idempotent_second_call_must_be_safe_ea338ec1.hurl +++ /dev/null @@ -1,33 +0,0 @@ -# ══════════════════════════════════════════════════ -# DELETE /api/tokens/{id} - idempotent: second call must be safe -# case_id=TC-ea338ec1 -# case_name=DELETE /api/tokens/{id} - idempotent: second call must be safe -# case_kind=chain -# priority=P2 -# ══════════════════════════════════════════════════ - -# ── DELETE /api/tokens/{id} — first call [setup] ── -# step_id=step-setup -# step_type=setup -# title=DELETE /api/tokens/{id} — first call - -DELETE {{base_url}}/api/tokens/{id} - -HTTP 200 - -[Asserts] -duration < 2000 - -# ── DELETE /api/tokens/{id} — identical second call must be safe [test] ── -# step_id=step-test -# step_type=test -# title=DELETE /api/tokens/{id} — identical second call must be safe -# depends_on=step-setup - -DELETE {{base_url}}/api/tokens/{id} - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_tokens_id_delete_idor_id_0_zero_id_d0e0481e.hurl b/cases/api_tokens_id_delete_idor_id_0_zero_id_d0e0481e.hurl deleted file mode 100644 index 41bde10..0000000 --- a/cases/api_tokens_id_delete_idor_id_0_zero_id_d0e0481e.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── DELETE /api/tokens/{id} - IDOR id=0 (zero_id) ── -# case_id=TC-d0e0481e -# case_name=DELETE /api/tokens/{id} - IDOR id=0 (zero_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -DELETE {{base_url}}/api/tokens/0 - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_tokens_id_delete_idor_id_99999_alt_id_502920f7.hurl b/cases/api_tokens_id_delete_idor_id_99999_alt_id_502920f7.hurl deleted file mode 100644 index 854fd91..0000000 --- a/cases/api_tokens_id_delete_idor_id_99999_alt_id_502920f7.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── DELETE /api/tokens/{id} - IDOR id=99999 (alt_id) ── -# case_id=TC-502920f7 -# case_name=DELETE /api/tokens/{id} - IDOR id=99999 (alt_id) -# step_id=step-main -# step_type=test -# technique=idor -# priority=P1 - -DELETE {{base_url}}/api/tokens/99999 - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_tokens_id_delete_missing_required_param_id_c2abfd5e.hurl b/cases/api_tokens_id_delete_missing_required_param_id_c2abfd5e.hurl deleted file mode 100644 index a67d890..0000000 --- a/cases/api_tokens_id_delete_missing_required_param_id_c2abfd5e.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── DELETE /api/tokens/{id} - missing required param "id" ── -# case_id=TC-c2abfd5e -# case_name=DELETE /api/tokens/{id} - missing required param "id" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -DELETE {{base_url}}/api/tokens/1 - -HTTP 422 - diff --git a/cases/api_tokens_id_delete_owasp_api1_bola_unauthorized_access_2d207a0d.hurl b/cases/api_tokens_id_delete_owasp_api1_bola_unauthorized_access_2d207a0d.hurl deleted file mode 100644 index 876724c..0000000 --- a/cases/api_tokens_id_delete_owasp_api1_bola_unauthorized_access_2d207a0d.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API1] DELETE /api/tokens/{id} — BOLA unauthorized access ── -# case_id=TC-2d207a0d -# case_name=[OWASP-API1] DELETE /api/tokens/{id} — BOLA unauthorized access -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/tokens/{{other_resource_id}} - -HTTP 403 - diff --git a/cases/api_tokens_id_delete_owasp_api2_broken_authentication_599ddef6.hurl b/cases/api_tokens_id_delete_owasp_api2_broken_authentication_599ddef6.hurl deleted file mode 100644 index 3c01e08..0000000 --- a/cases/api_tokens_id_delete_owasp_api2_broken_authentication_599ddef6.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] DELETE /api/tokens/{id} — broken authentication ── -# case_id=TC-599ddef6 -# case_name=[OWASP-API2] DELETE /api/tokens/{id} — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/tokens/{id} - -HTTP 401 - diff --git a/cases/api_tokens_id_delete_owasp_api5_function_level_authorization_missing_fbedb9f1.hurl b/cases/api_tokens_id_delete_owasp_api5_function_level_authorization_missing_fbedb9f1.hurl deleted file mode 100644 index 54968fa..0000000 --- a/cases/api_tokens_id_delete_owasp_api5_function_level_authorization_missing_fbedb9f1.hurl +++ /dev/null @@ -1,13 +0,0 @@ -# ── [OWASP-API5] DELETE /api/tokens/{id} — function-level authorization missing ── -# case_id=TC-fbedb9f1 -# case_name=[OWASP-API5] DELETE /api/tokens/{id} — function-level authorization missing -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -DELETE {{base_url}}/api/tokens/{id} -Authorization: Bearer {{user_token}} - -HTTP 403 - diff --git a/cases/api_tokens_id_delete_owasp_api7_injection_path_traversal_85b86fe3.hurl b/cases/api_tokens_id_delete_owasp_api7_injection_path_traversal_85b86fe3.hurl deleted file mode 100644 index cdfba2f..0000000 --- a/cases/api_tokens_id_delete_owasp_api7_injection_path_traversal_85b86fe3.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] DELETE /api/tokens/{id} — injection (path-traversal) ── -# case_id=TC-85b86fe3 -# case_name=[OWASP-API7] DELETE /api/tokens/{id} — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/tokens/..%2F..%2F..%2Fetc%2Fpasswd -```json -null -``` - -HTTP 400 - diff --git a/cases/api_tokens_id_delete_owasp_api7_injection_sqli_e54ea4ce.hurl b/cases/api_tokens_id_delete_owasp_api7_injection_sqli_e54ea4ce.hurl deleted file mode 100644 index a75060d..0000000 --- a/cases/api_tokens_id_delete_owasp_api7_injection_sqli_e54ea4ce.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] DELETE /api/tokens/{id} — injection (sqli) ── -# case_id=TC-e54ea4ce -# case_name=[OWASP-API7] DELETE /api/tokens/{id} — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/tokens/%27%20OR%201=1-- -```json -null -``` - -HTTP 400 - diff --git a/cases/api_tokens_id_delete_owasp_api7_injection_xss_ebab5e69.hurl b/cases/api_tokens_id_delete_owasp_api7_injection_xss_ebab5e69.hurl deleted file mode 100644 index 1c7061d..0000000 --- a/cases/api_tokens_id_delete_owasp_api7_injection_xss_ebab5e69.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── [OWASP-API7] DELETE /api/tokens/{id} — injection (xss) ── -# case_id=TC-ebab5e69 -# case_name=[OWASP-API7] DELETE /api/tokens/{id} — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -DELETE {{base_url}}/api/tokens/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E -```json -null -``` - -HTTP 400 - diff --git a/cases/api_tokens_id_delete_valid_request_with_all_required_fields_138640de.hurl b/cases/api_tokens_id_delete_valid_request_with_all_required_fields_138640de.hurl deleted file mode 100644 index 8374972..0000000 --- a/cases/api_tokens_id_delete_valid_request_with_all_required_fields_138640de.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── DELETE /api/tokens/{id} - valid request with all required fields ── -# case_id=TC-138640de -# case_name=DELETE /api/tokens/{id} - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -DELETE {{base_url}}/api/tokens/{id} - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.ok" exists - diff --git a/cases/api_tokens_id_options_owasp_api8_cors_security_configuration_ba604e45.hurl b/cases/api_tokens_id_options_owasp_api8_cors_security_configuration_ba604e45.hurl deleted file mode 100644 index b9702cb..0000000 --- a/cases/api_tokens_id_options_owasp_api8_cors_security_configuration_ba604e45.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/tokens/{id} — CORS security configuration ── -# case_id=TC-ba604e45 -# case_name=[OWASP-API8] OPTIONS /api/tokens/{id} — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/tokens/{id} -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_tokens_options_owasp_api8_cors_security_configuration_b009aaa0.hurl b/cases/api_tokens_options_owasp_api8_cors_security_configuration_b009aaa0.hurl deleted file mode 100644 index 0862b3b..0000000 --- a/cases/api_tokens_options_owasp_api8_cors_security_configuration_b009aaa0.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/tokens — CORS security configuration ── -# case_id=TC-b009aaa0 -# case_name=[OWASP-API8] OPTIONS /api/tokens — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/tokens -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_tokens_post_field_boundary_name_invalid_below_min_107263c8.hurl b/cases/api_tokens_post_field_boundary_name_invalid_below_min_107263c8.hurl deleted file mode 100644 index 38b67d6..0000000 --- a/cases/api_tokens_post_field_boundary_name_invalid_below_min_107263c8.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/tokens - [field_boundary] name invalid_below_min ── -# case_id=TC-107263c8 -# case_name=POST /api/tokens - [field_boundary] name invalid_below_min -# step_id=step-main -# step_type=test -# technique=field_boundary -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "", - "scope": "read" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_tokens_post_field_boundary_name_valid_min_041bf0da.hurl b/cases/api_tokens_post_field_boundary_name_valid_min_041bf0da.hurl deleted file mode 100644 index 501a79a..0000000 --- a/cases/api_tokens_post_field_boundary_name_valid_min_041bf0da.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/tokens - [field_boundary] name valid_min ── -# case_id=TC-041bf0da -# case_name=POST /api/tokens - [field_boundary] name valid_min -# step_id=step-main -# step_type=test -# technique=field_boundary -# priority=P1 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "a", - "scope": "read" -} -``` - -HTTP * - -[Asserts] -status >= 200 -status < 300 - diff --git a/cases/api_tokens_post_idempotent_second_call_must_be_safe_85621889.hurl b/cases/api_tokens_post_idempotent_second_call_must_be_safe_85621889.hurl deleted file mode 100644 index 342a55b..0000000 --- a/cases/api_tokens_post_idempotent_second_call_must_be_safe_85621889.hurl +++ /dev/null @@ -1,47 +0,0 @@ -# ══════════════════════════════════════════════════ -# POST /api/tokens - idempotent: second call must be safe -# case_id=TC-85621889 -# case_name=POST /api/tokens - idempotent: second call must be safe -# case_kind=chain -# priority=P2 -# ══════════════════════════════════════════════════ - -# ── POST /api/tokens — first call [setup] ── -# step_id=step-setup -# step_type=setup -# title=POST /api/tokens — first call - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Kaya Saunders", - "scope": "read" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - -# ── POST /api/tokens — identical second call must be safe [test] ── -# step_id=step-test -# step_type=test -# title=POST /api/tokens — identical second call must be safe -# depends_on=step-setup - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Kaya Saunders", - "scope": "read" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_tokens_post_invalid_name_empty_string_violates_minlength_1_b579ade9.hurl b/cases/api_tokens_post_invalid_name_empty_string_violates_minlength_1_b579ade9.hurl deleted file mode 100644 index 28cde18..0000000 --- a/cases/api_tokens_post_invalid_name_empty_string_violates_minlength_1_b579ade9.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/tokens - invalid name: empty string violates minLength 1 ── -# case_id=TC-b579ade9 -# case_name=POST /api/tokens - invalid name: empty string violates minLength 1 -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "", - "scope": "read" -} -``` - -HTTP 422 - diff --git a/cases/api_tokens_post_invalid_scope_value_not_in_enum_a9cdb025.hurl b/cases/api_tokens_post_invalid_scope_value_not_in_enum_a9cdb025.hurl deleted file mode 100644 index 109f024..0000000 --- a/cases/api_tokens_post_invalid_scope_value_not_in_enum_a9cdb025.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/tokens - invalid scope: value not in enum ── -# case_id=TC-a9cdb025 -# case_name=POST /api/tokens - invalid scope: value not in enum -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Damion Rivera", - "scope": "__invalid_enum__" -} -``` - -HTTP 422 - diff --git a/cases/api_tokens_post_mass_assignment_financial_probe_b896a4fe.hurl b/cases/api_tokens_post_mass_assignment_financial_probe_b896a4fe.hurl deleted file mode 100644 index f79c42b..0000000 --- a/cases/api_tokens_post_mass_assignment_financial_probe_b896a4fe.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/tokens - [mass_assignment] financial probe ── -# case_id=TC-b896a4fe -# case_name=POST /api/tokens - [mass_assignment] financial probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "balance": 1, - "credits": 1, - "discount": 0, - "name": "Jalen Phillips", - "price": 1, - "scope": "write" -} -``` - -HTTP 400 - diff --git a/cases/api_tokens_post_mass_assignment_identity_probe_b46880dc.hurl b/cases/api_tokens_post_mass_assignment_identity_probe_b46880dc.hurl deleted file mode 100644 index 994b07a..0000000 --- a/cases/api_tokens_post_mass_assignment_identity_probe_b46880dc.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/tokens - [mass_assignment] identity probe ── -# case_id=TC-b46880dc -# case_name=POST /api/tokens - [mass_assignment] identity probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "createdBy": "__probe__", - "name": "Jalen Phillips", - "ownerId": "__probe__", - "scope": "write", - "userId": "__probe__", - "user_id": "__probe__" -} -``` - -HTTP 400 - diff --git a/cases/api_tokens_post_mass_assignment_privilege_probe_2411ba2b.hurl b/cases/api_tokens_post_mass_assignment_privilege_probe_2411ba2b.hurl deleted file mode 100644 index dfa27a8..0000000 --- a/cases/api_tokens_post_mass_assignment_privilege_probe_2411ba2b.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/tokens - [mass_assignment] privilege probe ── -# case_id=TC-2411ba2b -# case_name=POST /api/tokens - [mass_assignment] privilege probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "admin": true, - "isAdmin": true, - "is_admin": true, - "name": "Jalen Phillips", - "role": "__probe__", - "scope": "write" -} -``` - -HTTP 400 - diff --git a/cases/api_tokens_post_mass_assignment_status_probe_248852e9.hurl b/cases/api_tokens_post_mass_assignment_status_probe_248852e9.hurl deleted file mode 100644 index f466743..0000000 --- a/cases/api_tokens_post_mass_assignment_status_probe_248852e9.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/tokens - [mass_assignment] status probe ── -# case_id=TC-248852e9 -# case_name=POST /api/tokens - [mass_assignment] status probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "approved": true, - "banned": false, - "disabled": false, - "name": "Jalen Phillips", - "scope": "write", - "verified": true -} -``` - -HTTP 400 - diff --git a/cases/api_tokens_post_missing_required_field_name_5566a91f.hurl b/cases/api_tokens_post_missing_required_field_name_5566a91f.hurl deleted file mode 100644 index 128df88..0000000 --- a/cases/api_tokens_post_missing_required_field_name_5566a91f.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── POST /api/tokens - missing required field "name" ── -# case_id=TC-5566a91f -# case_name=POST /api/tokens - missing required field "name" -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P1 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "scope": "read" -} -``` - -HTTP 422 - diff --git a/cases/api_tokens_post_missing_required_field_name_75703d6a.hurl b/cases/api_tokens_post_missing_required_field_name_75703d6a.hurl deleted file mode 100644 index afb934f..0000000 --- a/cases/api_tokens_post_missing_required_field_name_75703d6a.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── POST /api/tokens - missing required field "name" ── -# case_id=TC-75703d6a -# case_name=POST /api/tokens - missing required field "name" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "scope": "read" -} -``` - -HTTP 422 - diff --git a/cases/api_tokens_post_missing_required_field_scope_6284c90d.hurl b/cases/api_tokens_post_missing_required_field_scope_6284c90d.hurl deleted file mode 100644 index 097eb64..0000000 --- a/cases/api_tokens_post_missing_required_field_scope_6284c90d.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── POST /api/tokens - missing required field "scope" ── -# case_id=TC-6284c90d -# case_name=POST /api/tokens - missing required field "scope" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Damion Rivera" -} -``` - -HTTP 422 - diff --git a/cases/api_tokens_post_missing_required_field_scope_aa18d499.hurl b/cases/api_tokens_post_missing_required_field_scope_aa18d499.hurl deleted file mode 100644 index f0170de..0000000 --- a/cases/api_tokens_post_missing_required_field_scope_aa18d499.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── POST /api/tokens - missing required field "scope" ── -# case_id=TC-aa18d499 -# case_name=POST /api/tokens - missing required field "scope" -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P1 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Lawrence Braun" -} -``` - -HTTP 422 - diff --git a/cases/api_tokens_post_mutation_name_empty_string_188465c8.hurl b/cases/api_tokens_post_mutation_name_empty_string_188465c8.hurl deleted file mode 100644 index 8c0ec52..0000000 --- a/cases/api_tokens_post_mutation_name_empty_string_188465c8.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/tokens - mutation: name empty string ── -# case_id=TC-188465c8 -# case_name=POST /api/tokens - mutation: name empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "", - "scope": "write" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_tokens_post_mutation_name_integer_instead_of_string_30aabbdc.hurl b/cases/api_tokens_post_mutation_name_integer_instead_of_string_30aabbdc.hurl deleted file mode 100644 index 307c42f..0000000 --- a/cases/api_tokens_post_mutation_name_integer_instead_of_string_30aabbdc.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/tokens - mutation: name integer instead of string ── -# case_id=TC-30aabbdc -# case_name=POST /api/tokens - mutation: name integer instead of string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": 12345, - "scope": "write" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_tokens_post_mutation_name_null_value_816809db.hurl b/cases/api_tokens_post_mutation_name_null_value_816809db.hurl deleted file mode 100644 index 416f168..0000000 --- a/cases/api_tokens_post_mutation_name_null_value_816809db.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/tokens - mutation: name null value ── -# case_id=TC-816809db -# case_name=POST /api/tokens - mutation: name null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": null, - "scope": "write" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_tokens_post_mutation_name_oversized_string_300_chars_8c9976d8.hurl b/cases/api_tokens_post_mutation_name_oversized_string_300_chars_8c9976d8.hurl deleted file mode 100644 index 9f7c53a..0000000 --- a/cases/api_tokens_post_mutation_name_oversized_string_300_chars_8c9976d8.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/tokens - mutation: name oversized string (300 chars) ── -# case_id=TC-8c9976d8 -# case_name=POST /api/tokens - mutation: name oversized string (300 chars) -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "scope": "write" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_tokens_post_mutation_scope_empty_string_c8cd2aed.hurl b/cases/api_tokens_post_mutation_scope_empty_string_c8cd2aed.hurl deleted file mode 100644 index b672fae..0000000 --- a/cases/api_tokens_post_mutation_scope_empty_string_c8cd2aed.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/tokens - mutation: scope empty string ── -# case_id=TC-c8cd2aed -# case_name=POST /api/tokens - mutation: scope empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Clifford Ruiz", - "scope": "" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_tokens_post_mutation_scope_integer_instead_of_string_745ea604.hurl b/cases/api_tokens_post_mutation_scope_integer_instead_of_string_745ea604.hurl deleted file mode 100644 index 32a79aa..0000000 --- a/cases/api_tokens_post_mutation_scope_integer_instead_of_string_745ea604.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/tokens - mutation: scope integer instead of string ── -# case_id=TC-745ea604 -# case_name=POST /api/tokens - mutation: scope integer instead of string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Clifford Ruiz", - "scope": 12345 -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_tokens_post_mutation_scope_null_value_75bc6e95.hurl b/cases/api_tokens_post_mutation_scope_null_value_75bc6e95.hurl deleted file mode 100644 index fd2e067..0000000 --- a/cases/api_tokens_post_mutation_scope_null_value_75bc6e95.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/tokens - mutation: scope null value ── -# case_id=TC-75bc6e95 -# case_name=POST /api/tokens - mutation: scope null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Clifford Ruiz", - "scope": null -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_tokens_post_mutation_scope_oversized_string_300_chars_4d189659.hurl b/cases/api_tokens_post_mutation_scope_oversized_string_300_chars_4d189659.hurl deleted file mode 100644 index f462537..0000000 --- a/cases/api_tokens_post_mutation_scope_oversized_string_300_chars_4d189659.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /api/tokens - mutation: scope oversized string (300 chars) ── -# case_id=TC-4d189659 -# case_name=POST /api/tokens - mutation: scope oversized string (300 chars) -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Clifford Ruiz", - "scope": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_tokens_post_name_at_max_plus_one_invalid_boundary_7b3217ba.hurl b/cases/api_tokens_post_name_at_max_plus_one_invalid_boundary_7b3217ba.hurl deleted file mode 100644 index dea201c..0000000 --- a/cases/api_tokens_post_name_at_max_plus_one_invalid_boundary_7b3217ba.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/tokens - name at max_plus_one_invalid boundary ── -# case_id=TC-7b3217ba -# case_name=POST /api/tokens - name at max_plus_one_invalid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "gZkkKaBcgUUrJhMvMmXsjgUJDOfrVpkfGCKVAUujjHuMbmjqYrroOdpRDCHXNKftgwkIjzdVDnyjNbwYqqZrajsqPvSTaCwhMFwMjAZyBQIjmghcfkelirBpAPxhbuYkwsodExCcRneWXSlyLvtcufLRHJWucpZNlpPiKuSLlicpZPdObnVxJdhXykuHmqCapfBevaSSFSPEtYlzUlPAVbisIBFXneKSEoFFcgPCMSeUhOCBMxaqhfiLFJvQwWsX", - "scope": "read" -} -``` - -HTTP 422 - diff --git a/cases/api_tokens_post_name_at_max_valid_boundary_a0247f03.hurl b/cases/api_tokens_post_name_at_max_valid_boundary_a0247f03.hurl deleted file mode 100644 index cab2ab8..0000000 --- a/cases/api_tokens_post_name_at_max_valid_boundary_a0247f03.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── POST /api/tokens - name at max_valid boundary ── -# case_id=TC-a0247f03 -# case_name=POST /api/tokens - name at max_valid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P1 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "dIcVzeAXIpwOMzbhuWAKvYpdHpXhDnlquznBMpHNObsplNJMCmfagUMlgmyfFcxjiOSjnDPJMExECRCIPMONUmxCjiZwOKphjBRzxRgqBHCPWiUvPVxGpuIuOwqcjGDtPEXvUFwTFgNBEKmwQejgeRCcxYCgaGRusgCHYhGuMkhuWBKpkpOWZMOWQrWAqMGwVOnWXHenTnRwxoXQNWVzoLuAeLfEUWmvtOaUOzDopkvdpjDJgEGrzToimadBCbq", - "scope": "read" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_tokens_post_name_at_min_minus_one_invalid_boundary_d08f5a90.hurl b/cases/api_tokens_post_name_at_min_minus_one_invalid_boundary_d08f5a90.hurl deleted file mode 100644 index a3550d9..0000000 --- a/cases/api_tokens_post_name_at_min_minus_one_invalid_boundary_d08f5a90.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/tokens - name at min_minus_one_invalid boundary ── -# case_id=TC-d08f5a90 -# case_name=POST /api/tokens - name at min_minus_one_invalid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "e", - "scope": "read" -} -``` - -HTTP 422 - diff --git a/cases/api_tokens_post_name_at_min_valid_boundary_1c063dd5.hurl b/cases/api_tokens_post_name_at_min_valid_boundary_1c063dd5.hurl deleted file mode 100644 index 3315fd7..0000000 --- a/cases/api_tokens_post_name_at_min_valid_boundary_1c063dd5.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── POST /api/tokens - name at min_valid boundary ── -# case_id=TC-1c063dd5 -# case_name=POST /api/tokens - name at min_valid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P1 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Y", - "scope": "read" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_tokens_post_null_injection_name_97bd0c77.hurl b/cases/api_tokens_post_null_injection_name_97bd0c77.hurl deleted file mode 100644 index 52f95de..0000000 --- a/cases/api_tokens_post_null_injection_name_97bd0c77.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/tokens - null injection: name ── -# case_id=TC-97bd0c77 -# case_name=POST /api/tokens - null injection: name -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": null, - "scope": "write" -} -``` - -HTTP 422 - diff --git a/cases/api_tokens_post_null_injection_scope_0b4d216c.hurl b/cases/api_tokens_post_null_injection_scope_0b4d216c.hurl deleted file mode 100644 index 3986a8e..0000000 --- a/cases/api_tokens_post_null_injection_scope_0b4d216c.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/tokens - null injection: scope ── -# case_id=TC-0b4d216c -# case_name=POST /api/tokens - null injection: scope -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Evelyn Coleman", - "scope": null -} -``` - -HTTP 422 - diff --git a/cases/api_tokens_post_owasp_api2_broken_authentication_9e6576d2.hurl b/cases/api_tokens_post_owasp_api2_broken_authentication_9e6576d2.hurl deleted file mode 100644 index 83e46c1..0000000 --- a/cases/api_tokens_post_owasp_api2_broken_authentication_9e6576d2.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] POST /api/tokens — broken authentication ── -# case_id=TC-9e6576d2 -# case_name=[OWASP-API2] POST /api/tokens — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/tokens - -HTTP 401 - diff --git a/cases/api_tokens_post_owasp_api6_mass_assignment_d9979992.hurl b/cases/api_tokens_post_owasp_api6_mass_assignment_d9979992.hurl deleted file mode 100644 index bb7ed35..0000000 --- a/cases/api_tokens_post_owasp_api6_mass_assignment_d9979992.hurl +++ /dev/null @@ -1,27 +0,0 @@ -# ── [OWASP-API6] POST /api/tokens — mass assignment ── -# case_id=TC-d9979992 -# case_name=[OWASP-API6] POST /api/tokens — mass assignment -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "createdAt": "2000-01-01T00:00:00Z", - "id": 99999, - "name": "Marianne Nolan", - "scope": "write", - "updatedAt": "2000-01-01T00:00:00Z" -} -``` - -HTTP 201 - -[Asserts] -jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" -jsonpath "$.id" != 99999 -jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" - diff --git a/cases/api_tokens_post_owasp_api7_injection_path_traversal_26975d5c.hurl b/cases/api_tokens_post_owasp_api7_injection_path_traversal_26975d5c.hurl deleted file mode 100644 index e3f5603..0000000 --- a/cases/api_tokens_post_owasp_api7_injection_path_traversal_26975d5c.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── [OWASP-API7] POST /api/tokens — injection (path-traversal) ── -# case_id=TC-26975d5c -# case_name=[OWASP-API7] POST /api/tokens — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "scope": "../../../etc/passwd" -} -``` - -HTTP 400 - diff --git a/cases/api_tokens_post_owasp_api7_injection_sqli_1df31a27.hurl b/cases/api_tokens_post_owasp_api7_injection_sqli_1df31a27.hurl deleted file mode 100644 index 2da5697..0000000 --- a/cases/api_tokens_post_owasp_api7_injection_sqli_1df31a27.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── [OWASP-API7] POST /api/tokens — injection (sqli) ── -# case_id=TC-1df31a27 -# case_name=[OWASP-API7] POST /api/tokens — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "scope": "' OR 1=1--" -} -``` - -HTTP 400 - diff --git a/cases/api_tokens_post_owasp_api7_injection_xss_8157a3a5.hurl b/cases/api_tokens_post_owasp_api7_injection_xss_8157a3a5.hurl deleted file mode 100644 index fe6b263..0000000 --- a/cases/api_tokens_post_owasp_api7_injection_xss_8157a3a5.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── [OWASP-API7] POST /api/tokens — injection (xss) ── -# case_id=TC-8157a3a5 -# case_name=[OWASP-API7] POST /api/tokens — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "scope": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" -} -``` - -HTTP 400 - diff --git a/cases/api_tokens_post_required_omission_name_absent_b998dc1a.hurl b/cases/api_tokens_post_required_omission_name_absent_b998dc1a.hurl deleted file mode 100644 index a3675f2..0000000 --- a/cases/api_tokens_post_required_omission_name_absent_b998dc1a.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── POST /api/tokens - [required_omission] name absent ── -# case_id=TC-b998dc1a -# case_name=POST /api/tokens - [required_omission] name absent -# step_id=step-main -# step_type=test -# technique=required_omission -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "scope": "write" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_tokens_post_required_omission_scope_absent_fcb3e065.hurl b/cases/api_tokens_post_required_omission_scope_absent_fcb3e065.hurl deleted file mode 100644 index 7692dfe..0000000 --- a/cases/api_tokens_post_required_omission_scope_absent_fcb3e065.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── POST /api/tokens - [required_omission] scope absent ── -# case_id=TC-fcb3e065 -# case_name=POST /api/tokens - [required_omission] scope absent -# step_id=step-main -# step_type=test -# technique=required_omission -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Macey Wolfe" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_tokens_post_schema_violation_name_missing_required_c2cef5a1.hurl b/cases/api_tokens_post_schema_violation_name_missing_required_c2cef5a1.hurl deleted file mode 100644 index ba15972..0000000 --- a/cases/api_tokens_post_schema_violation_name_missing_required_c2cef5a1.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── POST /api/tokens - [schema_violation] name_missing_required ── -# case_id=TC-c2cef5a1 -# case_name=POST /api/tokens - [schema_violation] name_missing_required -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "scope": "read" -} -``` - -HTTP 422 - diff --git a/cases/api_tokens_post_schema_violation_name_too_short_bf65e63e.hurl b/cases/api_tokens_post_schema_violation_name_too_short_bf65e63e.hurl deleted file mode 100644 index fa31c04..0000000 --- a/cases/api_tokens_post_schema_violation_name_too_short_bf65e63e.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/tokens - [schema_violation] name_too_short ── -# case_id=TC-bf65e63e -# case_name=POST /api/tokens - [schema_violation] name_too_short -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "", - "scope": "read" -} -``` - -HTTP 422 - diff --git a/cases/api_tokens_post_schema_violation_scope_invalid_enum_a6a38420.hurl b/cases/api_tokens_post_schema_violation_scope_invalid_enum_a6a38420.hurl deleted file mode 100644 index 9ce5b09..0000000 --- a/cases/api_tokens_post_schema_violation_scope_invalid_enum_a6a38420.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/tokens - [schema_violation] scope_invalid_enum ── -# case_id=TC-a6a38420 -# case_name=POST /api/tokens - [schema_violation] scope_invalid_enum -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Bonita Hermann", - "scope": "__invalid__" -} -``` - -HTTP 422 - diff --git a/cases/api_tokens_post_schema_violation_scope_missing_required_ad285328.hurl b/cases/api_tokens_post_schema_violation_scope_missing_required_ad285328.hurl deleted file mode 100644 index 91c19e1..0000000 --- a/cases/api_tokens_post_schema_violation_scope_missing_required_ad285328.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── POST /api/tokens - [schema_violation] scope_missing_required ── -# case_id=TC-ad285328 -# case_name=POST /api/tokens - [schema_violation] scope_missing_required -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Bonita Hermann" -} -``` - -HTTP 422 - diff --git a/cases/api_tokens_post_type_coercion_name_wrong_type_boolean_bd1e61be.hurl b/cases/api_tokens_post_type_coercion_name_wrong_type_boolean_bd1e61be.hurl deleted file mode 100644 index 6e694cb..0000000 --- a/cases/api_tokens_post_type_coercion_name_wrong_type_boolean_bd1e61be.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/tokens - [type_coercion] name wrong_type_boolean ── -# case_id=TC-bd1e61be -# case_name=POST /api/tokens - [type_coercion] name wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": true, - "scope": "write" -} -``` - -HTTP 422 - diff --git a/cases/api_tokens_post_type_coercion_name_wrong_type_integer_9bc60d9a.hurl b/cases/api_tokens_post_type_coercion_name_wrong_type_integer_9bc60d9a.hurl deleted file mode 100644 index 4b6d800..0000000 --- a/cases/api_tokens_post_type_coercion_name_wrong_type_integer_9bc60d9a.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/tokens - [type_coercion] name wrong_type_integer ── -# case_id=TC-9bc60d9a -# case_name=POST /api/tokens - [type_coercion] name wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": 123, - "scope": "write" -} -``` - -HTTP 422 - diff --git a/cases/api_tokens_post_type_coercion_scope_wrong_type_boolean_28d94662.hurl b/cases/api_tokens_post_type_coercion_scope_wrong_type_boolean_28d94662.hurl deleted file mode 100644 index c397aed..0000000 --- a/cases/api_tokens_post_type_coercion_scope_wrong_type_boolean_28d94662.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/tokens - [type_coercion] scope wrong_type_boolean ── -# case_id=TC-28d94662 -# case_name=POST /api/tokens - [type_coercion] scope wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Nathanael Connelly", - "scope": true -} -``` - -HTTP 422 - diff --git a/cases/api_tokens_post_type_coercion_scope_wrong_type_integer_9bf5d669.hurl b/cases/api_tokens_post_type_coercion_scope_wrong_type_integer_9bf5d669.hurl deleted file mode 100644 index 1b5ce2d..0000000 --- a/cases/api_tokens_post_type_coercion_scope_wrong_type_integer_9bf5d669.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/tokens - [type_coercion] scope wrong_type_integer ── -# case_id=TC-9bf5d669 -# case_name=POST /api/tokens - [type_coercion] scope wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Nathanael Connelly", - "scope": 123 -} -``` - -HTTP 422 - diff --git a/cases/api_tokens_post_unicode_fuzzing_name_bidi_override_33a5a9d7.hurl b/cases/api_tokens_post_unicode_fuzzing_name_bidi_override_33a5a9d7.hurl deleted file mode 100644 index 9ce1ca1..0000000 --- a/cases/api_tokens_post_unicode_fuzzing_name_bidi_override_33a5a9d7.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/tokens - [unicode_fuzzing] name bidi_override ── -# case_id=TC-33a5a9d7 -# case_name=POST /api/tokens - [unicode_fuzzing] name bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "‮hello", - "scope": "read" -} -``` - -HTTP 400 - diff --git a/cases/api_tokens_post_unicode_fuzzing_name_control_char_fc869137.hurl b/cases/api_tokens_post_unicode_fuzzing_name_control_char_fc869137.hurl deleted file mode 100644 index e6ccc04..0000000 --- a/cases/api_tokens_post_unicode_fuzzing_name_control_char_fc869137.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/tokens - [unicode_fuzzing] name control_char ── -# case_id=TC-fc869137 -# case_name=POST /api/tokens - [unicode_fuzzing] name control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "hello\u0000world", - "scope": "read" -} -``` - -HTTP 400 - diff --git a/cases/api_tokens_post_unicode_fuzzing_name_overlong_4faf49f0.hurl b/cases/api_tokens_post_unicode_fuzzing_name_overlong_4faf49f0.hurl deleted file mode 100644 index 6b1eb0f..0000000 --- a/cases/api_tokens_post_unicode_fuzzing_name_overlong_4faf49f0.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/tokens - [unicode_fuzzing] name overlong ── -# case_id=TC-4faf49f0 -# case_name=POST /api/tokens - [unicode_fuzzing] name overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "scope": "read" -} -``` - -HTTP 400 - diff --git a/cases/api_tokens_post_unicode_fuzzing_name_zalgo_431d2bbf.hurl b/cases/api_tokens_post_unicode_fuzzing_name_zalgo_431d2bbf.hurl deleted file mode 100644 index 1518cca..0000000 --- a/cases/api_tokens_post_unicode_fuzzing_name_zalgo_431d2bbf.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/tokens - [unicode_fuzzing] name zalgo ── -# case_id=TC-431d2bbf -# case_name=POST /api/tokens - [unicode_fuzzing] name zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "z̀́̂̃̄̅̆̇a", - "scope": "read" -} -``` - -HTTP 400 - diff --git a/cases/api_tokens_post_unicode_fuzzing_name_zero_width_6f9f1e83.hurl b/cases/api_tokens_post_unicode_fuzzing_name_zero_width_6f9f1e83.hurl deleted file mode 100644 index 16d429e..0000000 --- a/cases/api_tokens_post_unicode_fuzzing_name_zero_width_6f9f1e83.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/tokens - [unicode_fuzzing] name zero_width ── -# case_id=TC-6f9f1e83 -# case_name=POST /api/tokens - [unicode_fuzzing] name zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "​hello", - "scope": "read" -} -``` - -HTTP 400 - diff --git a/cases/api_tokens_post_unicode_fuzzing_scope_bidi_override_8643ca22.hurl b/cases/api_tokens_post_unicode_fuzzing_scope_bidi_override_8643ca22.hurl deleted file mode 100644 index 37e6c6c..0000000 --- a/cases/api_tokens_post_unicode_fuzzing_scope_bidi_override_8643ca22.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/tokens - [unicode_fuzzing] scope bidi_override ── -# case_id=TC-8643ca22 -# case_name=POST /api/tokens - [unicode_fuzzing] scope bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Amelia Cummings", - "scope": "‮hello" -} -``` - -HTTP 400 - diff --git a/cases/api_tokens_post_unicode_fuzzing_scope_control_char_0d728fca.hurl b/cases/api_tokens_post_unicode_fuzzing_scope_control_char_0d728fca.hurl deleted file mode 100644 index f9e2171..0000000 --- a/cases/api_tokens_post_unicode_fuzzing_scope_control_char_0d728fca.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/tokens - [unicode_fuzzing] scope control_char ── -# case_id=TC-0d728fca -# case_name=POST /api/tokens - [unicode_fuzzing] scope control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Amelia Cummings", - "scope": "hello\u0000world" -} -``` - -HTTP 400 - diff --git a/cases/api_tokens_post_unicode_fuzzing_scope_overlong_8adfe998.hurl b/cases/api_tokens_post_unicode_fuzzing_scope_overlong_8adfe998.hurl deleted file mode 100644 index 13fe392..0000000 --- a/cases/api_tokens_post_unicode_fuzzing_scope_overlong_8adfe998.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/tokens - [unicode_fuzzing] scope overlong ── -# case_id=TC-8adfe998 -# case_name=POST /api/tokens - [unicode_fuzzing] scope overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Amelia Cummings", - "scope": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" -} -``` - -HTTP 400 - diff --git a/cases/api_tokens_post_unicode_fuzzing_scope_zalgo_734aea93.hurl b/cases/api_tokens_post_unicode_fuzzing_scope_zalgo_734aea93.hurl deleted file mode 100644 index 76ea01b..0000000 --- a/cases/api_tokens_post_unicode_fuzzing_scope_zalgo_734aea93.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/tokens - [unicode_fuzzing] scope zalgo ── -# case_id=TC-734aea93 -# case_name=POST /api/tokens - [unicode_fuzzing] scope zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Amelia Cummings", - "scope": "z̀́̂̃̄̅̆̇a" -} -``` - -HTTP 400 - diff --git a/cases/api_tokens_post_unicode_fuzzing_scope_zero_width_6b8f84d1.hurl b/cases/api_tokens_post_unicode_fuzzing_scope_zero_width_6b8f84d1.hurl deleted file mode 100644 index 123b50e..0000000 --- a/cases/api_tokens_post_unicode_fuzzing_scope_zero_width_6b8f84d1.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/tokens - [unicode_fuzzing] scope zero_width ── -# case_id=TC-6b8f84d1 -# case_name=POST /api/tokens - [unicode_fuzzing] scope zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Amelia Cummings", - "scope": "​hello" -} -``` - -HTTP 400 - diff --git a/cases/api_tokens_post_valid_request_with_all_required_fields_6a65bf78.hurl b/cases/api_tokens_post_valid_request_with_all_required_fields_6a65bf78.hurl deleted file mode 100644 index 5623b53..0000000 --- a/cases/api_tokens_post_valid_request_with_all_required_fields_6a65bf78.hurl +++ /dev/null @@ -1,28 +0,0 @@ -# ── POST /api/tokens - valid request with all required fields ── -# case_id=TC-6a65bf78 -# case_name=POST /api/tokens - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Allison Hunter", - "scope": "read" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.name" exists -jsonpath "$.prefix" exists -jsonpath "$.scope" exists -jsonpath "$.token" exists -jsonpath "$.createdAt" exists -jsonpath "$.id" exists - diff --git a/cases/api_tokens_post_wrong_content_type_text_plain_b0b71990.hurl b/cases/api_tokens_post_wrong_content_type_text_plain_b0b71990.hurl deleted file mode 100644 index 73a6621..0000000 --- a/cases/api_tokens_post_wrong_content_type_text_plain_b0b71990.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /api/tokens - wrong content-type (text/plain) ── -# case_id=TC-b0b71990 -# case_name=POST /api/tokens - wrong content-type (text/plain) -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/tokens -Content-Type: text/plain -```json -{ - "name": "Evelyn Coleman", - "scope": "write" -} -``` - -HTTP 415 - diff --git a/cases/api_tokens_sequence_chain_delete_api_admin_grants_id_e1324ddf.hurl b/cases/api_tokens_sequence_chain_delete_api_admin_grants_id_e1324ddf.hurl deleted file mode 100644 index 84f68c2..0000000 --- a/cases/api_tokens_sequence_chain_delete_api_admin_grants_id_e1324ddf.hurl +++ /dev/null @@ -1,43 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/tokens → DELETE /api/admin/grants/{id} -# case_id=TC-e1324ddf -# case_name=sequence chain: /api/tokens → DELETE /api/admin/grants/{id} -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/tokens [setup] ───── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/tokens - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Bernardo Auer", - "scope": "write" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via DELETE /api/admin/grants/{id} [test] ── -# step_id=step-test -# step_type=test -# title=use via DELETE /api/admin/grants/{id} -# depends_on=step-setup - -DELETE {{base_url}}/api/admin/grants/{{id}} - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_tokens_sequence_chain_delete_api_admin_users_id_60268ad8.hurl b/cases/api_tokens_sequence_chain_delete_api_admin_users_id_60268ad8.hurl deleted file mode 100644 index 9ff06e6..0000000 --- a/cases/api_tokens_sequence_chain_delete_api_admin_users_id_60268ad8.hurl +++ /dev/null @@ -1,43 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/tokens → DELETE /api/admin/users/{id} -# case_id=TC-60268ad8 -# case_name=sequence chain: /api/tokens → DELETE /api/admin/users/{id} -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/tokens [setup] ───── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/tokens - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Rafael Hopkins", - "scope": "write" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via DELETE /api/admin/users/{id} [test] ── -# step_id=step-test -# step_type=test -# title=use via DELETE /api/admin/users/{id} -# depends_on=step-setup - -DELETE {{base_url}}/api/admin/users/{{id}} - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_tokens_sequence_chain_get_api_admin_teams_id_grants_f107e18d.hurl b/cases/api_tokens_sequence_chain_get_api_admin_teams_id_grants_f107e18d.hurl deleted file mode 100644 index 16abc78..0000000 --- a/cases/api_tokens_sequence_chain_get_api_admin_teams_id_grants_f107e18d.hurl +++ /dev/null @@ -1,43 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/tokens → GET /api/admin/teams/{id}/grants -# case_id=TC-f107e18d -# case_name=sequence chain: /api/tokens → GET /api/admin/teams/{id}/grants -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/tokens [setup] ───── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/tokens - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Janie Stone", - "scope": "write" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via GET /api/admin/teams/{id}/grants [test] ── -# step_id=step-test -# step_type=test -# title=use via GET /api/admin/teams/{id}/grants -# depends_on=step-setup - -GET {{base_url}}/api/admin/teams/{{id}}/grants - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_tokens_sequence_chain_get_api_admin_teams_id_members_90e7f90e.hurl b/cases/api_tokens_sequence_chain_get_api_admin_teams_id_members_90e7f90e.hurl deleted file mode 100644 index 7b8cb7c..0000000 --- a/cases/api_tokens_sequence_chain_get_api_admin_teams_id_members_90e7f90e.hurl +++ /dev/null @@ -1,43 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/tokens → GET /api/admin/teams/{id}/members -# case_id=TC-90e7f90e -# case_name=sequence chain: /api/tokens → GET /api/admin/teams/{id}/members -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/tokens [setup] ───── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/tokens - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Brett Bird", - "scope": "read" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via GET /api/admin/teams/{id}/members [test] ── -# step_id=step-test -# step_type=test -# title=use via GET /api/admin/teams/{id}/members -# depends_on=step-setup - -GET {{base_url}}/api/admin/teams/{{id}}/members - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_tokens_sequence_chain_get_api_admin_teams_id_services_bda7e5b2.hurl b/cases/api_tokens_sequence_chain_get_api_admin_teams_id_services_bda7e5b2.hurl deleted file mode 100644 index 20941ec..0000000 --- a/cases/api_tokens_sequence_chain_get_api_admin_teams_id_services_bda7e5b2.hurl +++ /dev/null @@ -1,43 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/tokens → GET /api/admin/teams/{id}/services -# case_id=TC-bda7e5b2 -# case_name=sequence chain: /api/tokens → GET /api/admin/teams/{id}/services -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/tokens [setup] ───── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/tokens - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Bernadine Murray", - "scope": "write" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via GET /api/admin/teams/{id}/services [test] ── -# step_id=step-test -# step_type=test -# title=use via GET /api/admin/teams/{id}/services -# depends_on=step-setup - -GET {{base_url}}/api/admin/teams/{{id}}/services - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_tokens_sequence_chain_post_api_admin_teams_id_grants_ba99a719.hurl b/cases/api_tokens_sequence_chain_post_api_admin_teams_id_grants_ba99a719.hurl deleted file mode 100644 index d3d2253..0000000 --- a/cases/api_tokens_sequence_chain_post_api_admin_teams_id_grants_ba99a719.hurl +++ /dev/null @@ -1,55 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/tokens → POST /api/admin/teams/{id}/grants -# case_id=TC-ba99a719 -# case_name=sequence chain: /api/tokens → POST /api/admin/teams/{id}/grants -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/tokens [setup] ───── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/tokens - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Aric Carpenter", - "scope": "write" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via POST /api/admin/teams/{id}/grants [test] ── -# step_id=step-test -# step_type=test -# title=use via POST /api/admin/teams/{id}/grants -# depends_on=step-setup - -POST {{base_url}}/api/admin/teams/{{id}}/grants -Content-Type: application/json -```json -{ - "branches": [ - "consequence" - ], - "expiresAt": "1923-07-31T23:48:34Z", - "granteeTeamId": "951d9915-63f4-46d3-b5d5-8b170b457b9e", - "granteeUserId": "bbc3acfe-6b9e-4c9c-bf24-b4d09f78276d", - "serviceId": "47af9d4e-ddf7-4f73-8a33-2c60da4c1f72" -} -``` - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_tokens_sequence_chain_post_api_admin_teams_id_members_714b8b84.hurl b/cases/api_tokens_sequence_chain_post_api_admin_teams_id_members_714b8b84.hurl deleted file mode 100644 index e24241b..0000000 --- a/cases/api_tokens_sequence_chain_post_api_admin_teams_id_members_714b8b84.hurl +++ /dev/null @@ -1,50 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/tokens → POST /api/admin/teams/{id}/members -# case_id=TC-714b8b84 -# case_name=sequence chain: /api/tokens → POST /api/admin/teams/{id}/members -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/tokens [setup] ───── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/tokens - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Athena Fernandez", - "scope": "read" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via POST /api/admin/teams/{id}/members [test] ── -# step_id=step-test -# step_type=test -# title=use via POST /api/admin/teams/{id}/members -# depends_on=step-setup - -POST {{base_url}}/api/admin/teams/{{id}}/members -Content-Type: application/json -```json -{ - "role": "member", - "userId": "02ef8546-0050-41de-be11-ab585b23ac54" -} -``` - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_tokens_sequence_chain_put_api_admin_services_serviceid_team_110b6d72.hurl b/cases/api_tokens_sequence_chain_put_api_admin_services_serviceid_team_110b6d72.hurl deleted file mode 100644 index fce1931..0000000 --- a/cases/api_tokens_sequence_chain_put_api_admin_services_serviceid_team_110b6d72.hurl +++ /dev/null @@ -1,49 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/tokens → PUT /api/admin/services/{serviceId}/team -# case_id=TC-110b6d72 -# case_name=sequence chain: /api/tokens → PUT /api/admin/services/{serviceId}/team -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/tokens [setup] ───── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/tokens - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Diego Herman", - "scope": "read" -} -``` - -HTTP * - -[Captures] -serviceId: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via PUT /api/admin/services/{serviceId}/team [test] ── -# step_id=step-test -# step_type=test -# title=use via PUT /api/admin/services/{serviceId}/team -# depends_on=step-setup - -PUT {{base_url}}/api/admin/services/{{serviceId}}/team -Content-Type: application/json -```json -{ - "teamId": "9e4f4d0e-d5d7-447e-830c-1c638616ddbf" -} -``` - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_tokens_sequence_chain_put_api_admin_users_id_3028e37b.hurl b/cases/api_tokens_sequence_chain_put_api_admin_users_id_3028e37b.hurl deleted file mode 100644 index 4b843d1..0000000 --- a/cases/api_tokens_sequence_chain_put_api_admin_users_id_3028e37b.hurl +++ /dev/null @@ -1,50 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/tokens → PUT /api/admin/users/{id} -# case_id=TC-3028e37b -# case_name=sequence chain: /api/tokens → PUT /api/admin/users/{id} -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/tokens [setup] ───── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/tokens - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Dante Kennedy", - "scope": "write" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.id" - -[Asserts] -status < 300 - -# ── use via PUT /api/admin/users/{id} [test] ── -# step_id=step-test -# step_type=test -# title=use via PUT /api/admin/users/{id} -# depends_on=step-setup - -PUT {{base_url}}/api/admin/users/{{id}} -Content-Type: application/json -```json -{ - "isActive": true, - "role": "super_admin" -} -``` - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_upload_options_owasp_api8_cors_security_configuration_65631595.hurl b/cases/api_upload_options_owasp_api8_cors_security_configuration_65631595.hurl deleted file mode 100644 index 09b5a07..0000000 --- a/cases/api_upload_options_owasp_api8_cors_security_configuration_65631595.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /api/upload — CORS security configuration ── -# case_id=TC-65631595 -# case_name=[OWASP-API8] OPTIONS /api/upload — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/api/upload -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/api_upload_post_auth_chain_c60cf805.hurl b/cases/api_upload_post_auth_chain_c60cf805.hurl deleted file mode 100644 index 819b0ef..0000000 --- a/cases/api_upload_post_auth_chain_c60cf805.hurl +++ /dev/null @@ -1,53 +0,0 @@ -# ══════════════════════════════════════════════════ -# auth chain: POST /api/upload -# case_id=TC-c60cf805 -# case_name=auth chain: POST /api/upload -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── authenticate via POST /api/tokens [setup] ── -# step_id=step-auth -# step_type=setup -# title=authenticate via POST /api/tokens - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Jakob Jensen", - "scope": "write" -} -``` - -HTTP * - -[Captures] -authToken: jsonpath "$.token" - -[Asserts] -status < 300 - -# ── POST /api/upload with auth token [test] ── -# step_id=step-test -# step_type=test -# title=POST /api/upload with auth token -# depends_on=step-auth - -POST {{base_url}}/api/upload -Authorization: Bearer {{authToken}} -Content-Type: application/json -```json -{ - "branch": "they", - "commitSha": "sometimes", - "service": "Darwinian", - "specContent": "i.e." -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_upload_post_branch_at_max_plus_one_invalid_boundary_62157365.hurl b/cases/api_upload_post_branch_at_max_plus_one_invalid_boundary_62157365.hurl deleted file mode 100644 index 29c0fd5..0000000 --- a/cases/api_upload_post_branch_at_max_plus_one_invalid_boundary_62157365.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - branch at max_plus_one_invalid boundary ── -# case_id=TC-62157365 -# case_name=POST /api/upload - branch at max_plus_one_invalid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "ILYUfOPfVxuZMfnbVgKKBKcmaHThDumvYBgtnVGhjnPVGeBmGSnwjXFjeojgBxBSehvkPJScHCBTFcjyIabzfzFvTWtmmGsJXlmNIlpLkzqrlyuqKvGoAAOUUwFEBGeoceVrjAMgTmCbeUmYnHVgBpOXAuFUnLPQYGspPdbHIuiUDYqbBJXQtGKAcDLSaGJJLeGIsLZXfWSCbcUflmCylZeRTVGmuNyUFZmpAoeWuylCdFZLpbneeLqzpzLaIKmE", - "commitSha": "horde", - "service": "patrol", - "specContent": "early" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_branch_at_max_valid_boundary_97d88ce9.hurl b/cases/api_upload_post_branch_at_max_valid_boundary_97d88ce9.hurl deleted file mode 100644 index 4bc635c..0000000 --- a/cases/api_upload_post_branch_at_max_valid_boundary_97d88ce9.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/upload - branch at max_valid boundary ── -# case_id=TC-97d88ce9 -# case_name=POST /api/upload - branch at max_valid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P1 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "shlwKqFxRFaVTdGNnBXhsNxUFKQKzOqqCpWDSXqaghfbdFJIOYfkDfFCtbwSekckstHPRyDaMVWZVWRBkbIgtUJDXhFeMmsQbiKempTLkISShAcAmWyGwOABgtbYCVEFRMDgKJWLKPmhAtLhMCfQaicCaLcxzIlibqzCyRCDxwtHNNlvPLxMHtmKcmYUtqMBHkdEiCZvhHNvCBGgJjhsNpbEGSpHxdHKXjeFulMWOPsstdqgeeJDWdLgyWSEFNF", - "commitSha": "horde", - "service": "patrol", - "specContent": "early" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_upload_post_branch_at_min_minus_one_invalid_boundary_fa914b29.hurl b/cases/api_upload_post_branch_at_min_minus_one_invalid_boundary_fa914b29.hurl deleted file mode 100644 index 6e337c6..0000000 --- a/cases/api_upload_post_branch_at_min_minus_one_invalid_boundary_fa914b29.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - branch at min_minus_one_invalid boundary ── -# case_id=TC-fa914b29 -# case_name=POST /api/upload - branch at min_minus_one_invalid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "x", - "commitSha": "horde", - "service": "patrol", - "specContent": "early" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_branch_at_min_valid_boundary_4ca9c46c.hurl b/cases/api_upload_post_branch_at_min_valid_boundary_4ca9c46c.hurl deleted file mode 100644 index 49ca751..0000000 --- a/cases/api_upload_post_branch_at_min_valid_boundary_4ca9c46c.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/upload - branch at min_valid boundary ── -# case_id=TC-4ca9c46c -# case_name=POST /api/upload - branch at min_valid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P1 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "b", - "commitSha": "horde", - "service": "patrol", - "specContent": "early" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_upload_post_field_boundary_branch_invalid_below_min_e5764a68.hurl b/cases/api_upload_post_field_boundary_branch_invalid_below_min_e5764a68.hurl deleted file mode 100644 index a728d94..0000000 --- a/cases/api_upload_post_field_boundary_branch_invalid_below_min_e5764a68.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── POST /api/upload - [field_boundary] branch invalid_below_min ── -# case_id=TC-e5764a68 -# case_name=POST /api/upload - [field_boundary] branch invalid_below_min -# step_id=step-main -# step_type=test -# technique=field_boundary -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "", - "commitSha": "about", - "service": "scold", - "specContent": "muster" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_upload_post_field_boundary_branch_valid_min_b8ed4386.hurl b/cases/api_upload_post_field_boundary_branch_valid_min_b8ed4386.hurl deleted file mode 100644 index 5bef80b..0000000 --- a/cases/api_upload_post_field_boundary_branch_valid_min_b8ed4386.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── POST /api/upload - [field_boundary] branch valid_min ── -# case_id=TC-b8ed4386 -# case_name=POST /api/upload - [field_boundary] branch valid_min -# step_id=step-main -# step_type=test -# technique=field_boundary -# priority=P1 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "a", - "commitSha": "girl", - "service": "those", - "specContent": "many" -} -``` - -HTTP * - -[Asserts] -status >= 200 -status < 300 - diff --git a/cases/api_upload_post_field_boundary_service_invalid_below_min_a957f4b8.hurl b/cases/api_upload_post_field_boundary_service_invalid_below_min_a957f4b8.hurl deleted file mode 100644 index 56e616b..0000000 --- a/cases/api_upload_post_field_boundary_service_invalid_below_min_a957f4b8.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── POST /api/upload - [field_boundary] service invalid_below_min ── -# case_id=TC-a957f4b8 -# case_name=POST /api/upload - [field_boundary] service invalid_below_min -# step_id=step-main -# step_type=test -# technique=field_boundary -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "next", - "commitSha": "none", - "service": "", - "specContent": "through" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_upload_post_field_boundary_service_valid_min_db5c5368.hurl b/cases/api_upload_post_field_boundary_service_valid_min_db5c5368.hurl deleted file mode 100644 index 43eea3d..0000000 --- a/cases/api_upload_post_field_boundary_service_valid_min_db5c5368.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── POST /api/upload - [field_boundary] service valid_min ── -# case_id=TC-db5c5368 -# case_name=POST /api/upload - [field_boundary] service valid_min -# step_id=step-main -# step_type=test -# technique=field_boundary -# priority=P1 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "it", - "commitSha": "why", - "service": "a", - "specContent": "all" -} -``` - -HTTP * - -[Asserts] -status >= 200 -status < 300 - diff --git a/cases/api_upload_post_field_boundary_speccontent_invalid_below_min_ac1b6e26.hurl b/cases/api_upload_post_field_boundary_speccontent_invalid_below_min_ac1b6e26.hurl deleted file mode 100644 index 02747c1..0000000 --- a/cases/api_upload_post_field_boundary_speccontent_invalid_below_min_ac1b6e26.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── POST /api/upload - [field_boundary] specContent invalid_below_min ── -# case_id=TC-ac1b6e26 -# case_name=POST /api/upload - [field_boundary] specContent invalid_below_min -# step_id=step-main -# step_type=test -# technique=field_boundary -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "whom", - "commitSha": "to", - "service": "constantly", - "specContent": "" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_upload_post_field_boundary_speccontent_valid_min_82713518.hurl b/cases/api_upload_post_field_boundary_speccontent_valid_min_82713518.hurl deleted file mode 100644 index 949b7a7..0000000 --- a/cases/api_upload_post_field_boundary_speccontent_valid_min_82713518.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── POST /api/upload - [field_boundary] specContent valid_min ── -# case_id=TC-82713518 -# case_name=POST /api/upload - [field_boundary] specContent valid_min -# step_id=step-main -# step_type=test -# technique=field_boundary -# priority=P1 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "drink", - "commitSha": "his", - "service": "few", - "specContent": "a" -} -``` - -HTTP * - -[Asserts] -status >= 200 -status < 300 - diff --git a/cases/api_upload_post_idempotent_second_call_must_be_safe_dd638159.hurl b/cases/api_upload_post_idempotent_second_call_must_be_safe_dd638159.hurl deleted file mode 100644 index 7a82424..0000000 --- a/cases/api_upload_post_idempotent_second_call_must_be_safe_dd638159.hurl +++ /dev/null @@ -1,51 +0,0 @@ -# ══════════════════════════════════════════════════ -# POST /api/upload - idempotent: second call must be safe -# case_id=TC-dd638159 -# case_name=POST /api/upload - idempotent: second call must be safe -# case_kind=chain -# priority=P2 -# ══════════════════════════════════════════════════ - -# ── POST /api/upload — first call [setup] ── -# step_id=step-setup -# step_type=setup -# title=POST /api/upload — first call - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "relieved", - "commitSha": "frequently", - "service": "inside", - "specContent": "east" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - -# ── POST /api/upload — identical second call must be safe [test] ── -# step_id=step-test -# step_type=test -# title=POST /api/upload — identical second call must be safe -# depends_on=step-setup - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "relieved", - "commitSha": "frequently", - "service": "inside", - "specContent": "east" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_upload_post_invalid_branch_empty_string_violates_minlength_1_5eb7446c.hurl b/cases/api_upload_post_invalid_branch_empty_string_violates_minlength_1_5eb7446c.hurl deleted file mode 100644 index e57b49c..0000000 --- a/cases/api_upload_post_invalid_branch_empty_string_violates_minlength_1_5eb7446c.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - invalid branch: empty string violates minLength 1 ── -# case_id=TC-5eb7446c -# case_name=POST /api/upload - invalid branch: empty string violates minLength 1 -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "", - "commitSha": "pack", - "service": "ears", - "specContent": "now" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_invalid_service_empty_string_violates_minlength_1_8389dd21.hurl b/cases/api_upload_post_invalid_service_empty_string_violates_minlength_1_8389dd21.hurl deleted file mode 100644 index 45edc20..0000000 --- a/cases/api_upload_post_invalid_service_empty_string_violates_minlength_1_8389dd21.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - invalid service: empty string violates minLength 1 ── -# case_id=TC-8389dd21 -# case_name=POST /api/upload - invalid service: empty string violates minLength 1 -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "recline", - "commitSha": "pack", - "service": "", - "specContent": "now" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_invalid_speccontent_empty_string_violates_minlength_1_86ff6bd8.hurl b/cases/api_upload_post_invalid_speccontent_empty_string_violates_minlength_1_86ff6bd8.hurl deleted file mode 100644 index 6ffa248..0000000 --- a/cases/api_upload_post_invalid_speccontent_empty_string_violates_minlength_1_86ff6bd8.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - invalid specContent: empty string violates minLength 1 ── -# case_id=TC-86ff6bd8 -# case_name=POST /api/upload - invalid specContent: empty string violates minLength 1 -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "recline", - "commitSha": "pack", - "service": "ears", - "specContent": "" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_mass_assignment_financial_probe_9794cdb0.hurl b/cases/api_upload_post_mass_assignment_financial_probe_9794cdb0.hurl deleted file mode 100644 index 620d1c0..0000000 --- a/cases/api_upload_post_mass_assignment_financial_probe_9794cdb0.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── POST /api/upload - [mass_assignment] financial probe ── -# case_id=TC-9794cdb0 -# case_name=POST /api/upload - [mass_assignment] financial probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "balance": 1, - "branch": "oops", - "commitSha": "mustering", - "credits": 1, - "discount": 0, - "price": 1, - "service": "I", - "specContent": "cut" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_mass_assignment_identity_probe_398f4294.hurl b/cases/api_upload_post_mass_assignment_identity_probe_398f4294.hurl deleted file mode 100644 index ad38d42..0000000 --- a/cases/api_upload_post_mass_assignment_identity_probe_398f4294.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── POST /api/upload - [mass_assignment] identity probe ── -# case_id=TC-398f4294 -# case_name=POST /api/upload - [mass_assignment] identity probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "oops", - "commitSha": "mustering", - "createdBy": "__probe__", - "ownerId": "__probe__", - "service": "I", - "specContent": "cut", - "userId": "__probe__", - "user_id": "__probe__" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_mass_assignment_privilege_probe_eb8249c9.hurl b/cases/api_upload_post_mass_assignment_privilege_probe_eb8249c9.hurl deleted file mode 100644 index c79bffa..0000000 --- a/cases/api_upload_post_mass_assignment_privilege_probe_eb8249c9.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── POST /api/upload - [mass_assignment] privilege probe ── -# case_id=TC-eb8249c9 -# case_name=POST /api/upload - [mass_assignment] privilege probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "admin": true, - "branch": "oops", - "commitSha": "mustering", - "isAdmin": true, - "is_admin": true, - "role": "__probe__", - "service": "I", - "specContent": "cut" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_mass_assignment_status_probe_0310fa1a.hurl b/cases/api_upload_post_mass_assignment_status_probe_0310fa1a.hurl deleted file mode 100644 index 897d196..0000000 --- a/cases/api_upload_post_mass_assignment_status_probe_0310fa1a.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── POST /api/upload - [mass_assignment] status probe ── -# case_id=TC-0310fa1a -# case_name=POST /api/upload - [mass_assignment] status probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "approved": true, - "banned": false, - "branch": "oops", - "commitSha": "mustering", - "disabled": false, - "service": "I", - "specContent": "cut", - "verified": true -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_missing_required_field_branch_33947120.hurl b/cases/api_upload_post_missing_required_field_branch_33947120.hurl deleted file mode 100644 index 43a7f41..0000000 --- a/cases/api_upload_post_missing_required_field_branch_33947120.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/upload - missing required field "branch" ── -# case_id=TC-33947120 -# case_name=POST /api/upload - missing required field "branch" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "commitSha": "pack", - "service": "ears", - "specContent": "now" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_missing_required_field_branch_d756c10c.hurl b/cases/api_upload_post_missing_required_field_branch_d756c10c.hurl deleted file mode 100644 index 1b06036..0000000 --- a/cases/api_upload_post_missing_required_field_branch_d756c10c.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/upload - missing required field "branch" ── -# case_id=TC-d756c10c -# case_name=POST /api/upload - missing required field "branch" -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P1 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "commitSha": "news", - "service": "seldom", - "specContent": "who" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_missing_required_field_service_89850cfa.hurl b/cases/api_upload_post_missing_required_field_service_89850cfa.hurl deleted file mode 100644 index 0a3f77b..0000000 --- a/cases/api_upload_post_missing_required_field_service_89850cfa.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/upload - missing required field "service" ── -# case_id=TC-89850cfa -# case_name=POST /api/upload - missing required field "service" -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P1 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "occasionally", - "commitSha": "lastly", - "specContent": "eat" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_missing_required_field_service_8f85caae.hurl b/cases/api_upload_post_missing_required_field_service_8f85caae.hurl deleted file mode 100644 index 97573db..0000000 --- a/cases/api_upload_post_missing_required_field_service_8f85caae.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/upload - missing required field "service" ── -# case_id=TC-8f85caae -# case_name=POST /api/upload - missing required field "service" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "recline", - "commitSha": "pack", - "specContent": "now" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_missing_required_field_speccontent_1de0eefc.hurl b/cases/api_upload_post_missing_required_field_speccontent_1de0eefc.hurl deleted file mode 100644 index 5b08765..0000000 --- a/cases/api_upload_post_missing_required_field_speccontent_1de0eefc.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/upload - missing required field "specContent" ── -# case_id=TC-1de0eefc -# case_name=POST /api/upload - missing required field "specContent" -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P1 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "can", - "commitSha": "why", - "service": "forest" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_missing_required_field_speccontent_fccdadb2.hurl b/cases/api_upload_post_missing_required_field_speccontent_fccdadb2.hurl deleted file mode 100644 index ba511f2..0000000 --- a/cases/api_upload_post_missing_required_field_speccontent_fccdadb2.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/upload - missing required field "specContent" ── -# case_id=TC-fccdadb2 -# case_name=POST /api/upload - missing required field "specContent" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "recline", - "commitSha": "pack", - "service": "ears" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_mutation_branch_empty_string_cac690c1.hurl b/cases/api_upload_post_mutation_branch_empty_string_cac690c1.hurl deleted file mode 100644 index ff7b620..0000000 --- a/cases/api_upload_post_mutation_branch_empty_string_cac690c1.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── POST /api/upload - mutation: branch empty string ── -# case_id=TC-cac690c1 -# case_name=POST /api/upload - mutation: branch empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "", - "commitSha": "heavily", - "service": "sufficient", - "specContent": "ours" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_upload_post_mutation_branch_integer_instead_of_string_416a96c1.hurl b/cases/api_upload_post_mutation_branch_integer_instead_of_string_416a96c1.hurl deleted file mode 100644 index 1e65e95..0000000 --- a/cases/api_upload_post_mutation_branch_integer_instead_of_string_416a96c1.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── POST /api/upload - mutation: branch integer instead of string ── -# case_id=TC-416a96c1 -# case_name=POST /api/upload - mutation: branch integer instead of string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": 12345, - "commitSha": "heavily", - "service": "sufficient", - "specContent": "ours" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_upload_post_mutation_branch_null_value_9f510ed7.hurl b/cases/api_upload_post_mutation_branch_null_value_9f510ed7.hurl deleted file mode 100644 index d6f91f0..0000000 --- a/cases/api_upload_post_mutation_branch_null_value_9f510ed7.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── POST /api/upload - mutation: branch null value ── -# case_id=TC-9f510ed7 -# case_name=POST /api/upload - mutation: branch null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": null, - "commitSha": "heavily", - "service": "sufficient", - "specContent": "ours" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_upload_post_mutation_branch_oversized_string_300_chars_75d60dab.hurl b/cases/api_upload_post_mutation_branch_oversized_string_300_chars_75d60dab.hurl deleted file mode 100644 index 03ee5e7..0000000 --- a/cases/api_upload_post_mutation_branch_oversized_string_300_chars_75d60dab.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── POST /api/upload - mutation: branch oversized string (300 chars) ── -# case_id=TC-75d60dab -# case_name=POST /api/upload - mutation: branch oversized string (300 chars) -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "commitSha": "heavily", - "service": "sufficient", - "specContent": "ours" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_upload_post_mutation_commitsha_empty_string_f30e852c.hurl b/cases/api_upload_post_mutation_commitsha_empty_string_f30e852c.hurl deleted file mode 100644 index 9899330..0000000 --- a/cases/api_upload_post_mutation_commitsha_empty_string_f30e852c.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── POST /api/upload - mutation: commitSha empty string ── -# case_id=TC-f30e852c -# case_name=POST /api/upload - mutation: commitSha empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "instance", - "commitSha": "", - "service": "sufficient", - "specContent": "ours" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_upload_post_mutation_commitsha_integer_instead_of_string_b1212f34.hurl b/cases/api_upload_post_mutation_commitsha_integer_instead_of_string_b1212f34.hurl deleted file mode 100644 index 37a1400..0000000 --- a/cases/api_upload_post_mutation_commitsha_integer_instead_of_string_b1212f34.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── POST /api/upload - mutation: commitSha integer instead of string ── -# case_id=TC-b1212f34 -# case_name=POST /api/upload - mutation: commitSha integer instead of string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "instance", - "commitSha": 12345, - "service": "sufficient", - "specContent": "ours" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_upload_post_mutation_commitsha_null_value_0c1c92bd.hurl b/cases/api_upload_post_mutation_commitsha_null_value_0c1c92bd.hurl deleted file mode 100644 index 7185468..0000000 --- a/cases/api_upload_post_mutation_commitsha_null_value_0c1c92bd.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── POST /api/upload - mutation: commitSha null value ── -# case_id=TC-0c1c92bd -# case_name=POST /api/upload - mutation: commitSha null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "instance", - "commitSha": null, - "service": "sufficient", - "specContent": "ours" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_upload_post_mutation_commitsha_oversized_string_300_chars_fdaf954a.hurl b/cases/api_upload_post_mutation_commitsha_oversized_string_300_chars_fdaf954a.hurl deleted file mode 100644 index fe6102e..0000000 --- a/cases/api_upload_post_mutation_commitsha_oversized_string_300_chars_fdaf954a.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── POST /api/upload - mutation: commitSha oversized string (300 chars) ── -# case_id=TC-fdaf954a -# case_name=POST /api/upload - mutation: commitSha oversized string (300 chars) -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "instance", - "commitSha": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "service": "sufficient", - "specContent": "ours" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_upload_post_mutation_service_empty_string_6f0a4261.hurl b/cases/api_upload_post_mutation_service_empty_string_6f0a4261.hurl deleted file mode 100644 index fa5c6d6..0000000 --- a/cases/api_upload_post_mutation_service_empty_string_6f0a4261.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── POST /api/upload - mutation: service empty string ── -# case_id=TC-6f0a4261 -# case_name=POST /api/upload - mutation: service empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "instance", - "commitSha": "heavily", - "service": "", - "specContent": "ours" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_upload_post_mutation_service_null_value_7805eead.hurl b/cases/api_upload_post_mutation_service_null_value_7805eead.hurl deleted file mode 100644 index 5aaa91e..0000000 --- a/cases/api_upload_post_mutation_service_null_value_7805eead.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── POST /api/upload - mutation: service null value ── -# case_id=TC-7805eead -# case_name=POST /api/upload - mutation: service null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "instance", - "commitSha": "heavily", - "service": null, - "specContent": "ours" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_upload_post_null_injection_branch_5151a7d3.hurl b/cases/api_upload_post_null_injection_branch_5151a7d3.hurl deleted file mode 100644 index 05d498b..0000000 --- a/cases/api_upload_post_null_injection_branch_5151a7d3.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - null injection: branch ── -# case_id=TC-5151a7d3 -# case_name=POST /api/upload - null injection: branch -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": null, - "commitSha": "troop", - "service": "we", - "specContent": "usually" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_null_injection_commitsha_e9eaa8fd.hurl b/cases/api_upload_post_null_injection_commitsha_e9eaa8fd.hurl deleted file mode 100644 index 2655f59..0000000 --- a/cases/api_upload_post_null_injection_commitsha_e9eaa8fd.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - null injection: commitSha ── -# case_id=TC-e9eaa8fd -# case_name=POST /api/upload - null injection: commitSha -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "rather", - "commitSha": null, - "service": "we", - "specContent": "usually" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_null_injection_service_b8cf0920.hurl b/cases/api_upload_post_null_injection_service_b8cf0920.hurl deleted file mode 100644 index c224d48..0000000 --- a/cases/api_upload_post_null_injection_service_b8cf0920.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - null injection: service ── -# case_id=TC-b8cf0920 -# case_name=POST /api/upload - null injection: service -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "rather", - "commitSha": "troop", - "service": null, - "specContent": "usually" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_null_injection_speccontent_fef2ed50.hurl b/cases/api_upload_post_null_injection_speccontent_fef2ed50.hurl deleted file mode 100644 index fe29870..0000000 --- a/cases/api_upload_post_null_injection_speccontent_fef2ed50.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - null injection: specContent ── -# case_id=TC-fef2ed50 -# case_name=POST /api/upload - null injection: specContent -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "rather", - "commitSha": "troop", - "service": "we", - "specContent": null -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_owasp_api2_broken_authentication_4c9fd28e.hurl b/cases/api_upload_post_owasp_api2_broken_authentication_4c9fd28e.hurl deleted file mode 100644 index 224c9d1..0000000 --- a/cases/api_upload_post_owasp_api2_broken_authentication_4c9fd28e.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] POST /api/upload — broken authentication ── -# case_id=TC-4c9fd28e -# case_name=[OWASP-API2] POST /api/upload — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/upload - -HTTP 401 - diff --git a/cases/api_upload_post_owasp_api6_mass_assignment_bcf8922c.hurl b/cases/api_upload_post_owasp_api6_mass_assignment_bcf8922c.hurl deleted file mode 100644 index 9841209..0000000 --- a/cases/api_upload_post_owasp_api6_mass_assignment_bcf8922c.hurl +++ /dev/null @@ -1,29 +0,0 @@ -# ── [OWASP-API6] POST /api/upload — mass assignment ── -# case_id=TC-bcf8922c -# case_name=[OWASP-API6] POST /api/upload — mass assignment -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "second", - "commitSha": "he", - "createdAt": "2000-01-01T00:00:00Z", - "id": 99999, - "service": "his", - "specContent": "of", - "updatedAt": "2000-01-01T00:00:00Z" -} -``` - -HTTP 201 - -[Asserts] -jsonpath "$.id" != 99999 -jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" -jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" - diff --git a/cases/api_upload_post_owasp_api7_injection_path_traversal_553f4f51.hurl b/cases/api_upload_post_owasp_api7_injection_path_traversal_553f4f51.hurl deleted file mode 100644 index 92192bf..0000000 --- a/cases/api_upload_post_owasp_api7_injection_path_traversal_553f4f51.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── [OWASP-API7] POST /api/upload — injection (path-traversal) ── -# case_id=TC-553f4f51 -# case_name=[OWASP-API7] POST /api/upload — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "../../../etc/passwd" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_owasp_api7_injection_sqli_b528a6e6.hurl b/cases/api_upload_post_owasp_api7_injection_sqli_b528a6e6.hurl deleted file mode 100644 index 1eb2007..0000000 --- a/cases/api_upload_post_owasp_api7_injection_sqli_b528a6e6.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── [OWASP-API7] POST /api/upload — injection (sqli) ── -# case_id=TC-b528a6e6 -# case_name=[OWASP-API7] POST /api/upload — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "' OR 1=1--" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_owasp_api7_injection_xss_81a2a747.hurl b/cases/api_upload_post_owasp_api7_injection_xss_81a2a747.hurl deleted file mode 100644 index a363b2d..0000000 --- a/cases/api_upload_post_owasp_api7_injection_xss_81a2a747.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── [OWASP-API7] POST /api/upload — injection (xss) ── -# case_id=TC-81a2a747 -# case_name=[OWASP-API7] POST /api/upload — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_required_omission_branch_absent_893f33e4.hurl b/cases/api_upload_post_required_omission_branch_absent_893f33e4.hurl deleted file mode 100644 index c1e9743..0000000 --- a/cases/api_upload_post_required_omission_branch_absent_893f33e4.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/upload - [required_omission] branch absent ── -# case_id=TC-893f33e4 -# case_name=POST /api/upload - [required_omission] branch absent -# step_id=step-main -# step_type=test -# technique=required_omission -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "commitSha": "where", - "service": "though", - "specContent": "wisp" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_upload_post_required_omission_service_absent_f4726c9d.hurl b/cases/api_upload_post_required_omission_service_absent_f4726c9d.hurl deleted file mode 100644 index 541b80c..0000000 --- a/cases/api_upload_post_required_omission_service_absent_f4726c9d.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/upload - [required_omission] service absent ── -# case_id=TC-f4726c9d -# case_name=POST /api/upload - [required_omission] service absent -# step_id=step-main -# step_type=test -# technique=required_omission -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "whenever", - "commitSha": "himself", - "specContent": "did" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_upload_post_required_omission_speccontent_absent_196e600f.hurl b/cases/api_upload_post_required_omission_speccontent_absent_196e600f.hurl deleted file mode 100644 index 985881d..0000000 --- a/cases/api_upload_post_required_omission_speccontent_absent_196e600f.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/upload - [required_omission] specContent absent ── -# case_id=TC-196e600f -# case_name=POST /api/upload - [required_omission] specContent absent -# step_id=step-main -# step_type=test -# technique=required_omission -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "now", - "commitSha": "occasionally", - "service": "might" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/api_upload_post_schema_violation_branch_missing_required_381d4381.hurl b/cases/api_upload_post_schema_violation_branch_missing_required_381d4381.hurl deleted file mode 100644 index e2a4e25..0000000 --- a/cases/api_upload_post_schema_violation_branch_missing_required_381d4381.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/upload - [schema_violation] branch_missing_required ── -# case_id=TC-381d4381 -# case_name=POST /api/upload - [schema_violation] branch_missing_required -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "commitSha": "Brazilian", - "service": "intimidate", - "specContent": "tonight" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_schema_violation_branch_too_short_76d8b912.hurl b/cases/api_upload_post_schema_violation_branch_too_short_76d8b912.hurl deleted file mode 100644 index ffd68bd..0000000 --- a/cases/api_upload_post_schema_violation_branch_too_short_76d8b912.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [schema_violation] branch_too_short ── -# case_id=TC-76d8b912 -# case_name=POST /api/upload - [schema_violation] branch_too_short -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "", - "commitSha": "Brazilian", - "service": "intimidate", - "specContent": "tonight" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_schema_violation_service_missing_required_72938c30.hurl b/cases/api_upload_post_schema_violation_service_missing_required_72938c30.hurl deleted file mode 100644 index b8c63cc..0000000 --- a/cases/api_upload_post_schema_violation_service_missing_required_72938c30.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/upload - [schema_violation] service_missing_required ── -# case_id=TC-72938c30 -# case_name=POST /api/upload - [schema_violation] service_missing_required -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "to", - "commitSha": "Brazilian", - "specContent": "tonight" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_schema_violation_service_too_short_40be94ec.hurl b/cases/api_upload_post_schema_violation_service_too_short_40be94ec.hurl deleted file mode 100644 index 6644632..0000000 --- a/cases/api_upload_post_schema_violation_service_too_short_40be94ec.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [schema_violation] service_too_short ── -# case_id=TC-40be94ec -# case_name=POST /api/upload - [schema_violation] service_too_short -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "to", - "commitSha": "Brazilian", - "service": "", - "specContent": "tonight" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_schema_violation_speccontent_missing_required_555257e2.hurl b/cases/api_upload_post_schema_violation_speccontent_missing_required_555257e2.hurl deleted file mode 100644 index 566fd90..0000000 --- a/cases/api_upload_post_schema_violation_speccontent_missing_required_555257e2.hurl +++ /dev/null @@ -1,20 +0,0 @@ -# ── POST /api/upload - [schema_violation] specContent_missing_required ── -# case_id=TC-555257e2 -# case_name=POST /api/upload - [schema_violation] specContent_missing_required -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "to", - "commitSha": "Brazilian", - "service": "intimidate" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_schema_violation_speccontent_too_short_af512611.hurl b/cases/api_upload_post_schema_violation_speccontent_too_short_af512611.hurl deleted file mode 100644 index 3132953..0000000 --- a/cases/api_upload_post_schema_violation_speccontent_too_short_af512611.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [schema_violation] specContent_too_short ── -# case_id=TC-af512611 -# case_name=POST /api/upload - [schema_violation] specContent_too_short -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "to", - "commitSha": "Brazilian", - "service": "intimidate", - "specContent": "" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_service_at_max_plus_one_invalid_boundary_ad5debd5.hurl b/cases/api_upload_post_service_at_max_plus_one_invalid_boundary_ad5debd5.hurl deleted file mode 100644 index eb70225..0000000 --- a/cases/api_upload_post_service_at_max_plus_one_invalid_boundary_ad5debd5.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - service at max_plus_one_invalid boundary ── -# case_id=TC-ad5debd5 -# case_name=POST /api/upload - service at max_plus_one_invalid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "annoying", - "commitSha": "horde", - "service": "UqQKQdxIBaEEFIOlbucPEjkejpJhtGCnYytkTfHBnTHmoeamHxyFTtNkqceSxPhYjEZfVjxnkUrCXnzCRdtVbcomgJaqcHidTZbQHOJgFusDCcCXqQuHRTajulzyqxxOFgJZTIrWbrgvHDgjlzyuuBztsMwepFaVmllpLTRwhONiNNZZDMtJFSySHEyRBmGBvFwEkoyGZJSFbcrJaJVmftRoXuHFuUwcKLaJFIIGOYYgsNiAMNTBUcmdjtEEKcrT", - "specContent": "early" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_service_at_max_valid_boundary_3cd9de74.hurl b/cases/api_upload_post_service_at_max_valid_boundary_3cd9de74.hurl deleted file mode 100644 index dc251eb..0000000 --- a/cases/api_upload_post_service_at_max_valid_boundary_3cd9de74.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/upload - service at max_valid boundary ── -# case_id=TC-3cd9de74 -# case_name=POST /api/upload - service at max_valid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P1 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "annoying", - "commitSha": "horde", - "service": "atLOmtVVmlQhFvFrwuMTJjhgqzDQgMAKdxkeUnYswKYRxCFECDdRtuhENDYOeachFgpnTjKElKhbRGMNBMqtQcJeLmJEdXosWDnsTCROKgowmZMFmjZPjXeSVkrLtqyrTdhcTIoNWdfwRXnmvZQoROrQlafSbnQScDRKBvbCIsqPEGzseScyClXaqHCuhtwbNgwbAjmxZkPvBMGOxVbdVVDWFWdnUugVnZaDTXdkaRzAOYonKbCYZPlwlDZDKdT", - "specContent": "early" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_upload_post_service_at_min_minus_one_invalid_boundary_c9639729.hurl b/cases/api_upload_post_service_at_min_minus_one_invalid_boundary_c9639729.hurl deleted file mode 100644 index 60ab48c..0000000 --- a/cases/api_upload_post_service_at_min_minus_one_invalid_boundary_c9639729.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - service at min_minus_one_invalid boundary ── -# case_id=TC-c9639729 -# case_name=POST /api/upload - service at min_minus_one_invalid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "annoying", - "commitSha": "horde", - "service": "P", - "specContent": "early" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_service_at_min_valid_boundary_fa5f2879.hurl b/cases/api_upload_post_service_at_min_valid_boundary_fa5f2879.hurl deleted file mode 100644 index 782d42b..0000000 --- a/cases/api_upload_post_service_at_min_valid_boundary_fa5f2879.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/upload - service at min_valid boundary ── -# case_id=TC-fa5f2879 -# case_name=POST /api/upload - service at min_valid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P1 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "annoying", - "commitSha": "horde", - "service": "v", - "specContent": "early" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_upload_post_speccontent_at_max_plus_one_invalid_boundary_dbbfdc22.hurl b/cases/api_upload_post_speccontent_at_max_plus_one_invalid_boundary_dbbfdc22.hurl deleted file mode 100644 index 92a4930..0000000 --- a/cases/api_upload_post_speccontent_at_max_plus_one_invalid_boundary_dbbfdc22.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - specContent at max_plus_one_invalid boundary ── -# case_id=TC-dbbfdc22 -# case_name=POST /api/upload - specContent at max_plus_one_invalid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "annoying", - "commitSha": "horde", - "service": "patrol", - "specContent": "XYmkqdAEnhShAWMWevPjaEMcXFnlEMIZdgvjHxCMmpYIjgEHzJtlzMbGailVdFqZrzsWsGjpkSIhqCvAYsNhMiEWeEQWONGHrvWYvfPFzZHeBPoEohTATwAWyNcNwDNUwxVeqZxdAsktxHReoFPVnXfhBUWjzySqMmVghKlODAqkgFPTiJazKylKgHzgmDXbLnPQAKRyAscyAKlFZnpEkpnjoXxDbJnVmagvmQfbszLtHuyUTPLDrWNwJGJvuHBn" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_speccontent_at_max_valid_boundary_201ba23b.hurl b/cases/api_upload_post_speccontent_at_max_valid_boundary_201ba23b.hurl deleted file mode 100644 index 02cabb1..0000000 --- a/cases/api_upload_post_speccontent_at_max_valid_boundary_201ba23b.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/upload - specContent at max_valid boundary ── -# case_id=TC-201ba23b -# case_name=POST /api/upload - specContent at max_valid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P1 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "annoying", - "commitSha": "horde", - "service": "patrol", - "specContent": "MvxueBBOuEUznvCnujHEfhfJEmIkMiFxMUaMDQYopjbpdETOJXbhaSibxhItFKowWSgvVTsEKoRBvRboGZCrpNFYbErOCedxMcVAnLzDekWtkEvgLpSZAGaDLsFRvNWihavpvGqXfpluZjqXgXkvQZEpaaHgrFeEHQhhHsZqkGppwxBdpFmjShygsygoqyopydhyLxSwTwouvqLXCFkgNFkmEiZKFOzPodlBbQdZyQXKtqOjjyxMqTwcyXFgxoI" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_upload_post_speccontent_at_min_minus_one_invalid_boundary_b6f8003e.hurl b/cases/api_upload_post_speccontent_at_min_minus_one_invalid_boundary_b6f8003e.hurl deleted file mode 100644 index 66e7601..0000000 --- a/cases/api_upload_post_speccontent_at_min_minus_one_invalid_boundary_b6f8003e.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - specContent at min_minus_one_invalid boundary ── -# case_id=TC-b6f8003e -# case_name=POST /api/upload - specContent at min_minus_one_invalid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "annoying", - "commitSha": "horde", - "service": "patrol", - "specContent": "E" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_speccontent_at_min_valid_boundary_edc8ded2.hurl b/cases/api_upload_post_speccontent_at_min_valid_boundary_edc8ded2.hurl deleted file mode 100644 index ced74b5..0000000 --- a/cases/api_upload_post_speccontent_at_min_valid_boundary_edc8ded2.hurl +++ /dev/null @@ -1,24 +0,0 @@ -# ── POST /api/upload - specContent at min_valid boundary ── -# case_id=TC-edc8ded2 -# case_name=POST /api/upload - specContent at min_valid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P1 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "annoying", - "commitSha": "horde", - "service": "patrol", - "specContent": "s" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/api_upload_post_type_coercion_branch_wrong_type_boolean_e00401a8.hurl b/cases/api_upload_post_type_coercion_branch_wrong_type_boolean_e00401a8.hurl deleted file mode 100644 index 7231d0e..0000000 --- a/cases/api_upload_post_type_coercion_branch_wrong_type_boolean_e00401a8.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [type_coercion] branch wrong_type_boolean ── -# case_id=TC-e00401a8 -# case_name=POST /api/upload - [type_coercion] branch wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": true, - "commitSha": "throw", - "service": "the", - "specContent": "you" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_type_coercion_branch_wrong_type_integer_6a08feec.hurl b/cases/api_upload_post_type_coercion_branch_wrong_type_integer_6a08feec.hurl deleted file mode 100644 index 533172d..0000000 --- a/cases/api_upload_post_type_coercion_branch_wrong_type_integer_6a08feec.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [type_coercion] branch wrong_type_integer ── -# case_id=TC-6a08feec -# case_name=POST /api/upload - [type_coercion] branch wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": 123, - "commitSha": "throw", - "service": "the", - "specContent": "you" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_type_coercion_commitsha_wrong_type_boolean_16cf9e5b.hurl b/cases/api_upload_post_type_coercion_commitsha_wrong_type_boolean_16cf9e5b.hurl deleted file mode 100644 index 4876bcf..0000000 --- a/cases/api_upload_post_type_coercion_commitsha_wrong_type_boolean_16cf9e5b.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [type_coercion] commitSha wrong_type_boolean ── -# case_id=TC-16cf9e5b -# case_name=POST /api/upload - [type_coercion] commitSha wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "point", - "commitSha": true, - "service": "the", - "specContent": "you" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_type_coercion_commitsha_wrong_type_integer_b806224f.hurl b/cases/api_upload_post_type_coercion_commitsha_wrong_type_integer_b806224f.hurl deleted file mode 100644 index d6fc928..0000000 --- a/cases/api_upload_post_type_coercion_commitsha_wrong_type_integer_b806224f.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [type_coercion] commitSha wrong_type_integer ── -# case_id=TC-b806224f -# case_name=POST /api/upload - [type_coercion] commitSha wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "point", - "commitSha": 123, - "service": "the", - "specContent": "you" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_type_coercion_service_wrong_type_boolean_240bdc53.hurl b/cases/api_upload_post_type_coercion_service_wrong_type_boolean_240bdc53.hurl deleted file mode 100644 index 34eff09..0000000 --- a/cases/api_upload_post_type_coercion_service_wrong_type_boolean_240bdc53.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [type_coercion] service wrong_type_boolean ── -# case_id=TC-240bdc53 -# case_name=POST /api/upload - [type_coercion] service wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "point", - "commitSha": "throw", - "service": true, - "specContent": "you" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_type_coercion_service_wrong_type_integer_07462c7f.hurl b/cases/api_upload_post_type_coercion_service_wrong_type_integer_07462c7f.hurl deleted file mode 100644 index 4ed9bc0..0000000 --- a/cases/api_upload_post_type_coercion_service_wrong_type_integer_07462c7f.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [type_coercion] service wrong_type_integer ── -# case_id=TC-07462c7f -# case_name=POST /api/upload - [type_coercion] service wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "point", - "commitSha": "throw", - "service": 123, - "specContent": "you" -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_type_coercion_speccontent_wrong_type_boolean_4a28e8ae.hurl b/cases/api_upload_post_type_coercion_speccontent_wrong_type_boolean_4a28e8ae.hurl deleted file mode 100644 index 6e04d0e..0000000 --- a/cases/api_upload_post_type_coercion_speccontent_wrong_type_boolean_4a28e8ae.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [type_coercion] specContent wrong_type_boolean ── -# case_id=TC-4a28e8ae -# case_name=POST /api/upload - [type_coercion] specContent wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "point", - "commitSha": "throw", - "service": "the", - "specContent": true -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_type_coercion_speccontent_wrong_type_integer_bbde20a6.hurl b/cases/api_upload_post_type_coercion_speccontent_wrong_type_integer_bbde20a6.hurl deleted file mode 100644 index 749e208..0000000 --- a/cases/api_upload_post_type_coercion_speccontent_wrong_type_integer_bbde20a6.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [type_coercion] specContent wrong_type_integer ── -# case_id=TC-bbde20a6 -# case_name=POST /api/upload - [type_coercion] specContent wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "point", - "commitSha": "throw", - "service": "the", - "specContent": 123 -} -``` - -HTTP 422 - diff --git a/cases/api_upload_post_unicode_fuzzing_branch_bidi_override_09b46ba6.hurl b/cases/api_upload_post_unicode_fuzzing_branch_bidi_override_09b46ba6.hurl deleted file mode 100644 index 3e44032..0000000 --- a/cases/api_upload_post_unicode_fuzzing_branch_bidi_override_09b46ba6.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [unicode_fuzzing] branch bidi_override ── -# case_id=TC-09b46ba6 -# case_name=POST /api/upload - [unicode_fuzzing] branch bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "‮hello", - "commitSha": "herself", - "service": "consequently", - "specContent": "neither" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_unicode_fuzzing_branch_control_char_eb8a46bc.hurl b/cases/api_upload_post_unicode_fuzzing_branch_control_char_eb8a46bc.hurl deleted file mode 100644 index 812ad44..0000000 --- a/cases/api_upload_post_unicode_fuzzing_branch_control_char_eb8a46bc.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [unicode_fuzzing] branch control_char ── -# case_id=TC-eb8a46bc -# case_name=POST /api/upload - [unicode_fuzzing] branch control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "hello\u0000world", - "commitSha": "herself", - "service": "consequently", - "specContent": "neither" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_unicode_fuzzing_branch_overlong_8ecf3f52.hurl b/cases/api_upload_post_unicode_fuzzing_branch_overlong_8ecf3f52.hurl deleted file mode 100644 index 2d564f7..0000000 --- a/cases/api_upload_post_unicode_fuzzing_branch_overlong_8ecf3f52.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [unicode_fuzzing] branch overlong ── -# case_id=TC-8ecf3f52 -# case_name=POST /api/upload - [unicode_fuzzing] branch overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "commitSha": "herself", - "service": "consequently", - "specContent": "neither" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_unicode_fuzzing_branch_zalgo_3c16d4b3.hurl b/cases/api_upload_post_unicode_fuzzing_branch_zalgo_3c16d4b3.hurl deleted file mode 100644 index 0973ad1..0000000 --- a/cases/api_upload_post_unicode_fuzzing_branch_zalgo_3c16d4b3.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [unicode_fuzzing] branch zalgo ── -# case_id=TC-3c16d4b3 -# case_name=POST /api/upload - [unicode_fuzzing] branch zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "z̀́̂̃̄̅̆̇a", - "commitSha": "herself", - "service": "consequently", - "specContent": "neither" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_unicode_fuzzing_branch_zero_width_d4d96d5e.hurl b/cases/api_upload_post_unicode_fuzzing_branch_zero_width_d4d96d5e.hurl deleted file mode 100644 index 6ba952f..0000000 --- a/cases/api_upload_post_unicode_fuzzing_branch_zero_width_d4d96d5e.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [unicode_fuzzing] branch zero_width ── -# case_id=TC-d4d96d5e -# case_name=POST /api/upload - [unicode_fuzzing] branch zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "​hello", - "commitSha": "herself", - "service": "consequently", - "specContent": "neither" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_unicode_fuzzing_commitsha_bidi_override_471fcaef.hurl b/cases/api_upload_post_unicode_fuzzing_commitsha_bidi_override_471fcaef.hurl deleted file mode 100644 index 372334d..0000000 --- a/cases/api_upload_post_unicode_fuzzing_commitsha_bidi_override_471fcaef.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [unicode_fuzzing] commitSha bidi_override ── -# case_id=TC-471fcaef -# case_name=POST /api/upload - [unicode_fuzzing] commitSha bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "honestly", - "commitSha": "‮hello", - "service": "consequently", - "specContent": "neither" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_unicode_fuzzing_commitsha_control_char_1e3b28af.hurl b/cases/api_upload_post_unicode_fuzzing_commitsha_control_char_1e3b28af.hurl deleted file mode 100644 index 7974c54..0000000 --- a/cases/api_upload_post_unicode_fuzzing_commitsha_control_char_1e3b28af.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [unicode_fuzzing] commitSha control_char ── -# case_id=TC-1e3b28af -# case_name=POST /api/upload - [unicode_fuzzing] commitSha control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "honestly", - "commitSha": "hello\u0000world", - "service": "consequently", - "specContent": "neither" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_unicode_fuzzing_commitsha_overlong_d3d69da1.hurl b/cases/api_upload_post_unicode_fuzzing_commitsha_overlong_d3d69da1.hurl deleted file mode 100644 index 4265fc1..0000000 --- a/cases/api_upload_post_unicode_fuzzing_commitsha_overlong_d3d69da1.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [unicode_fuzzing] commitSha overlong ── -# case_id=TC-d3d69da1 -# case_name=POST /api/upload - [unicode_fuzzing] commitSha overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "honestly", - "commitSha": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "service": "consequently", - "specContent": "neither" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_unicode_fuzzing_commitsha_zalgo_f298d13c.hurl b/cases/api_upload_post_unicode_fuzzing_commitsha_zalgo_f298d13c.hurl deleted file mode 100644 index 30de175..0000000 --- a/cases/api_upload_post_unicode_fuzzing_commitsha_zalgo_f298d13c.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [unicode_fuzzing] commitSha zalgo ── -# case_id=TC-f298d13c -# case_name=POST /api/upload - [unicode_fuzzing] commitSha zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "honestly", - "commitSha": "z̀́̂̃̄̅̆̇a", - "service": "consequently", - "specContent": "neither" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_unicode_fuzzing_commitsha_zero_width_e4c96b76.hurl b/cases/api_upload_post_unicode_fuzzing_commitsha_zero_width_e4c96b76.hurl deleted file mode 100644 index a5eb18f..0000000 --- a/cases/api_upload_post_unicode_fuzzing_commitsha_zero_width_e4c96b76.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [unicode_fuzzing] commitSha zero_width ── -# case_id=TC-e4c96b76 -# case_name=POST /api/upload - [unicode_fuzzing] commitSha zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "honestly", - "commitSha": "​hello", - "service": "consequently", - "specContent": "neither" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_unicode_fuzzing_service_bidi_override_71d03103.hurl b/cases/api_upload_post_unicode_fuzzing_service_bidi_override_71d03103.hurl deleted file mode 100644 index 43138d1..0000000 --- a/cases/api_upload_post_unicode_fuzzing_service_bidi_override_71d03103.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [unicode_fuzzing] service bidi_override ── -# case_id=TC-71d03103 -# case_name=POST /api/upload - [unicode_fuzzing] service bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "honestly", - "commitSha": "herself", - "service": "‮hello", - "specContent": "neither" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_unicode_fuzzing_service_control_char_76fd376c.hurl b/cases/api_upload_post_unicode_fuzzing_service_control_char_76fd376c.hurl deleted file mode 100644 index ec56902..0000000 --- a/cases/api_upload_post_unicode_fuzzing_service_control_char_76fd376c.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [unicode_fuzzing] service control_char ── -# case_id=TC-76fd376c -# case_name=POST /api/upload - [unicode_fuzzing] service control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "honestly", - "commitSha": "herself", - "service": "hello\u0000world", - "specContent": "neither" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_unicode_fuzzing_service_overlong_4e0cc0d2.hurl b/cases/api_upload_post_unicode_fuzzing_service_overlong_4e0cc0d2.hurl deleted file mode 100644 index 0717ee6..0000000 --- a/cases/api_upload_post_unicode_fuzzing_service_overlong_4e0cc0d2.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [unicode_fuzzing] service overlong ── -# case_id=TC-4e0cc0d2 -# case_name=POST /api/upload - [unicode_fuzzing] service overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "honestly", - "commitSha": "herself", - "service": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "specContent": "neither" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_unicode_fuzzing_service_zalgo_7d8cc30e.hurl b/cases/api_upload_post_unicode_fuzzing_service_zalgo_7d8cc30e.hurl deleted file mode 100644 index b6ed6c8..0000000 --- a/cases/api_upload_post_unicode_fuzzing_service_zalgo_7d8cc30e.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [unicode_fuzzing] service zalgo ── -# case_id=TC-7d8cc30e -# case_name=POST /api/upload - [unicode_fuzzing] service zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "honestly", - "commitSha": "herself", - "service": "z̀́̂̃̄̅̆̇a", - "specContent": "neither" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_unicode_fuzzing_service_zero_width_f8f99bf7.hurl b/cases/api_upload_post_unicode_fuzzing_service_zero_width_f8f99bf7.hurl deleted file mode 100644 index 3a77dc7..0000000 --- a/cases/api_upload_post_unicode_fuzzing_service_zero_width_f8f99bf7.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [unicode_fuzzing] service zero_width ── -# case_id=TC-f8f99bf7 -# case_name=POST /api/upload - [unicode_fuzzing] service zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "honestly", - "commitSha": "herself", - "service": "​hello", - "specContent": "neither" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_unicode_fuzzing_speccontent_bidi_override_131ad5f4.hurl b/cases/api_upload_post_unicode_fuzzing_speccontent_bidi_override_131ad5f4.hurl deleted file mode 100644 index 015e1ad..0000000 --- a/cases/api_upload_post_unicode_fuzzing_speccontent_bidi_override_131ad5f4.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [unicode_fuzzing] specContent bidi_override ── -# case_id=TC-131ad5f4 -# case_name=POST /api/upload - [unicode_fuzzing] specContent bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "honestly", - "commitSha": "herself", - "service": "consequently", - "specContent": "‮hello" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_unicode_fuzzing_speccontent_control_char_7ff8ca85.hurl b/cases/api_upload_post_unicode_fuzzing_speccontent_control_char_7ff8ca85.hurl deleted file mode 100644 index f980a1a..0000000 --- a/cases/api_upload_post_unicode_fuzzing_speccontent_control_char_7ff8ca85.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [unicode_fuzzing] specContent control_char ── -# case_id=TC-7ff8ca85 -# case_name=POST /api/upload - [unicode_fuzzing] specContent control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "honestly", - "commitSha": "herself", - "service": "consequently", - "specContent": "hello\u0000world" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_unicode_fuzzing_speccontent_overlong_40f1423f.hurl b/cases/api_upload_post_unicode_fuzzing_speccontent_overlong_40f1423f.hurl deleted file mode 100644 index 8cdf56b..0000000 --- a/cases/api_upload_post_unicode_fuzzing_speccontent_overlong_40f1423f.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [unicode_fuzzing] specContent overlong ── -# case_id=TC-40f1423f -# case_name=POST /api/upload - [unicode_fuzzing] specContent overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "honestly", - "commitSha": "herself", - "service": "consequently", - "specContent": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_unicode_fuzzing_speccontent_zalgo_6b2db722.hurl b/cases/api_upload_post_unicode_fuzzing_speccontent_zalgo_6b2db722.hurl deleted file mode 100644 index 01c88c0..0000000 --- a/cases/api_upload_post_unicode_fuzzing_speccontent_zalgo_6b2db722.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [unicode_fuzzing] specContent zalgo ── -# case_id=TC-6b2db722 -# case_name=POST /api/upload - [unicode_fuzzing] specContent zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "honestly", - "commitSha": "herself", - "service": "consequently", - "specContent": "z̀́̂̃̄̅̆̇a" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_unicode_fuzzing_speccontent_zero_width_7ac120c3.hurl b/cases/api_upload_post_unicode_fuzzing_speccontent_zero_width_7ac120c3.hurl deleted file mode 100644 index ff7e223..0000000 --- a/cases/api_upload_post_unicode_fuzzing_speccontent_zero_width_7ac120c3.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - [unicode_fuzzing] specContent zero_width ── -# case_id=TC-7ac120c3 -# case_name=POST /api/upload - [unicode_fuzzing] specContent zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "honestly", - "commitSha": "herself", - "service": "consequently", - "specContent": "​hello" -} -``` - -HTTP 400 - diff --git a/cases/api_upload_post_valid_request_with_all_required_fields_e3da0de9.hurl b/cases/api_upload_post_valid_request_with_all_required_fields_e3da0de9.hurl deleted file mode 100644 index d1a3e1e..0000000 --- a/cases/api_upload_post_valid_request_with_all_required_fields_e3da0de9.hurl +++ /dev/null @@ -1,30 +0,0 @@ -# ── POST /api/upload - valid request with all required fields ── -# case_id=TC-e3da0de9 -# case_name=POST /api/upload - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "my", - "commitSha": "where", - "service": "Asian", - "specContent": "soon" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.endpointCount" exists -jsonpath "$.service" exists -jsonpath "$.unchanged" exists -jsonpath "$.warnings" exists -jsonpath "$.wasConverted" exists -jsonpath "$.branch" exists - diff --git a/cases/api_upload_post_wrong_content_type_text_plain_863dd501.hurl b/cases/api_upload_post_wrong_content_type_text_plain_863dd501.hurl deleted file mode 100644 index c57a726..0000000 --- a/cases/api_upload_post_wrong_content_type_text_plain_863dd501.hurl +++ /dev/null @@ -1,21 +0,0 @@ -# ── POST /api/upload - wrong content-type (text/plain) ── -# case_id=TC-863dd501 -# case_name=POST /api/upload - wrong content-type (text/plain) -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/api/upload -Content-Type: text/plain -```json -{ - "branch": "rather", - "commitSha": "troop", - "service": "we", - "specContent": "usually" -} -``` - -HTTP 415 - diff --git a/cases/api_upload_sequence_chain_get_api_specs_service_branch_openapi_json_8c25506c.hurl b/cases/api_upload_sequence_chain_get_api_specs_service_branch_openapi_json_8c25506c.hurl deleted file mode 100644 index 09629cc..0000000 --- a/cases/api_upload_sequence_chain_get_api_specs_service_branch_openapi_json_8c25506c.hurl +++ /dev/null @@ -1,45 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/upload → GET /api/specs/{service}/{branch}/openapi.json -# case_id=TC-8c25506c -# case_name=sequence chain: /api/upload → GET /api/specs/{service}/{branch}/openapi.json -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/upload [setup] ───── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/upload - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "gift", - "commitSha": "host", - "service": "been", - "specContent": "time" -} -``` - -HTTP * - -[Captures] -service: jsonpath "$.service" - -[Asserts] -status < 300 - -# ── use via GET /api/specs/{service}/{branch}/openapi.json [test] ── -# step_id=step-test -# step_type=test -# title=use via GET /api/specs/{service}/{branch}/openapi.json -# depends_on=step-setup - -GET {{base_url}}/api/specs/{{service}}/{branch}/openapi.json - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/api_upload_sequence_chain_put_api_admin_services_serviceid_team_f88dc931.hurl b/cases/api_upload_sequence_chain_put_api_admin_services_serviceid_team_f88dc931.hurl deleted file mode 100644 index e64b8db..0000000 --- a/cases/api_upload_sequence_chain_put_api_admin_services_serviceid_team_f88dc931.hurl +++ /dev/null @@ -1,51 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /api/upload → PUT /api/admin/services/{serviceId}/team -# case_id=TC-f88dc931 -# case_name=sequence chain: /api/upload → PUT /api/admin/services/{serviceId}/team -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /api/upload [setup] ───── -# step_id=step-setup -# step_type=setup -# title=create via POST /api/upload - -POST {{base_url}}/api/upload -Content-Type: application/json -```json -{ - "branch": "someone", - "commitSha": "instead", - "service": "therefore", - "specContent": "yesterday" -} -``` - -HTTP * - -[Captures] -serviceId: jsonpath "$.service" - -[Asserts] -status < 300 - -# ── use via PUT /api/admin/services/{serviceId}/team [test] ── -# step_id=step-test -# step_type=test -# title=use via PUT /api/admin/services/{serviceId}/team -# depends_on=step-setup - -PUT {{base_url}}/api/admin/services/{{serviceId}}/team -Content-Type: application/json -```json -{ - "teamId": "e76c96fd-19bb-41c3-a5a4-6720d313f439" -} -``` - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/auth_login_options_owasp_api8_cors_security_configuration_09111fdc.hurl b/cases/auth_login_options_owasp_api8_cors_security_configuration_09111fdc.hurl deleted file mode 100644 index f676b0e..0000000 --- a/cases/auth_login_options_owasp_api8_cors_security_configuration_09111fdc.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /auth/login — CORS security configuration ── -# case_id=TC-09111fdc -# case_name=[OWASP-API8] OPTIONS /auth/login — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/auth/login -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/auth_login_post_idempotent_second_call_must_be_safe_dc706f80.hurl b/cases/auth_login_post_idempotent_second_call_must_be_safe_dc706f80.hurl deleted file mode 100644 index 895af88..0000000 --- a/cases/auth_login_post_idempotent_second_call_must_be_safe_dc706f80.hurl +++ /dev/null @@ -1,47 +0,0 @@ -# ══════════════════════════════════════════════════ -# POST /auth/login - idempotent: second call must be safe -# case_id=TC-dc706f80 -# case_name=POST /auth/login - idempotent: second call must be safe -# case_kind=chain -# priority=P2 -# ══════════════════════════════════════════════════ - -# ── POST /auth/login — first call [setup] ── -# step_id=step-setup -# step_type=setup -# title=POST /auth/login — first call - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "arvidhanson@deckow.com", - "password": "thoughtful" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - -# ── POST /auth/login — identical second call must be safe [test] ── -# step_id=step-test -# step_type=test -# title=POST /auth/login — identical second call must be safe -# depends_on=step-setup - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "arvidhanson@deckow.com", - "password": "thoughtful" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/auth_login_post_invalid_email_invalid_email_format_2286db52.hurl b/cases/auth_login_post_invalid_email_invalid_email_format_2286db52.hurl deleted file mode 100644 index 7f39999..0000000 --- a/cases/auth_login_post_invalid_email_invalid_email_format_2286db52.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/login - invalid email: invalid email format ── -# case_id=TC-2286db52 -# case_name=POST /auth/login - invalid email: invalid email format -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "not-an-email", - "password": "sigh" -} -``` - -HTTP 422 - diff --git a/cases/auth_login_post_mass_assignment_financial_probe_5bcafac5.hurl b/cases/auth_login_post_mass_assignment_financial_probe_5bcafac5.hurl deleted file mode 100644 index a2a9b06..0000000 --- a/cases/auth_login_post_mass_assignment_financial_probe_5bcafac5.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/login - [mass_assignment] financial probe ── -# case_id=TC-5bcafac5 -# case_name=POST /auth/login - [mass_assignment] financial probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "balance": 1, - "credits": 1, - "discount": 0, - "email": "kriswong@koch.io", - "password": "us", - "price": 1 -} -``` - -HTTP 400 - diff --git a/cases/auth_login_post_mass_assignment_identity_probe_4c0c3203.hurl b/cases/auth_login_post_mass_assignment_identity_probe_4c0c3203.hurl deleted file mode 100644 index 8c378f2..0000000 --- a/cases/auth_login_post_mass_assignment_identity_probe_4c0c3203.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/login - [mass_assignment] identity probe ── -# case_id=TC-4c0c3203 -# case_name=POST /auth/login - [mass_assignment] identity probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "createdBy": "__probe__", - "email": "kriswong@koch.io", - "ownerId": "__probe__", - "password": "us", - "userId": "__probe__", - "user_id": "__probe__" -} -``` - -HTTP 400 - diff --git a/cases/auth_login_post_mass_assignment_privilege_probe_f4f54666.hurl b/cases/auth_login_post_mass_assignment_privilege_probe_f4f54666.hurl deleted file mode 100644 index bb06102..0000000 --- a/cases/auth_login_post_mass_assignment_privilege_probe_f4f54666.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/login - [mass_assignment] privilege probe ── -# case_id=TC-f4f54666 -# case_name=POST /auth/login - [mass_assignment] privilege probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "admin": true, - "email": "kriswong@koch.io", - "isAdmin": true, - "is_admin": true, - "password": "us", - "role": "__probe__" -} -``` - -HTTP 400 - diff --git a/cases/auth_login_post_mass_assignment_status_probe_f197447f.hurl b/cases/auth_login_post_mass_assignment_status_probe_f197447f.hurl deleted file mode 100644 index b9abb95..0000000 --- a/cases/auth_login_post_mass_assignment_status_probe_f197447f.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/login - [mass_assignment] status probe ── -# case_id=TC-f197447f -# case_name=POST /auth/login - [mass_assignment] status probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "approved": true, - "banned": false, - "disabled": false, - "email": "kriswong@koch.io", - "password": "us", - "verified": true -} -``` - -HTTP 400 - diff --git a/cases/auth_login_post_missing_required_field_email_4cc99b0c.hurl b/cases/auth_login_post_missing_required_field_email_4cc99b0c.hurl deleted file mode 100644 index 627bd75..0000000 --- a/cases/auth_login_post_missing_required_field_email_4cc99b0c.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── POST /auth/login - missing required field "email" ── -# case_id=TC-4cc99b0c -# case_name=POST /auth/login - missing required field "email" -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P1 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "password": "fuel" -} -``` - -HTTP 422 - diff --git a/cases/auth_login_post_missing_required_field_email_9b253ab6.hurl b/cases/auth_login_post_missing_required_field_email_9b253ab6.hurl deleted file mode 100644 index 41bc3e3..0000000 --- a/cases/auth_login_post_missing_required_field_email_9b253ab6.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── POST /auth/login - missing required field "email" ── -# case_id=TC-9b253ab6 -# case_name=POST /auth/login - missing required field "email" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "password": "sigh" -} -``` - -HTTP 422 - diff --git a/cases/auth_login_post_missing_required_field_password_70187e79.hurl b/cases/auth_login_post_missing_required_field_password_70187e79.hurl deleted file mode 100644 index 266ec8f..0000000 --- a/cases/auth_login_post_missing_required_field_password_70187e79.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── POST /auth/login - missing required field "password" ── -# case_id=TC-70187e79 -# case_name=POST /auth/login - missing required field "password" -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P1 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "montemendez@campbell.name" -} -``` - -HTTP 422 - diff --git a/cases/auth_login_post_missing_required_field_password_a6bbbeb7.hurl b/cases/auth_login_post_missing_required_field_password_a6bbbeb7.hurl deleted file mode 100644 index 09804b4..0000000 --- a/cases/auth_login_post_missing_required_field_password_a6bbbeb7.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── POST /auth/login - missing required field "password" ── -# case_id=TC-a6bbbeb7 -# case_name=POST /auth/login - missing required field "password" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "ebonysilva@mendez.info" -} -``` - -HTTP 422 - diff --git a/cases/auth_login_post_mutation_email_empty_string_81062c2f.hurl b/cases/auth_login_post_mutation_email_empty_string_81062c2f.hurl deleted file mode 100644 index 46f9e6c..0000000 --- a/cases/auth_login_post_mutation_email_empty_string_81062c2f.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/login - mutation: email empty string ── -# case_id=TC-81062c2f -# case_name=POST /auth/login - mutation: email empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "", - "password": "staff" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/auth_login_post_mutation_email_integer_instead_of_string_d7ccf79e.hurl b/cases/auth_login_post_mutation_email_integer_instead_of_string_d7ccf79e.hurl deleted file mode 100644 index d856fe6..0000000 --- a/cases/auth_login_post_mutation_email_integer_instead_of_string_d7ccf79e.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/login - mutation: email integer instead of string ── -# case_id=TC-d7ccf79e -# case_name=POST /auth/login - mutation: email integer instead of string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": 12345, - "password": "staff" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/auth_login_post_mutation_email_invalid_email_format_6926df81.hurl b/cases/auth_login_post_mutation_email_invalid_email_format_6926df81.hurl deleted file mode 100644 index 5f7d5fd..0000000 --- a/cases/auth_login_post_mutation_email_invalid_email_format_6926df81.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/login - mutation: email invalid email format ── -# case_id=TC-6926df81 -# case_name=POST /auth/login - mutation: email invalid email format -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "not-an-email", - "password": "staff" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/auth_login_post_mutation_email_null_value_b5693707.hurl b/cases/auth_login_post_mutation_email_null_value_b5693707.hurl deleted file mode 100644 index 64846e9..0000000 --- a/cases/auth_login_post_mutation_email_null_value_b5693707.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/login - mutation: email null value ── -# case_id=TC-b5693707 -# case_name=POST /auth/login - mutation: email null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": null, - "password": "staff" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/auth_login_post_mutation_email_oversized_string_300_chars_7f53df98.hurl b/cases/auth_login_post_mutation_email_oversized_string_300_chars_7f53df98.hurl deleted file mode 100644 index a196e7f..0000000 --- a/cases/auth_login_post_mutation_email_oversized_string_300_chars_7f53df98.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/login - mutation: email oversized string (300 chars) ── -# case_id=TC-7f53df98 -# case_name=POST /auth/login - mutation: email oversized string (300 chars) -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "password": "staff" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/auth_login_post_mutation_password_empty_string_a0ca01b6.hurl b/cases/auth_login_post_mutation_password_empty_string_a0ca01b6.hurl deleted file mode 100644 index 01e4f48..0000000 --- a/cases/auth_login_post_mutation_password_empty_string_a0ca01b6.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/login - mutation: password empty string ── -# case_id=TC-a0ca01b6 -# case_name=POST /auth/login - mutation: password empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "naomipierce@lewis.biz", - "password": "" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/auth_login_post_mutation_password_integer_instead_of_string_f16c5d8d.hurl b/cases/auth_login_post_mutation_password_integer_instead_of_string_f16c5d8d.hurl deleted file mode 100644 index 1c5b158..0000000 --- a/cases/auth_login_post_mutation_password_integer_instead_of_string_f16c5d8d.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/login - mutation: password integer instead of string ── -# case_id=TC-f16c5d8d -# case_name=POST /auth/login - mutation: password integer instead of string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "naomipierce@lewis.biz", - "password": 12345 -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/auth_login_post_mutation_password_null_value_b531d0ea.hurl b/cases/auth_login_post_mutation_password_null_value_b531d0ea.hurl deleted file mode 100644 index 724405c..0000000 --- a/cases/auth_login_post_mutation_password_null_value_b531d0ea.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/login - mutation: password null value ── -# case_id=TC-b531d0ea -# case_name=POST /auth/login - mutation: password null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "naomipierce@lewis.biz", - "password": null -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/auth_login_post_mutation_password_oversized_string_300_chars_acbb9354.hurl b/cases/auth_login_post_mutation_password_oversized_string_300_chars_acbb9354.hurl deleted file mode 100644 index 94a53cf..0000000 --- a/cases/auth_login_post_mutation_password_oversized_string_300_chars_acbb9354.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/login - mutation: password oversized string (300 chars) ── -# case_id=TC-acbb9354 -# case_name=POST /auth/login - mutation: password oversized string (300 chars) -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "naomipierce@lewis.biz", - "password": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/auth_login_post_null_injection_email_a1de0446.hurl b/cases/auth_login_post_null_injection_email_a1de0446.hurl deleted file mode 100644 index abff0b1..0000000 --- a/cases/auth_login_post_null_injection_email_a1de0446.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/login - null injection: email ── -# case_id=TC-a1de0446 -# case_name=POST /auth/login - null injection: email -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": null, - "password": "float" -} -``` - -HTTP 422 - diff --git a/cases/auth_login_post_null_injection_password_191c3a5b.hurl b/cases/auth_login_post_null_injection_password_191c3a5b.hurl deleted file mode 100644 index 9ca5a2b..0000000 --- a/cases/auth_login_post_null_injection_password_191c3a5b.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/login - null injection: password ── -# case_id=TC-191c3a5b -# case_name=POST /auth/login - null injection: password -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "ottonorris@sullivan.com", - "password": null -} -``` - -HTTP 422 - diff --git a/cases/auth_login_post_owasp_api6_mass_assignment_09c747ae.hurl b/cases/auth_login_post_owasp_api6_mass_assignment_09c747ae.hurl deleted file mode 100644 index 77b7f54..0000000 --- a/cases/auth_login_post_owasp_api6_mass_assignment_09c747ae.hurl +++ /dev/null @@ -1,27 +0,0 @@ -# ── [OWASP-API6] POST /auth/login — mass assignment ── -# case_id=TC-09c747ae -# case_name=[OWASP-API6] POST /auth/login — mass assignment -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "createdAt": "2000-01-01T00:00:00Z", - "email": "eddhanson@thomas.net", - "id": 99999, - "password": "we", - "updatedAt": "2000-01-01T00:00:00Z" -} -``` - -HTTP 201 - -[Asserts] -jsonpath "$.id" != 99999 -jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" -jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" - diff --git a/cases/auth_login_post_owasp_api7_injection_path_traversal_c3fc26dc.hurl b/cases/auth_login_post_owasp_api7_injection_path_traversal_c3fc26dc.hurl deleted file mode 100644 index 5e442f7..0000000 --- a/cases/auth_login_post_owasp_api7_injection_path_traversal_c3fc26dc.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── [OWASP-API7] POST /auth/login — injection (path-traversal) ── -# case_id=TC-c3fc26dc -# case_name=[OWASP-API7] POST /auth/login — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "../../../etc/passwd" -} -``` - -HTTP 400 - diff --git a/cases/auth_login_post_owasp_api7_injection_sqli_504b6c9e.hurl b/cases/auth_login_post_owasp_api7_injection_sqli_504b6c9e.hurl deleted file mode 100644 index 3b0bcf7..0000000 --- a/cases/auth_login_post_owasp_api7_injection_sqli_504b6c9e.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── [OWASP-API7] POST /auth/login — injection (sqli) ── -# case_id=TC-504b6c9e -# case_name=[OWASP-API7] POST /auth/login — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "' OR 1=1--" -} -``` - -HTTP 400 - diff --git a/cases/auth_login_post_owasp_api7_injection_xss_d41b3855.hurl b/cases/auth_login_post_owasp_api7_injection_xss_d41b3855.hurl deleted file mode 100644 index 54eab51..0000000 --- a/cases/auth_login_post_owasp_api7_injection_xss_d41b3855.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── [OWASP-API7] POST /auth/login — injection (xss) ── -# case_id=TC-d41b3855 -# case_name=[OWASP-API7] POST /auth/login — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" -} -``` - -HTTP 400 - diff --git a/cases/auth_login_post_required_omission_email_absent_3eaacfef.hurl b/cases/auth_login_post_required_omission_email_absent_3eaacfef.hurl deleted file mode 100644 index e234fd0..0000000 --- a/cases/auth_login_post_required_omission_email_absent_3eaacfef.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── POST /auth/login - [required_omission] email absent ── -# case_id=TC-3eaacfef -# case_name=POST /auth/login - [required_omission] email absent -# step_id=step-main -# step_type=test -# technique=required_omission -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "password": "abroad" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/auth_login_post_required_omission_password_absent_0a64a19d.hurl b/cases/auth_login_post_required_omission_password_absent_0a64a19d.hurl deleted file mode 100644 index 48c2b3c..0000000 --- a/cases/auth_login_post_required_omission_password_absent_0a64a19d.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── POST /auth/login - [required_omission] password absent ── -# case_id=TC-0a64a19d -# case_name=POST /auth/login - [required_omission] password absent -# step_id=step-main -# step_type=test -# technique=required_omission -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "darylfarrell@santiago.org" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/auth_login_post_schema_violation_email_invalid_format_email_891b32a4.hurl b/cases/auth_login_post_schema_violation_email_invalid_format_email_891b32a4.hurl deleted file mode 100644 index 09dd666..0000000 --- a/cases/auth_login_post_schema_violation_email_invalid_format_email_891b32a4.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/login - [schema_violation] email_invalid_format_email ── -# case_id=TC-891b32a4 -# case_name=POST /auth/login - [schema_violation] email_invalid_format_email -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "not-an-email", - "password": "eye" -} -``` - -HTTP 422 - diff --git a/cases/auth_login_post_schema_violation_email_missing_required_46bb3d69.hurl b/cases/auth_login_post_schema_violation_email_missing_required_46bb3d69.hurl deleted file mode 100644 index 81914f9..0000000 --- a/cases/auth_login_post_schema_violation_email_missing_required_46bb3d69.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── POST /auth/login - [schema_violation] email_missing_required ── -# case_id=TC-46bb3d69 -# case_name=POST /auth/login - [schema_violation] email_missing_required -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "password": "eye" -} -``` - -HTTP 422 - diff --git a/cases/auth_login_post_schema_violation_password_missing_required_5bddd51c.hurl b/cases/auth_login_post_schema_violation_password_missing_required_5bddd51c.hurl deleted file mode 100644 index 18bed08..0000000 --- a/cases/auth_login_post_schema_violation_password_missing_required_5bddd51c.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── POST /auth/login - [schema_violation] password_missing_required ── -# case_id=TC-5bddd51c -# case_name=POST /auth/login - [schema_violation] password_missing_required -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "clovissoto@clay.io" -} -``` - -HTTP 422 - diff --git a/cases/auth_login_post_type_coercion_email_wrong_type_boolean_91a4d98b.hurl b/cases/auth_login_post_type_coercion_email_wrong_type_boolean_91a4d98b.hurl deleted file mode 100644 index 5557bf0..0000000 --- a/cases/auth_login_post_type_coercion_email_wrong_type_boolean_91a4d98b.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/login - [type_coercion] email wrong_type_boolean ── -# case_id=TC-91a4d98b -# case_name=POST /auth/login - [type_coercion] email wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": true, - "password": "whole" -} -``` - -HTTP 422 - diff --git a/cases/auth_login_post_type_coercion_email_wrong_type_integer_2e0174b6.hurl b/cases/auth_login_post_type_coercion_email_wrong_type_integer_2e0174b6.hurl deleted file mode 100644 index d286822..0000000 --- a/cases/auth_login_post_type_coercion_email_wrong_type_integer_2e0174b6.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/login - [type_coercion] email wrong_type_integer ── -# case_id=TC-2e0174b6 -# case_name=POST /auth/login - [type_coercion] email wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": 123, - "password": "whole" -} -``` - -HTTP 422 - diff --git a/cases/auth_login_post_type_coercion_password_wrong_type_boolean_5c25d6d2.hurl b/cases/auth_login_post_type_coercion_password_wrong_type_boolean_5c25d6d2.hurl deleted file mode 100644 index a95a9f6..0000000 --- a/cases/auth_login_post_type_coercion_password_wrong_type_boolean_5c25d6d2.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/login - [type_coercion] password wrong_type_boolean ── -# case_id=TC-5c25d6d2 -# case_name=POST /auth/login - [type_coercion] password wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "lunasaunders@greene.net", - "password": true -} -``` - -HTTP 422 - diff --git a/cases/auth_login_post_type_coercion_password_wrong_type_integer_28167496.hurl b/cases/auth_login_post_type_coercion_password_wrong_type_integer_28167496.hurl deleted file mode 100644 index 6dac643..0000000 --- a/cases/auth_login_post_type_coercion_password_wrong_type_integer_28167496.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/login - [type_coercion] password wrong_type_integer ── -# case_id=TC-28167496 -# case_name=POST /auth/login - [type_coercion] password wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "lunasaunders@greene.net", - "password": 123 -} -``` - -HTTP 422 - diff --git a/cases/auth_login_post_unicode_fuzzing_email_bidi_override_08bd8265.hurl b/cases/auth_login_post_unicode_fuzzing_email_bidi_override_08bd8265.hurl deleted file mode 100644 index fdcb4c4..0000000 --- a/cases/auth_login_post_unicode_fuzzing_email_bidi_override_08bd8265.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/login - [unicode_fuzzing] email bidi_override ── -# case_id=TC-08bd8265 -# case_name=POST /auth/login - [unicode_fuzzing] email bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "‮hello", - "password": "themselves" -} -``` - -HTTP 400 - diff --git a/cases/auth_login_post_unicode_fuzzing_email_control_char_ce646cde.hurl b/cases/auth_login_post_unicode_fuzzing_email_control_char_ce646cde.hurl deleted file mode 100644 index 02ccbb3..0000000 --- a/cases/auth_login_post_unicode_fuzzing_email_control_char_ce646cde.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/login - [unicode_fuzzing] email control_char ── -# case_id=TC-ce646cde -# case_name=POST /auth/login - [unicode_fuzzing] email control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "hello\u0000world", - "password": "themselves" -} -``` - -HTTP 400 - diff --git a/cases/auth_login_post_unicode_fuzzing_email_overlong_1951562a.hurl b/cases/auth_login_post_unicode_fuzzing_email_overlong_1951562a.hurl deleted file mode 100644 index cd63299..0000000 --- a/cases/auth_login_post_unicode_fuzzing_email_overlong_1951562a.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/login - [unicode_fuzzing] email overlong ── -# case_id=TC-1951562a -# case_name=POST /auth/login - [unicode_fuzzing] email overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "password": "themselves" -} -``` - -HTTP 400 - diff --git a/cases/auth_login_post_unicode_fuzzing_email_zalgo_1091cce6.hurl b/cases/auth_login_post_unicode_fuzzing_email_zalgo_1091cce6.hurl deleted file mode 100644 index eac3a96..0000000 --- a/cases/auth_login_post_unicode_fuzzing_email_zalgo_1091cce6.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/login - [unicode_fuzzing] email zalgo ── -# case_id=TC-1091cce6 -# case_name=POST /auth/login - [unicode_fuzzing] email zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "z̀́̂̃̄̅̆̇a", - "password": "themselves" -} -``` - -HTTP 400 - diff --git a/cases/auth_login_post_unicode_fuzzing_email_zero_width_e4c515d2.hurl b/cases/auth_login_post_unicode_fuzzing_email_zero_width_e4c515d2.hurl deleted file mode 100644 index a1647c9..0000000 --- a/cases/auth_login_post_unicode_fuzzing_email_zero_width_e4c515d2.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/login - [unicode_fuzzing] email zero_width ── -# case_id=TC-e4c515d2 -# case_name=POST /auth/login - [unicode_fuzzing] email zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "​hello", - "password": "themselves" -} -``` - -HTTP 400 - diff --git a/cases/auth_login_post_unicode_fuzzing_password_bidi_override_dc3d45d4.hurl b/cases/auth_login_post_unicode_fuzzing_password_bidi_override_dc3d45d4.hurl deleted file mode 100644 index d0e9e29..0000000 --- a/cases/auth_login_post_unicode_fuzzing_password_bidi_override_dc3d45d4.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/login - [unicode_fuzzing] password bidi_override ── -# case_id=TC-dc3d45d4 -# case_name=POST /auth/login - [unicode_fuzzing] password bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "lilyperez@allen.io", - "password": "‮hello" -} -``` - -HTTP 400 - diff --git a/cases/auth_login_post_unicode_fuzzing_password_control_char_3fbdbf7e.hurl b/cases/auth_login_post_unicode_fuzzing_password_control_char_3fbdbf7e.hurl deleted file mode 100644 index 41792d0..0000000 --- a/cases/auth_login_post_unicode_fuzzing_password_control_char_3fbdbf7e.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/login - [unicode_fuzzing] password control_char ── -# case_id=TC-3fbdbf7e -# case_name=POST /auth/login - [unicode_fuzzing] password control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "lilyperez@allen.io", - "password": "hello\u0000world" -} -``` - -HTTP 400 - diff --git a/cases/auth_login_post_unicode_fuzzing_password_overlong_b2225a4c.hurl b/cases/auth_login_post_unicode_fuzzing_password_overlong_b2225a4c.hurl deleted file mode 100644 index d149553..0000000 --- a/cases/auth_login_post_unicode_fuzzing_password_overlong_b2225a4c.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/login - [unicode_fuzzing] password overlong ── -# case_id=TC-b2225a4c -# case_name=POST /auth/login - [unicode_fuzzing] password overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "lilyperez@allen.io", - "password": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" -} -``` - -HTTP 400 - diff --git a/cases/auth_login_post_unicode_fuzzing_password_zalgo_7329e86c.hurl b/cases/auth_login_post_unicode_fuzzing_password_zalgo_7329e86c.hurl deleted file mode 100644 index a5b8d77..0000000 --- a/cases/auth_login_post_unicode_fuzzing_password_zalgo_7329e86c.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/login - [unicode_fuzzing] password zalgo ── -# case_id=TC-7329e86c -# case_name=POST /auth/login - [unicode_fuzzing] password zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "lilyperez@allen.io", - "password": "z̀́̂̃̄̅̆̇a" -} -``` - -HTTP 400 - diff --git a/cases/auth_login_post_unicode_fuzzing_password_zero_width_4e879dad.hurl b/cases/auth_login_post_unicode_fuzzing_password_zero_width_4e879dad.hurl deleted file mode 100644 index eeefefc..0000000 --- a/cases/auth_login_post_unicode_fuzzing_password_zero_width_4e879dad.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/login - [unicode_fuzzing] password zero_width ── -# case_id=TC-4e879dad -# case_name=POST /auth/login - [unicode_fuzzing] password zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "lilyperez@allen.io", - "password": "​hello" -} -``` - -HTTP 400 - diff --git a/cases/auth_login_post_valid_request_with_all_required_fields_486e8c2a.hurl b/cases/auth_login_post_valid_request_with_all_required_fields_486e8c2a.hurl deleted file mode 100644 index 7af10e7..0000000 --- a/cases/auth_login_post_valid_request_with_all_required_fields_486e8c2a.hurl +++ /dev/null @@ -1,25 +0,0 @@ -# ── POST /auth/login - valid request with all required fields ── -# case_id=TC-486e8c2a -# case_name=POST /auth/login - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "ezrahowell@franklin.biz", - "password": "work" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.role" exists -jsonpath "$.token" exists -jsonpath "$.userId" exists - diff --git a/cases/auth_login_post_wrong_content_type_text_plain_ea0be7b9.hurl b/cases/auth_login_post_wrong_content_type_text_plain_ea0be7b9.hurl deleted file mode 100644 index 7c42dd5..0000000 --- a/cases/auth_login_post_wrong_content_type_text_plain_ea0be7b9.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/login - wrong content-type (text/plain) ── -# case_id=TC-ea0be7b9 -# case_name=POST /auth/login - wrong content-type (text/plain) -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/auth/login -Content-Type: text/plain -```json -{ - "email": "ottonorris@sullivan.com", - "password": "float" -} -``` - -HTTP 415 - diff --git a/cases/auth_login_sequence_chain_delete_api_admin_grants_id_2db91768.hurl b/cases/auth_login_sequence_chain_delete_api_admin_grants_id_2db91768.hurl deleted file mode 100644 index 86f0009..0000000 --- a/cases/auth_login_sequence_chain_delete_api_admin_grants_id_2db91768.hurl +++ /dev/null @@ -1,43 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /auth/login → DELETE /api/admin/grants/{id} -# case_id=TC-2db91768 -# case_name=sequence chain: /auth/login → DELETE /api/admin/grants/{id} -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /auth/login [setup] ───── -# step_id=step-setup -# step_type=setup -# title=create via POST /auth/login - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "elbertgibson@sanchez.biz", - "password": "which" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.userId" - -[Asserts] -status < 300 - -# ── use via DELETE /api/admin/grants/{id} [test] ── -# step_id=step-test -# step_type=test -# title=use via DELETE /api/admin/grants/{id} -# depends_on=step-setup - -DELETE {{base_url}}/api/admin/grants/{{id}} - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/auth_login_sequence_chain_delete_api_admin_users_id_8192e6ba.hurl b/cases/auth_login_sequence_chain_delete_api_admin_users_id_8192e6ba.hurl deleted file mode 100644 index 237e8b8..0000000 --- a/cases/auth_login_sequence_chain_delete_api_admin_users_id_8192e6ba.hurl +++ /dev/null @@ -1,43 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /auth/login → DELETE /api/admin/users/{id} -# case_id=TC-8192e6ba -# case_name=sequence chain: /auth/login → DELETE /api/admin/users/{id} -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /auth/login [setup] ───── -# step_id=step-setup -# step_type=setup -# title=create via POST /auth/login - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "meaghanbailey@simpson.io", - "password": "whatever" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.userId" - -[Asserts] -status < 300 - -# ── use via DELETE /api/admin/users/{id} [test] ── -# step_id=step-test -# step_type=test -# title=use via DELETE /api/admin/users/{id} -# depends_on=step-setup - -DELETE {{base_url}}/api/admin/users/{{id}} - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/auth_login_sequence_chain_get_api_admin_teams_id_grants_4f853ed4.hurl b/cases/auth_login_sequence_chain_get_api_admin_teams_id_grants_4f853ed4.hurl deleted file mode 100644 index fb560ec..0000000 --- a/cases/auth_login_sequence_chain_get_api_admin_teams_id_grants_4f853ed4.hurl +++ /dev/null @@ -1,43 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /auth/login → GET /api/admin/teams/{id}/grants -# case_id=TC-4f853ed4 -# case_name=sequence chain: /auth/login → GET /api/admin/teams/{id}/grants -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /auth/login [setup] ───── -# step_id=step-setup -# step_type=setup -# title=create via POST /auth/login - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "frankiewebb@davies.org", - "password": "for" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.userId" - -[Asserts] -status < 300 - -# ── use via GET /api/admin/teams/{id}/grants [test] ── -# step_id=step-test -# step_type=test -# title=use via GET /api/admin/teams/{id}/grants -# depends_on=step-setup - -GET {{base_url}}/api/admin/teams/{{id}}/grants - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/auth_login_sequence_chain_get_api_admin_teams_id_members_315cb6bf.hurl b/cases/auth_login_sequence_chain_get_api_admin_teams_id_members_315cb6bf.hurl deleted file mode 100644 index 01065f7..0000000 --- a/cases/auth_login_sequence_chain_get_api_admin_teams_id_members_315cb6bf.hurl +++ /dev/null @@ -1,43 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /auth/login → GET /api/admin/teams/{id}/members -# case_id=TC-315cb6bf -# case_name=sequence chain: /auth/login → GET /api/admin/teams/{id}/members -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /auth/login [setup] ───── -# step_id=step-setup -# step_type=setup -# title=create via POST /auth/login - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "manuelcasper@owen.net", - "password": "herself" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.userId" - -[Asserts] -status < 300 - -# ── use via GET /api/admin/teams/{id}/members [test] ── -# step_id=step-test -# step_type=test -# title=use via GET /api/admin/teams/{id}/members -# depends_on=step-setup - -GET {{base_url}}/api/admin/teams/{{id}}/members - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/auth_login_sequence_chain_get_api_admin_teams_id_services_ccf62dd8.hurl b/cases/auth_login_sequence_chain_get_api_admin_teams_id_services_ccf62dd8.hurl deleted file mode 100644 index b822d91..0000000 --- a/cases/auth_login_sequence_chain_get_api_admin_teams_id_services_ccf62dd8.hurl +++ /dev/null @@ -1,43 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /auth/login → GET /api/admin/teams/{id}/services -# case_id=TC-ccf62dd8 -# case_name=sequence chain: /auth/login → GET /api/admin/teams/{id}/services -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /auth/login [setup] ───── -# step_id=step-setup -# step_type=setup -# title=create via POST /auth/login - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "chetbergstrom@carroll.org", - "password": "additionally" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.userId" - -[Asserts] -status < 300 - -# ── use via GET /api/admin/teams/{id}/services [test] ── -# step_id=step-test -# step_type=test -# title=use via GET /api/admin/teams/{id}/services -# depends_on=step-setup - -GET {{base_url}}/api/admin/teams/{{id}}/services - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/auth_login_sequence_chain_post_api_admin_teams_id_grants_ba58927e.hurl b/cases/auth_login_sequence_chain_post_api_admin_teams_id_grants_ba58927e.hurl deleted file mode 100644 index b1dcce2..0000000 --- a/cases/auth_login_sequence_chain_post_api_admin_teams_id_grants_ba58927e.hurl +++ /dev/null @@ -1,55 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /auth/login → POST /api/admin/teams/{id}/grants -# case_id=TC-ba58927e -# case_name=sequence chain: /auth/login → POST /api/admin/teams/{id}/grants -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /auth/login [setup] ───── -# step_id=step-setup -# step_type=setup -# title=create via POST /auth/login - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "chaimbird@peters.info", - "password": "have" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.userId" - -[Asserts] -status < 300 - -# ── use via POST /api/admin/teams/{id}/grants [test] ── -# step_id=step-test -# step_type=test -# title=use via POST /api/admin/teams/{id}/grants -# depends_on=step-setup - -POST {{base_url}}/api/admin/teams/{{id}}/grants -Content-Type: application/json -```json -{ - "branches": [ - "anybody" - ], - "expiresAt": "1900-01-23T02:22:54Z", - "granteeTeamId": "2c916244-ec7b-46c4-8a46-75d8003b66f2", - "granteeUserId": "c582e301-b02e-418f-9960-f865b66da97f", - "serviceId": "eaa19ebb-002b-497c-a98a-0293aa5606ad" -} -``` - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/auth_login_sequence_chain_post_api_admin_teams_id_members_b9578186.hurl b/cases/auth_login_sequence_chain_post_api_admin_teams_id_members_b9578186.hurl deleted file mode 100644 index 0150d15..0000000 --- a/cases/auth_login_sequence_chain_post_api_admin_teams_id_members_b9578186.hurl +++ /dev/null @@ -1,50 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /auth/login → POST /api/admin/teams/{id}/members -# case_id=TC-b9578186 -# case_name=sequence chain: /auth/login → POST /api/admin/teams/{id}/members -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /auth/login [setup] ───── -# step_id=step-setup -# step_type=setup -# title=create via POST /auth/login - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "dwightsummers@schuster.org", - "password": "model" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.userId" - -[Asserts] -status < 300 - -# ── use via POST /api/admin/teams/{id}/members [test] ── -# step_id=step-test -# step_type=test -# title=use via POST /api/admin/teams/{id}/members -# depends_on=step-setup - -POST {{base_url}}/api/admin/teams/{{id}}/members -Content-Type: application/json -```json -{ - "role": "owner", - "userId": "5f656700-5067-4ad1-8384-1fb850bc7bf2" -} -``` - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/auth_login_sequence_chain_put_api_admin_users_id_4e754ff4.hurl b/cases/auth_login_sequence_chain_put_api_admin_users_id_4e754ff4.hurl deleted file mode 100644 index 8568542..0000000 --- a/cases/auth_login_sequence_chain_put_api_admin_users_id_4e754ff4.hurl +++ /dev/null @@ -1,50 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /auth/login → PUT /api/admin/users/{id} -# case_id=TC-4e754ff4 -# case_name=sequence chain: /auth/login → PUT /api/admin/users/{id} -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /auth/login [setup] ───── -# step_id=step-setup -# step_type=setup -# title=create via POST /auth/login - -POST {{base_url}}/auth/login -Content-Type: application/json -```json -{ - "email": "amparoknight@evans.biz", - "password": "always" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.userId" - -[Asserts] -status < 300 - -# ── use via PUT /api/admin/users/{id} [test] ── -# step_id=step-test -# step_type=test -# title=use via PUT /api/admin/users/{id} -# depends_on=step-setup - -PUT {{base_url}}/api/admin/users/{{id}} -Content-Type: application/json -```json -{ - "isActive": true, - "role": "team_owner" -} -``` - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/auth_logout_options_owasp_api8_cors_security_configuration_86522697.hurl b/cases/auth_logout_options_owasp_api8_cors_security_configuration_86522697.hurl deleted file mode 100644 index 22a7250..0000000 --- a/cases/auth_logout_options_owasp_api8_cors_security_configuration_86522697.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /auth/logout — CORS security configuration ── -# case_id=TC-86522697 -# case_name=[OWASP-API8] OPTIONS /auth/logout — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/auth/logout -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/auth_logout_post_idempotent_second_call_must_be_safe_cf0be90a.hurl b/cases/auth_logout_post_idempotent_second_call_must_be_safe_cf0be90a.hurl deleted file mode 100644 index ba059e9..0000000 --- a/cases/auth_logout_post_idempotent_second_call_must_be_safe_cf0be90a.hurl +++ /dev/null @@ -1,33 +0,0 @@ -# ══════════════════════════════════════════════════ -# POST /auth/logout - idempotent: second call must be safe -# case_id=TC-cf0be90a -# case_name=POST /auth/logout - idempotent: second call must be safe -# case_kind=chain -# priority=P2 -# ══════════════════════════════════════════════════ - -# ── POST /auth/logout — first call [setup] ── -# step_id=step-setup -# step_type=setup -# title=POST /auth/logout — first call - -POST {{base_url}}/auth/logout - -HTTP 200 - -[Asserts] -duration < 2000 - -# ── POST /auth/logout — identical second call must be safe [test] ── -# step_id=step-test -# step_type=test -# title=POST /auth/logout — identical second call must be safe -# depends_on=step-setup - -POST {{base_url}}/auth/logout - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/auth_logout_post_valid_request_with_all_required_fields_a517ccf9.hurl b/cases/auth_logout_post_valid_request_with_all_required_fields_a517ccf9.hurl deleted file mode 100644 index 488fe3a..0000000 --- a/cases/auth_logout_post_valid_request_with_all_required_fields_a517ccf9.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── POST /auth/logout - valid request with all required fields ── -# case_id=TC-a517ccf9 -# case_name=POST /auth/logout - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -POST {{base_url}}/auth/logout - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.ok" exists - diff --git a/cases/auth_register_options_owasp_api8_cors_security_configuration_2f9039a1.hurl b/cases/auth_register_options_owasp_api8_cors_security_configuration_2f9039a1.hurl deleted file mode 100644 index 3ead36a..0000000 --- a/cases/auth_register_options_owasp_api8_cors_security_configuration_2f9039a1.hurl +++ /dev/null @@ -1,16 +0,0 @@ -# ── [OWASP-API8] OPTIONS /auth/register — CORS security configuration ── -# case_id=TC-2f9039a1 -# case_name=[OWASP-API8] OPTIONS /auth/register — CORS security configuration -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10_spec -# priority=P0 - -OPTIONS {{base_url}}/auth/register -Origin: https://evil.example.com - -HTTP * - -[Asserts] -header "Access-Control-Allow-Origin" != "*" - diff --git a/cases/auth_register_post_auth_chain_46922b8d.hurl b/cases/auth_register_post_auth_chain_46922b8d.hurl deleted file mode 100644 index c7142c2..0000000 --- a/cases/auth_register_post_auth_chain_46922b8d.hurl +++ /dev/null @@ -1,51 +0,0 @@ -# ══════════════════════════════════════════════════ -# auth chain: POST /auth/register -# case_id=TC-46922b8d -# case_name=auth chain: POST /auth/register -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── authenticate via POST /api/tokens [setup] ── -# step_id=step-auth -# step_type=setup -# title=authenticate via POST /api/tokens - -POST {{base_url}}/api/tokens -Content-Type: application/json -```json -{ - "name": "Jakob Jensen", - "scope": "write" -} -``` - -HTTP * - -[Captures] -authToken: jsonpath "$.token" - -[Asserts] -status < 300 - -# ── POST /auth/register with auth token [test] ── -# step_id=step-test -# step_type=test -# title=POST /auth/register with auth token -# depends_on=step-auth - -POST {{base_url}}/auth/register -Authorization: Bearer {{authToken}} -Content-Type: application/json -```json -{ - "email": "edbarber@reyes.name", - "password": "nest" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/auth_register_post_field_boundary_password_invalid_below_min_29d13f96.hurl b/cases/auth_register_post_field_boundary_password_invalid_below_min_29d13f96.hurl deleted file mode 100644 index 97e4ccb..0000000 --- a/cases/auth_register_post_field_boundary_password_invalid_below_min_29d13f96.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/register - [field_boundary] password invalid_below_min ── -# case_id=TC-29d13f96 -# case_name=POST /auth/register - [field_boundary] password invalid_below_min -# step_id=step-main -# step_type=test -# technique=field_boundary -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "carmelmaldonado@schwartz.org", - "password": "aaaaaaa" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/auth_register_post_field_boundary_password_valid_min_31e0ac94.hurl b/cases/auth_register_post_field_boundary_password_valid_min_31e0ac94.hurl deleted file mode 100644 index 755f4dd..0000000 --- a/cases/auth_register_post_field_boundary_password_valid_min_31e0ac94.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/register - [field_boundary] password valid_min ── -# case_id=TC-31e0ac94 -# case_name=POST /auth/register - [field_boundary] password valid_min -# step_id=step-main -# step_type=test -# technique=field_boundary -# priority=P1 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "cedrickhermann@morales.org", - "password": "aaaaaaaa" -} -``` - -HTTP * - -[Asserts] -status >= 200 -status < 300 - diff --git a/cases/auth_register_post_idempotent_second_call_must_be_safe_d4349959.hurl b/cases/auth_register_post_idempotent_second_call_must_be_safe_d4349959.hurl deleted file mode 100644 index 18074a0..0000000 --- a/cases/auth_register_post_idempotent_second_call_must_be_safe_d4349959.hurl +++ /dev/null @@ -1,47 +0,0 @@ -# ══════════════════════════════════════════════════ -# POST /auth/register - idempotent: second call must be safe -# case_id=TC-d4349959 -# case_name=POST /auth/register - idempotent: second call must be safe -# case_kind=chain -# priority=P2 -# ══════════════════════════════════════════════════ - -# ── POST /auth/register — first call [setup] ── -# step_id=step-setup -# step_type=setup -# title=POST /auth/register — first call - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "selenagarza@ross.name", - "password": "break" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - -# ── POST /auth/register — identical second call must be safe [test] ── -# step_id=step-test -# step_type=test -# title=POST /auth/register — identical second call must be safe -# depends_on=step-setup - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "selenagarza@ross.name", - "password": "break" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/auth_register_post_invalid_email_invalid_email_format_8449b518.hurl b/cases/auth_register_post_invalid_email_invalid_email_format_8449b518.hurl deleted file mode 100644 index c0886b2..0000000 --- a/cases/auth_register_post_invalid_email_invalid_email_format_8449b518.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/register - invalid email: invalid email format ── -# case_id=TC-8449b518 -# case_name=POST /auth/register - invalid email: invalid email format -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "not-an-email", - "password": "this" -} -``` - -HTTP 422 - diff --git a/cases/auth_register_post_invalid_password_empty_string_violates_minlength_8_cf64a6d3.hurl b/cases/auth_register_post_invalid_password_empty_string_violates_minlength_8_cf64a6d3.hurl deleted file mode 100644 index 369c14b..0000000 --- a/cases/auth_register_post_invalid_password_empty_string_violates_minlength_8_cf64a6d3.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/register - invalid password: empty string violates minLength 8 ── -# case_id=TC-cf64a6d3 -# case_name=POST /auth/register - invalid password: empty string violates minLength 8 -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "mayragrant@nichols.name", - "password": "" -} -``` - -HTTP 422 - diff --git a/cases/auth_register_post_mass_assignment_financial_probe_9b577a9f.hurl b/cases/auth_register_post_mass_assignment_financial_probe_9b577a9f.hurl deleted file mode 100644 index 33bd33c..0000000 --- a/cases/auth_register_post_mass_assignment_financial_probe_9b577a9f.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/register - [mass_assignment] financial probe ── -# case_id=TC-9b577a9f -# case_name=POST /auth/register - [mass_assignment] financial probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "balance": 1, - "credits": 1, - "discount": 0, - "email": "waynedaniels@farrell.io", - "password": "instead", - "price": 1 -} -``` - -HTTP 400 - diff --git a/cases/auth_register_post_mass_assignment_identity_probe_be5d4ca2.hurl b/cases/auth_register_post_mass_assignment_identity_probe_be5d4ca2.hurl deleted file mode 100644 index 494c3d8..0000000 --- a/cases/auth_register_post_mass_assignment_identity_probe_be5d4ca2.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/register - [mass_assignment] identity probe ── -# case_id=TC-be5d4ca2 -# case_name=POST /auth/register - [mass_assignment] identity probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "createdBy": "__probe__", - "email": "waynedaniels@farrell.io", - "ownerId": "__probe__", - "password": "instead", - "userId": "__probe__", - "user_id": "__probe__" -} -``` - -HTTP 400 - diff --git a/cases/auth_register_post_mass_assignment_privilege_probe_065d2087.hurl b/cases/auth_register_post_mass_assignment_privilege_probe_065d2087.hurl deleted file mode 100644 index f1974c0..0000000 --- a/cases/auth_register_post_mass_assignment_privilege_probe_065d2087.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/register - [mass_assignment] privilege probe ── -# case_id=TC-065d2087 -# case_name=POST /auth/register - [mass_assignment] privilege probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "admin": true, - "email": "waynedaniels@farrell.io", - "isAdmin": true, - "is_admin": true, - "password": "instead", - "role": "__probe__" -} -``` - -HTTP 400 - diff --git a/cases/auth_register_post_mass_assignment_status_probe_cabe7291.hurl b/cases/auth_register_post_mass_assignment_status_probe_cabe7291.hurl deleted file mode 100644 index 5a7f264..0000000 --- a/cases/auth_register_post_mass_assignment_status_probe_cabe7291.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/register - [mass_assignment] status probe ── -# case_id=TC-cabe7291 -# case_name=POST /auth/register - [mass_assignment] status probe -# step_id=step-main -# step_type=test -# technique=mass_assignment -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "approved": true, - "banned": false, - "disabled": false, - "email": "waynedaniels@farrell.io", - "password": "instead", - "verified": true -} -``` - -HTTP 400 - diff --git a/cases/auth_register_post_missing_required_field_email_445d8b1f.hurl b/cases/auth_register_post_missing_required_field_email_445d8b1f.hurl deleted file mode 100644 index b9d3bdf..0000000 --- a/cases/auth_register_post_missing_required_field_email_445d8b1f.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── POST /auth/register - missing required field "email" ── -# case_id=TC-445d8b1f -# case_name=POST /auth/register - missing required field "email" -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P1 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "password": "still" -} -``` - -HTTP 422 - diff --git a/cases/auth_register_post_missing_required_field_email_cae39bb3.hurl b/cases/auth_register_post_missing_required_field_email_cae39bb3.hurl deleted file mode 100644 index b6fc8cd..0000000 --- a/cases/auth_register_post_missing_required_field_email_cae39bb3.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── POST /auth/register - missing required field "email" ── -# case_id=TC-cae39bb3 -# case_name=POST /auth/register - missing required field "email" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "password": "this" -} -``` - -HTTP 422 - diff --git a/cases/auth_register_post_missing_required_field_password_31707ae5.hurl b/cases/auth_register_post_missing_required_field_password_31707ae5.hurl deleted file mode 100644 index 80177d1..0000000 --- a/cases/auth_register_post_missing_required_field_password_31707ae5.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── POST /auth/register - missing required field "password" ── -# case_id=TC-31707ae5 -# case_name=POST /auth/register - missing required field "password" -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P1 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "leahawkins@white.io" -} -``` - -HTTP 422 - diff --git a/cases/auth_register_post_missing_required_field_password_72f7ecb7.hurl b/cases/auth_register_post_missing_required_field_password_72f7ecb7.hurl deleted file mode 100644 index 906eed6..0000000 --- a/cases/auth_register_post_missing_required_field_password_72f7ecb7.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── POST /auth/register - missing required field "password" ── -# case_id=TC-72f7ecb7 -# case_name=POST /auth/register - missing required field "password" -# step_id=step-main -# step_type=test -# technique=isolated_negative -# priority=P1 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "mayragrant@nichols.name" -} -``` - -HTTP 422 - diff --git a/cases/auth_register_post_mutation_email_empty_string_b9e7832e.hurl b/cases/auth_register_post_mutation_email_empty_string_b9e7832e.hurl deleted file mode 100644 index 8f52798..0000000 --- a/cases/auth_register_post_mutation_email_empty_string_b9e7832e.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/register - mutation: email empty string ── -# case_id=TC-b9e7832e -# case_name=POST /auth/register - mutation: email empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "", - "password": "where" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/auth_register_post_mutation_email_integer_instead_of_string_00b95383.hurl b/cases/auth_register_post_mutation_email_integer_instead_of_string_00b95383.hurl deleted file mode 100644 index 073aabc..0000000 --- a/cases/auth_register_post_mutation_email_integer_instead_of_string_00b95383.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/register - mutation: email integer instead of string ── -# case_id=TC-00b95383 -# case_name=POST /auth/register - mutation: email integer instead of string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": 12345, - "password": "where" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/auth_register_post_mutation_email_invalid_email_format_7c859b9c.hurl b/cases/auth_register_post_mutation_email_invalid_email_format_7c859b9c.hurl deleted file mode 100644 index 37657c6..0000000 --- a/cases/auth_register_post_mutation_email_invalid_email_format_7c859b9c.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/register - mutation: email invalid email format ── -# case_id=TC-7c859b9c -# case_name=POST /auth/register - mutation: email invalid email format -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "not-an-email", - "password": "where" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/auth_register_post_mutation_email_null_value_6da4f717.hurl b/cases/auth_register_post_mutation_email_null_value_6da4f717.hurl deleted file mode 100644 index 71c07ac..0000000 --- a/cases/auth_register_post_mutation_email_null_value_6da4f717.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/register - mutation: email null value ── -# case_id=TC-6da4f717 -# case_name=POST /auth/register - mutation: email null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": null, - "password": "where" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/auth_register_post_mutation_email_oversized_string_300_chars_3dfbbb02.hurl b/cases/auth_register_post_mutation_email_oversized_string_300_chars_3dfbbb02.hurl deleted file mode 100644 index 1ccb068..0000000 --- a/cases/auth_register_post_mutation_email_oversized_string_300_chars_3dfbbb02.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/register - mutation: email oversized string (300 chars) ── -# case_id=TC-3dfbbb02 -# case_name=POST /auth/register - mutation: email oversized string (300 chars) -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "password": "where" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/auth_register_post_mutation_password_empty_string_f66d6ba8.hurl b/cases/auth_register_post_mutation_password_empty_string_f66d6ba8.hurl deleted file mode 100644 index 63f0ff2..0000000 --- a/cases/auth_register_post_mutation_password_empty_string_f66d6ba8.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/register - mutation: password empty string ── -# case_id=TC-f66d6ba8 -# case_name=POST /auth/register - mutation: password empty string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "marjoriecole@donnelly.org", - "password": "" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/auth_register_post_mutation_password_integer_instead_of_string_85af6488.hurl b/cases/auth_register_post_mutation_password_integer_instead_of_string_85af6488.hurl deleted file mode 100644 index 955183e..0000000 --- a/cases/auth_register_post_mutation_password_integer_instead_of_string_85af6488.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/register - mutation: password integer instead of string ── -# case_id=TC-85af6488 -# case_name=POST /auth/register - mutation: password integer instead of string -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "marjoriecole@donnelly.org", - "password": 12345 -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/auth_register_post_mutation_password_null_value_8df134ff.hurl b/cases/auth_register_post_mutation_password_null_value_8df134ff.hurl deleted file mode 100644 index 0c54e74..0000000 --- a/cases/auth_register_post_mutation_password_null_value_8df134ff.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/register - mutation: password null value ── -# case_id=TC-8df134ff -# case_name=POST /auth/register - mutation: password null value -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "marjoriecole@donnelly.org", - "password": null -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/auth_register_post_mutation_password_oversized_string_300_chars_ffcd46cb.hurl b/cases/auth_register_post_mutation_password_oversized_string_300_chars_ffcd46cb.hurl deleted file mode 100644 index 3ef380f..0000000 --- a/cases/auth_register_post_mutation_password_oversized_string_300_chars_ffcd46cb.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/register - mutation: password oversized string (300 chars) ── -# case_id=TC-ffcd46cb -# case_name=POST /auth/register - mutation: password oversized string (300 chars) -# step_id=step-main -# step_type=test -# technique=mutation -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "marjoriecole@donnelly.org", - "password": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/auth_register_post_null_injection_email_031620b5.hurl b/cases/auth_register_post_null_injection_email_031620b5.hurl deleted file mode 100644 index 8fb879a..0000000 --- a/cases/auth_register_post_null_injection_email_031620b5.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/register - null injection: email ── -# case_id=TC-031620b5 -# case_name=POST /auth/register - null injection: email -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": null, - "password": "mouth" -} -``` - -HTTP 422 - diff --git a/cases/auth_register_post_null_injection_password_dc0c76f3.hurl b/cases/auth_register_post_null_injection_password_dc0c76f3.hurl deleted file mode 100644 index b5e0c7a..0000000 --- a/cases/auth_register_post_null_injection_password_dc0c76f3.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/register - null injection: password ── -# case_id=TC-dc0c76f3 -# case_name=POST /auth/register - null injection: password -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "audreygarrett@morris.info", - "password": null -} -``` - -HTTP 422 - diff --git a/cases/auth_register_post_owasp_api2_broken_authentication_e8a47f18.hurl b/cases/auth_register_post_owasp_api2_broken_authentication_e8a47f18.hurl deleted file mode 100644 index e259ea8..0000000 --- a/cases/auth_register_post_owasp_api2_broken_authentication_e8a47f18.hurl +++ /dev/null @@ -1,12 +0,0 @@ -# ── [OWASP-API2] POST /auth/register — broken authentication ── -# case_id=TC-e8a47f18 -# case_name=[OWASP-API2] POST /auth/register — broken authentication -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/auth/register - -HTTP 401 - diff --git a/cases/auth_register_post_owasp_api6_mass_assignment_900b6a9f.hurl b/cases/auth_register_post_owasp_api6_mass_assignment_900b6a9f.hurl deleted file mode 100644 index 44b6299..0000000 --- a/cases/auth_register_post_owasp_api6_mass_assignment_900b6a9f.hurl +++ /dev/null @@ -1,27 +0,0 @@ -# ── [OWASP-API6] POST /auth/register — mass assignment ── -# case_id=TC-900b6a9f -# case_name=[OWASP-API6] POST /auth/register — mass assignment -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "createdAt": "2000-01-01T00:00:00Z", - "email": "gennarogislason@newton.io", - "id": 99999, - "password": "did", - "updatedAt": "2000-01-01T00:00:00Z" -} -``` - -HTTP 201 - -[Asserts] -jsonpath "$.createdAt" != "2000-01-01T00:00:00Z" -jsonpath "$.updatedAt" != "2000-01-01T00:00:00Z" -jsonpath "$.id" != 99999 - diff --git a/cases/auth_register_post_owasp_api7_injection_path_traversal_2f3c6761.hurl b/cases/auth_register_post_owasp_api7_injection_path_traversal_2f3c6761.hurl deleted file mode 100644 index 2218a11..0000000 --- a/cases/auth_register_post_owasp_api7_injection_path_traversal_2f3c6761.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── [OWASP-API7] POST /auth/register — injection (path-traversal) ── -# case_id=TC-2f3c6761 -# case_name=[OWASP-API7] POST /auth/register — injection (path-traversal) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "../../../etc/passwd" -} -``` - -HTTP 400 - diff --git a/cases/auth_register_post_owasp_api7_injection_sqli_ff6e6a6b.hurl b/cases/auth_register_post_owasp_api7_injection_sqli_ff6e6a6b.hurl deleted file mode 100644 index 20d0608..0000000 --- a/cases/auth_register_post_owasp_api7_injection_sqli_ff6e6a6b.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── [OWASP-API7] POST /auth/register — injection (sqli) ── -# case_id=TC-ff6e6a6b -# case_name=[OWASP-API7] POST /auth/register — injection (sqli) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "' OR 1=1--" -} -``` - -HTTP 400 - diff --git a/cases/auth_register_post_owasp_api7_injection_xss_368fd7b5.hurl b/cases/auth_register_post_owasp_api7_injection_xss_368fd7b5.hurl deleted file mode 100644 index c2b01a5..0000000 --- a/cases/auth_register_post_owasp_api7_injection_xss_368fd7b5.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── [OWASP-API7] POST /auth/register — injection (xss) ── -# case_id=TC-368fd7b5 -# case_name=[OWASP-API7] POST /auth/register — injection (xss) -# step_id=step-1 -# step_type=test -# technique=owasp_api_top10 -# priority=P0 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" -} -``` - -HTTP 400 - diff --git a/cases/auth_register_post_password_at_max_plus_one_invalid_boundary_0de23fb9.hurl b/cases/auth_register_post_password_at_max_plus_one_invalid_boundary_0de23fb9.hurl deleted file mode 100644 index 75bf589..0000000 --- a/cases/auth_register_post_password_at_max_plus_one_invalid_boundary_0de23fb9.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/register - password at max_plus_one_invalid boundary ── -# case_id=TC-0de23fb9 -# case_name=POST /auth/register - password at max_plus_one_invalid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "kasandravelazquez@willis.org", - "password": "rPNlcdUMPwImsPdHFstXXMFIWbajRRdQloozwcKtoDbGhjiVVjHhIxcPpxMVGqqKfZycxZGoowdemLuYWOaEvFeerqBahGZywYIkuGXZrJdCNLryEunbqPYCHWypnUwNviWToCVJFisKyZtCteizZYgpdPlJDBzSucWfdtYFBAzmlDrKirFlAXDxVwWdZscUXFIAryQbydibyCuTJuKPjVPFBgydzlVHJwlOmkfnmyWhxdOnhlOMZdXVRggOpqya" -} -``` - -HTTP 422 - diff --git a/cases/auth_register_post_password_at_max_valid_boundary_b381fdb9.hurl b/cases/auth_register_post_password_at_max_valid_boundary_b381fdb9.hurl deleted file mode 100644 index 518c5cf..0000000 --- a/cases/auth_register_post_password_at_max_valid_boundary_b381fdb9.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── POST /auth/register - password at max_valid boundary ── -# case_id=TC-b381fdb9 -# case_name=POST /auth/register - password at max_valid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P1 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "kasandravelazquez@willis.org", - "password": "zBlKzdHplyIohqMEAqvZSLUwRAAjdZKfbpkfEhUcSKoTKSlgMvwBEjoRpxXhryTaTAoTzCYyWaXpUkIgpumlAMpSEYEqFYHvmPDdtFumNUpHtbSoyugqaeiVyRdgqNwJsZzlXPJtrDBniDFcfYhHvlLEZBOqZCOoAPKPXTaHVHlRPRLPdCiRYyBYiVNGQIfRCXVbfVAECwwZbjBrGaKIfctBAjeidCzjvfjsjckVQIlqUrEHxrxTFDKxXvgrcFS" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/auth_register_post_password_at_min_minus_one_invalid_boundary_15e47d10.hurl b/cases/auth_register_post_password_at_min_minus_one_invalid_boundary_15e47d10.hurl deleted file mode 100644 index 1f69ab4..0000000 --- a/cases/auth_register_post_password_at_min_minus_one_invalid_boundary_15e47d10.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/register - password at min_minus_one_invalid boundary ── -# case_id=TC-15e47d10 -# case_name=POST /auth/register - password at min_minus_one_invalid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "kasandravelazquez@willis.org", - "password": "qnWvUIn" -} -``` - -HTTP 422 - diff --git a/cases/auth_register_post_password_at_min_valid_boundary_0f0b429e.hurl b/cases/auth_register_post_password_at_min_valid_boundary_0f0b429e.hurl deleted file mode 100644 index a6b22ae..0000000 --- a/cases/auth_register_post_password_at_min_valid_boundary_0f0b429e.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── POST /auth/register - password at min_valid boundary ── -# case_id=TC-0f0b429e -# case_name=POST /auth/register - password at min_valid boundary -# step_id=step-main -# step_type=test -# technique=boundary_value -# priority=P1 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "kasandravelazquez@willis.org", - "password": "htnnilAG" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 - diff --git a/cases/auth_register_post_required_omission_email_absent_b724df31.hurl b/cases/auth_register_post_required_omission_email_absent_b724df31.hurl deleted file mode 100644 index 47787e5..0000000 --- a/cases/auth_register_post_required_omission_email_absent_b724df31.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── POST /auth/register - [required_omission] email absent ── -# case_id=TC-b724df31 -# case_name=POST /auth/register - [required_omission] email absent -# step_id=step-main -# step_type=test -# technique=required_omission -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "password": "themselves" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/auth_register_post_required_omission_password_absent_3d6d9a7d.hurl b/cases/auth_register_post_required_omission_password_absent_3d6d9a7d.hurl deleted file mode 100644 index 90d3b45..0000000 --- a/cases/auth_register_post_required_omission_password_absent_3d6d9a7d.hurl +++ /dev/null @@ -1,22 +0,0 @@ -# ── POST /auth/register - [required_omission] password absent ── -# case_id=TC-3d6d9a7d -# case_name=POST /auth/register - [required_omission] password absent -# step_id=step-main -# step_type=test -# technique=required_omission -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "artperkins@smith.net" -} -``` - -HTTP * - -[Asserts] -status >= 400 -status < 500 - diff --git a/cases/auth_register_post_schema_violation_email_invalid_format_email_75e2908b.hurl b/cases/auth_register_post_schema_violation_email_invalid_format_email_75e2908b.hurl deleted file mode 100644 index 367b6ee..0000000 --- a/cases/auth_register_post_schema_violation_email_invalid_format_email_75e2908b.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/register - [schema_violation] email_invalid_format_email ── -# case_id=TC-75e2908b -# case_name=POST /auth/register - [schema_violation] email_invalid_format_email -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "not-an-email", - "password": "these" -} -``` - -HTTP 422 - diff --git a/cases/auth_register_post_schema_violation_email_missing_required_95b20a12.hurl b/cases/auth_register_post_schema_violation_email_missing_required_95b20a12.hurl deleted file mode 100644 index 75f251e..0000000 --- a/cases/auth_register_post_schema_violation_email_missing_required_95b20a12.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── POST /auth/register - [schema_violation] email_missing_required ── -# case_id=TC-95b20a12 -# case_name=POST /auth/register - [schema_violation] email_missing_required -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "password": "these" -} -``` - -HTTP 422 - diff --git a/cases/auth_register_post_schema_violation_password_missing_required_88fb391a.hurl b/cases/auth_register_post_schema_violation_password_missing_required_88fb391a.hurl deleted file mode 100644 index d073f89..0000000 --- a/cases/auth_register_post_schema_violation_password_missing_required_88fb391a.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── POST /auth/register - [schema_violation] password_missing_required ── -# case_id=TC-88fb391a -# case_name=POST /auth/register - [schema_violation] password_missing_required -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "jadonrobertson@wu.org" -} -``` - -HTTP 422 - diff --git a/cases/auth_register_post_schema_violation_password_too_short_225366e2.hurl b/cases/auth_register_post_schema_violation_password_too_short_225366e2.hurl deleted file mode 100644 index 8aad65e..0000000 --- a/cases/auth_register_post_schema_violation_password_too_short_225366e2.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/register - [schema_violation] password_too_short ── -# case_id=TC-225366e2 -# case_name=POST /auth/register - [schema_violation] password_too_short -# step_id=step-main -# step_type=test -# technique=schema_violation -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "jadonrobertson@wu.org", - "password": "" -} -``` - -HTTP 422 - diff --git a/cases/auth_register_post_type_coercion_email_wrong_type_boolean_cff3b5ee.hurl b/cases/auth_register_post_type_coercion_email_wrong_type_boolean_cff3b5ee.hurl deleted file mode 100644 index e49b791..0000000 --- a/cases/auth_register_post_type_coercion_email_wrong_type_boolean_cff3b5ee.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/register - [type_coercion] email wrong_type_boolean ── -# case_id=TC-cff3b5ee -# case_name=POST /auth/register - [type_coercion] email wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": true, - "password": "it" -} -``` - -HTTP 422 - diff --git a/cases/auth_register_post_type_coercion_email_wrong_type_integer_c40fa64f.hurl b/cases/auth_register_post_type_coercion_email_wrong_type_integer_c40fa64f.hurl deleted file mode 100644 index f2d8955..0000000 --- a/cases/auth_register_post_type_coercion_email_wrong_type_integer_c40fa64f.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/register - [type_coercion] email wrong_type_integer ── -# case_id=TC-c40fa64f -# case_name=POST /auth/register - [type_coercion] email wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": 123, - "password": "it" -} -``` - -HTTP 422 - diff --git a/cases/auth_register_post_type_coercion_password_wrong_type_boolean_4af1b36a.hurl b/cases/auth_register_post_type_coercion_password_wrong_type_boolean_4af1b36a.hurl deleted file mode 100644 index 46be377..0000000 --- a/cases/auth_register_post_type_coercion_password_wrong_type_boolean_4af1b36a.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/register - [type_coercion] password wrong_type_boolean ── -# case_id=TC-4af1b36a -# case_name=POST /auth/register - [type_coercion] password wrong_type_boolean -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "bentonwoods@marsh.net", - "password": true -} -``` - -HTTP 422 - diff --git a/cases/auth_register_post_type_coercion_password_wrong_type_integer_4a32c12b.hurl b/cases/auth_register_post_type_coercion_password_wrong_type_integer_4a32c12b.hurl deleted file mode 100644 index 2c03f35..0000000 --- a/cases/auth_register_post_type_coercion_password_wrong_type_integer_4a32c12b.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/register - [type_coercion] password wrong_type_integer ── -# case_id=TC-4a32c12b -# case_name=POST /auth/register - [type_coercion] password wrong_type_integer -# step_id=step-main -# step_type=test -# technique=type_coercion -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "bentonwoods@marsh.net", - "password": 123 -} -``` - -HTTP 422 - diff --git a/cases/auth_register_post_unicode_fuzzing_email_bidi_override_cd50c303.hurl b/cases/auth_register_post_unicode_fuzzing_email_bidi_override_cd50c303.hurl deleted file mode 100644 index 16a4941..0000000 --- a/cases/auth_register_post_unicode_fuzzing_email_bidi_override_cd50c303.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/register - [unicode_fuzzing] email bidi_override ── -# case_id=TC-cd50c303 -# case_name=POST /auth/register - [unicode_fuzzing] email bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "‮hello", - "password": "every" -} -``` - -HTTP 400 - diff --git a/cases/auth_register_post_unicode_fuzzing_email_control_char_619e4131.hurl b/cases/auth_register_post_unicode_fuzzing_email_control_char_619e4131.hurl deleted file mode 100644 index 1740526..0000000 --- a/cases/auth_register_post_unicode_fuzzing_email_control_char_619e4131.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/register - [unicode_fuzzing] email control_char ── -# case_id=TC-619e4131 -# case_name=POST /auth/register - [unicode_fuzzing] email control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "hello\u0000world", - "password": "every" -} -``` - -HTTP 400 - diff --git a/cases/auth_register_post_unicode_fuzzing_email_overlong_aea85ac5.hurl b/cases/auth_register_post_unicode_fuzzing_email_overlong_aea85ac5.hurl deleted file mode 100644 index 243e5db..0000000 --- a/cases/auth_register_post_unicode_fuzzing_email_overlong_aea85ac5.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/register - [unicode_fuzzing] email overlong ── -# case_id=TC-aea85ac5 -# case_name=POST /auth/register - [unicode_fuzzing] email overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "password": "every" -} -``` - -HTTP 400 - diff --git a/cases/auth_register_post_unicode_fuzzing_email_zalgo_67eec10b.hurl b/cases/auth_register_post_unicode_fuzzing_email_zalgo_67eec10b.hurl deleted file mode 100644 index 7443fc2..0000000 --- a/cases/auth_register_post_unicode_fuzzing_email_zalgo_67eec10b.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/register - [unicode_fuzzing] email zalgo ── -# case_id=TC-67eec10b -# case_name=POST /auth/register - [unicode_fuzzing] email zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "z̀́̂̃̄̅̆̇a", - "password": "every" -} -``` - -HTTP 400 - diff --git a/cases/auth_register_post_unicode_fuzzing_email_zero_width_c30816fe.hurl b/cases/auth_register_post_unicode_fuzzing_email_zero_width_c30816fe.hurl deleted file mode 100644 index b55bfd6..0000000 --- a/cases/auth_register_post_unicode_fuzzing_email_zero_width_c30816fe.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/register - [unicode_fuzzing] email zero_width ── -# case_id=TC-c30816fe -# case_name=POST /auth/register - [unicode_fuzzing] email zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "​hello", - "password": "every" -} -``` - -HTTP 400 - diff --git a/cases/auth_register_post_unicode_fuzzing_password_bidi_override_28ca4955.hurl b/cases/auth_register_post_unicode_fuzzing_password_bidi_override_28ca4955.hurl deleted file mode 100644 index 9803b42..0000000 --- a/cases/auth_register_post_unicode_fuzzing_password_bidi_override_28ca4955.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/register - [unicode_fuzzing] password bidi_override ── -# case_id=TC-28ca4955 -# case_name=POST /auth/register - [unicode_fuzzing] password bidi_override -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "charityross@barber.biz", - "password": "‮hello" -} -``` - -HTTP 400 - diff --git a/cases/auth_register_post_unicode_fuzzing_password_control_char_cd54b4b0.hurl b/cases/auth_register_post_unicode_fuzzing_password_control_char_cd54b4b0.hurl deleted file mode 100644 index 9d81cf0..0000000 --- a/cases/auth_register_post_unicode_fuzzing_password_control_char_cd54b4b0.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/register - [unicode_fuzzing] password control_char ── -# case_id=TC-cd54b4b0 -# case_name=POST /auth/register - [unicode_fuzzing] password control_char -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "charityross@barber.biz", - "password": "hello\u0000world" -} -``` - -HTTP 400 - diff --git a/cases/auth_register_post_unicode_fuzzing_password_overlong_3ac12861.hurl b/cases/auth_register_post_unicode_fuzzing_password_overlong_3ac12861.hurl deleted file mode 100644 index 70aa7fa..0000000 --- a/cases/auth_register_post_unicode_fuzzing_password_overlong_3ac12861.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/register - [unicode_fuzzing] password overlong ── -# case_id=TC-3ac12861 -# case_name=POST /auth/register - [unicode_fuzzing] password overlong -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "charityross@barber.biz", - "password": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" -} -``` - -HTTP 400 - diff --git a/cases/auth_register_post_unicode_fuzzing_password_zalgo_ab0475dc.hurl b/cases/auth_register_post_unicode_fuzzing_password_zalgo_ab0475dc.hurl deleted file mode 100644 index 5fb1590..0000000 --- a/cases/auth_register_post_unicode_fuzzing_password_zalgo_ab0475dc.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/register - [unicode_fuzzing] password zalgo ── -# case_id=TC-ab0475dc -# case_name=POST /auth/register - [unicode_fuzzing] password zalgo -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "charityross@barber.biz", - "password": "z̀́̂̃̄̅̆̇a" -} -``` - -HTTP 400 - diff --git a/cases/auth_register_post_unicode_fuzzing_password_zero_width_e4e8966c.hurl b/cases/auth_register_post_unicode_fuzzing_password_zero_width_e4e8966c.hurl deleted file mode 100644 index 689dec9..0000000 --- a/cases/auth_register_post_unicode_fuzzing_password_zero_width_e4e8966c.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/register - [unicode_fuzzing] password zero_width ── -# case_id=TC-e4e8966c -# case_name=POST /auth/register - [unicode_fuzzing] password zero_width -# step_id=step-main -# step_type=test -# technique=unicode_fuzzing -# priority=P3 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "charityross@barber.biz", - "password": "​hello" -} -``` - -HTTP 400 - diff --git a/cases/auth_register_post_valid_request_with_all_required_fields_787a33be.hurl b/cases/auth_register_post_valid_request_with_all_required_fields_787a33be.hurl deleted file mode 100644 index 08bb698..0000000 --- a/cases/auth_register_post_valid_request_with_all_required_fields_787a33be.hurl +++ /dev/null @@ -1,23 +0,0 @@ -# ── POST /auth/register - valid request with all required fields ── -# case_id=TC-787a33be -# case_name=POST /auth/register - valid request with all required fields -# step_id=step-main -# step_type=test -# technique=equivalence_partitioning -# priority=P0 - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "alessandravaldez@daniel.net", - "password": "who" -} -``` - -HTTP 200 - -[Asserts] -duration < 2000 -jsonpath "$.userId" exists - diff --git a/cases/auth_register_post_wrong_content_type_text_plain_9cf203de.hurl b/cases/auth_register_post_wrong_content_type_text_plain_9cf203de.hurl deleted file mode 100644 index 619b41e..0000000 --- a/cases/auth_register_post_wrong_content_type_text_plain_9cf203de.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── POST /auth/register - wrong content-type (text/plain) ── -# case_id=TC-9cf203de -# case_name=POST /auth/register - wrong content-type (text/plain) -# step_id=step-main -# step_type=test -# technique=constraint_mutation -# priority=P2 - -POST {{base_url}}/auth/register -Content-Type: text/plain -```json -{ - "email": "audreygarrett@morris.info", - "password": "mouth" -} -``` - -HTTP 415 - diff --git a/cases/auth_register_sequence_chain_delete_api_admin_grants_id_465a3cf5.hurl b/cases/auth_register_sequence_chain_delete_api_admin_grants_id_465a3cf5.hurl deleted file mode 100644 index 205e802..0000000 --- a/cases/auth_register_sequence_chain_delete_api_admin_grants_id_465a3cf5.hurl +++ /dev/null @@ -1,43 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /auth/register → DELETE /api/admin/grants/{id} -# case_id=TC-465a3cf5 -# case_name=sequence chain: /auth/register → DELETE /api/admin/grants/{id} -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /auth/register [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /auth/register - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "hollybarker@garza.com", - "password": "who" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.userId" - -[Asserts] -status < 300 - -# ── use via DELETE /api/admin/grants/{id} [test] ── -# step_id=step-test -# step_type=test -# title=use via DELETE /api/admin/grants/{id} -# depends_on=step-setup - -DELETE {{base_url}}/api/admin/grants/{{id}} - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/auth_register_sequence_chain_delete_api_admin_users_id_b3bffa74.hurl b/cases/auth_register_sequence_chain_delete_api_admin_users_id_b3bffa74.hurl deleted file mode 100644 index a91f4f8..0000000 --- a/cases/auth_register_sequence_chain_delete_api_admin_users_id_b3bffa74.hurl +++ /dev/null @@ -1,43 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /auth/register → DELETE /api/admin/users/{id} -# case_id=TC-b3bffa74 -# case_name=sequence chain: /auth/register → DELETE /api/admin/users/{id} -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /auth/register [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /auth/register - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "fannystevenson@daugherty.com", - "password": "way" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.userId" - -[Asserts] -status < 300 - -# ── use via DELETE /api/admin/users/{id} [test] ── -# step_id=step-test -# step_type=test -# title=use via DELETE /api/admin/users/{id} -# depends_on=step-setup - -DELETE {{base_url}}/api/admin/users/{{id}} - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/auth_register_sequence_chain_get_api_admin_teams_id_grants_a05de11b.hurl b/cases/auth_register_sequence_chain_get_api_admin_teams_id_grants_a05de11b.hurl deleted file mode 100644 index 2a08f4a..0000000 --- a/cases/auth_register_sequence_chain_get_api_admin_teams_id_grants_a05de11b.hurl +++ /dev/null @@ -1,43 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /auth/register → GET /api/admin/teams/{id}/grants -# case_id=TC-a05de11b -# case_name=sequence chain: /auth/register → GET /api/admin/teams/{id}/grants -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /auth/register [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /auth/register - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "claramorales@barton.org", - "password": "tickle" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.userId" - -[Asserts] -status < 300 - -# ── use via GET /api/admin/teams/{id}/grants [test] ── -# step_id=step-test -# step_type=test -# title=use via GET /api/admin/teams/{id}/grants -# depends_on=step-setup - -GET {{base_url}}/api/admin/teams/{{id}}/grants - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/auth_register_sequence_chain_get_api_admin_teams_id_members_b5dca30c.hurl b/cases/auth_register_sequence_chain_get_api_admin_teams_id_members_b5dca30c.hurl deleted file mode 100644 index a6eda8f..0000000 --- a/cases/auth_register_sequence_chain_get_api_admin_teams_id_members_b5dca30c.hurl +++ /dev/null @@ -1,43 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /auth/register → GET /api/admin/teams/{id}/members -# case_id=TC-b5dca30c -# case_name=sequence chain: /auth/register → GET /api/admin/teams/{id}/members -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /auth/register [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /auth/register - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "greggburns@spencer.info", - "password": "motivation" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.userId" - -[Asserts] -status < 300 - -# ── use via GET /api/admin/teams/{id}/members [test] ── -# step_id=step-test -# step_type=test -# title=use via GET /api/admin/teams/{id}/members -# depends_on=step-setup - -GET {{base_url}}/api/admin/teams/{{id}}/members - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/auth_register_sequence_chain_get_api_admin_teams_id_services_344df791.hurl b/cases/auth_register_sequence_chain_get_api_admin_teams_id_services_344df791.hurl deleted file mode 100644 index 294766e..0000000 --- a/cases/auth_register_sequence_chain_get_api_admin_teams_id_services_344df791.hurl +++ /dev/null @@ -1,43 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /auth/register → GET /api/admin/teams/{id}/services -# case_id=TC-344df791 -# case_name=sequence chain: /auth/register → GET /api/admin/teams/{id}/services -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /auth/register [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /auth/register - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "joshpalmer@blake.info", - "password": "wad" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.userId" - -[Asserts] -status < 300 - -# ── use via GET /api/admin/teams/{id}/services [test] ── -# step_id=step-test -# step_type=test -# title=use via GET /api/admin/teams/{id}/services -# depends_on=step-setup - -GET {{base_url}}/api/admin/teams/{{id}}/services - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/auth_register_sequence_chain_post_api_admin_teams_id_grants_10533daf.hurl b/cases/auth_register_sequence_chain_post_api_admin_teams_id_grants_10533daf.hurl deleted file mode 100644 index 31c1c1c..0000000 --- a/cases/auth_register_sequence_chain_post_api_admin_teams_id_grants_10533daf.hurl +++ /dev/null @@ -1,55 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /auth/register → POST /api/admin/teams/{id}/grants -# case_id=TC-10533daf -# case_name=sequence chain: /auth/register → POST /api/admin/teams/{id}/grants -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /auth/register [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /auth/register - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "chaunceyjacobi@white.com", - "password": "that" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.userId" - -[Asserts] -status < 300 - -# ── use via POST /api/admin/teams/{id}/grants [test] ── -# step_id=step-test -# step_type=test -# title=use via POST /api/admin/teams/{id}/grants -# depends_on=step-setup - -POST {{base_url}}/api/admin/teams/{{id}}/grants -Content-Type: application/json -```json -{ - "branches": [ - "disregard" - ], - "expiresAt": "2003-09-24T09:23:31Z", - "granteeTeamId": "c727d010-3eb5-469f-93d2-a46ab145fcf5", - "granteeUserId": "9f6fa71f-b14f-4fe8-bd62-fe79743d34db", - "serviceId": "1f968d6d-ab6e-4d94-b8de-a0df2b4a5209" -} -``` - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/auth_register_sequence_chain_post_api_admin_teams_id_members_98e576b1.hurl b/cases/auth_register_sequence_chain_post_api_admin_teams_id_members_98e576b1.hurl deleted file mode 100644 index fa0a5d9..0000000 --- a/cases/auth_register_sequence_chain_post_api_admin_teams_id_members_98e576b1.hurl +++ /dev/null @@ -1,50 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /auth/register → POST /api/admin/teams/{id}/members -# case_id=TC-98e576b1 -# case_name=sequence chain: /auth/register → POST /api/admin/teams/{id}/members -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /auth/register [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /auth/register - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "lukasvalencia@cummings.name", - "password": "couple" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.userId" - -[Asserts] -status < 300 - -# ── use via POST /api/admin/teams/{id}/members [test] ── -# step_id=step-test -# step_type=test -# title=use via POST /api/admin/teams/{id}/members -# depends_on=step-setup - -POST {{base_url}}/api/admin/teams/{{id}}/members -Content-Type: application/json -```json -{ - "role": "owner", - "userId": "204452b4-832e-4601-a227-8ecf3cc125ec" -} -``` - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/auth_register_sequence_chain_put_api_admin_users_id_0c6076ab.hurl b/cases/auth_register_sequence_chain_put_api_admin_users_id_0c6076ab.hurl deleted file mode 100644 index 028e04a..0000000 --- a/cases/auth_register_sequence_chain_put_api_admin_users_id_0c6076ab.hurl +++ /dev/null @@ -1,50 +0,0 @@ -# ══════════════════════════════════════════════════ -# sequence chain: /auth/register → PUT /api/admin/users/{id} -# case_id=TC-0c6076ab -# case_name=sequence chain: /auth/register → PUT /api/admin/users/{id} -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── create via POST /auth/register [setup] ── -# step_id=step-setup -# step_type=setup -# title=create via POST /auth/register - -POST {{base_url}}/auth/register -Content-Type: application/json -```json -{ - "email": "sharonwright@dietrich.org", - "password": "it" -} -``` - -HTTP * - -[Captures] -id: jsonpath "$.userId" - -[Asserts] -status < 300 - -# ── use via PUT /api/admin/users/{id} [test] ── -# step_id=step-test -# step_type=test -# title=use via PUT /api/admin/users/{id} -# depends_on=step-setup - -PUT {{base_url}}/api/admin/users/{{id}} -Content-Type: application/json -```json -{ - "isActive": false, - "role": "team_owner" -} -``` - -HTTP * - -[Asserts] -status < 300 - diff --git a/cases/index.json b/cases/index.json deleted file mode 100644 index 7622214..0000000 --- a/cases/index.json +++ /dev/null @@ -1,43397 +0,0 @@ -{ - "$schema": "https://caseforge.dev/schema/v1/index.json", - "version": "1", - "generated_at": "2026-05-06T21:30:41.942433+08:00", - "meta": { - "spec_hash": "d71b77814ff5a1561722a8f11f3aab40e8d0000e681fd9d1666ff726cdb24a40", - "caseforge_version": "dev", - "by_technique": { - "auth_chain": 13, - "boundary_value": 28, - "chain_sequence": 52, - "classification_tree": 11, - "constraint_mutation": 47, - "decision_table": 6, - "equivalence_partitioning": 53, - "field_boundary": 14, - "idempotency": 21, - "idor": 34, - "isolated_negative": 60, - "mass_assignment": 52, - "mutation": 107, - "owasp_api_top10": 154, - "owasp_api_top10_spec": 47, - "required_omission": 17, - "schema_violation": 34, - "semantic_annotation": 1, - "type_coercion": 67, - "unicode_fuzzing": 150 - }, - "by_priority": { - "P0": 237, - "P1": 188, - "P2": 393, - "P3": 150 - }, - "by_kind": { - "chain": 86, - "single": 882 - } - }, - "test_cases": [ - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c9b53fc1", - "title": "GET /api/catalog - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Catalog" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "GET /api/catalog", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "GET", - "path": "/api/catalog", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.services", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.897602+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e1fa3406", - "title": "[OWASP-API2] GET /api/catalog — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/catalog", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "GET", - "path": "/api/catalog", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.897742+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b2745533", - "title": "DELETE /api/catalog/:serviceId - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Catalog" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "DELETE /api/catalog/:serviceId", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "DELETE", - "path": "/api/catalog/:serviceId", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.ok", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.898217+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-84233d9e", - "title": "DELETE /api/catalog/:serviceId - idempotent: second call must be safe", - "kind": "chain", - "priority": "P2", - "tags": [ - "Catalog" - ], - "source": { - "technique": "idempotency", - "spec_path": "DELETE /api/catalog/:serviceId", - "rationale": "DELETE is a write operation; test that repeat calls are safe" - }, - "steps": [ - { - "id": "step-setup", - "title": "DELETE /api/catalog/:serviceId — first call", - "type": "setup", - "method": "DELETE", - "path": "/api/catalog/:serviceId", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - }, - { - "id": "step-test", - "title": "DELETE /api/catalog/:serviceId — identical second call must be safe", - "type": "test", - "method": "DELETE", - "path": "/api/catalog/:serviceId", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "labels": { - "type": "idempotency" - }, - "generated_at": "2026-05-06T21:30:41.898273+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-be467598", - "title": "[OWASP-API2] DELETE /api/catalog/:serviceId — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/catalog/:serviceId", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "DELETE", - "path": "/api/catalog/:serviceId", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.898279+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-bfdae539", - "title": "[OWASP-API7] DELETE /api/catalog/:serviceId — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/catalog/:serviceId", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "DELETE", - "path": "/api/catalog/:serviceId", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.898284+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d27beca6", - "title": "[OWASP-API7] DELETE /api/catalog/:serviceId — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/catalog/:serviceId", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "DELETE", - "path": "/api/catalog/:serviceId", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.898286+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c37e4439", - "title": "[OWASP-API7] DELETE /api/catalog/:serviceId — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/catalog/:serviceId", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "DELETE", - "path": "/api/catalog/:serviceId", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.898288+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3209e4f6", - "title": "DELETE /api/catalog/:serviceId - missing required param \"serviceId\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Catalog" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "DELETE /api/catalog/:serviceId parameters.serviceId", - "rationale": "isolated failure: required param \"serviceId\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"serviceId\"", - "type": "test", - "method": "DELETE", - "path": "/api/catalog/:serviceId", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.89833+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e72a9984", - "title": "DELETE /api/catalog/:serviceId - IDOR serviceId=00000000-0000-0000-0000-000000000001 (alt_uuid)", - "kind": "single", - "priority": "P1", - "tags": [ - "Catalog" - ], - "source": { - "technique": "idor", - "spec_path": "DELETE /api/catalog/:serviceId parameters.serviceId", - "rationale": "IDOR probe: substituting serviceId=00000000-0000-0000-0000-000000000001 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR serviceId=00000000-0000-0000-0000-000000000001 (alt_uuid)", - "type": "test", - "method": "DELETE", - "path": "/api/catalog/:serviceId", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.898351+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c4621de0", - "title": "DELETE /api/catalog/:serviceId - IDOR serviceId=00000000-0000-0000-0000-000000000000 (nil_uuid)", - "kind": "single", - "priority": "P1", - "tags": [ - "Catalog" - ], - "source": { - "technique": "idor", - "spec_path": "DELETE /api/catalog/:serviceId parameters.serviceId", - "rationale": "IDOR probe: substituting serviceId=00000000-0000-0000-0000-000000000000 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR serviceId=00000000-0000-0000-0000-000000000000 (nil_uuid)", - "type": "test", - "method": "DELETE", - "path": "/api/catalog/:serviceId", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.898353+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2f56068b", - "title": "DELETE /api/admin/teams/{id} - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "DELETE /api/admin/teams/{id}", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "DELETE", - "path": "/api/admin/teams/{id}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.ok", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.89853+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2d2c1dda", - "title": "DELETE /api/admin/teams/{id} - idempotent: second call must be safe", - "kind": "chain", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "idempotency", - "spec_path": "DELETE /api/admin/teams/{id}", - "rationale": "DELETE is a write operation; test that repeat calls are safe" - }, - "steps": [ - { - "id": "step-setup", - "title": "DELETE /api/admin/teams/{id} — first call", - "type": "setup", - "method": "DELETE", - "path": "/api/admin/teams/{id}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - }, - { - "id": "step-test", - "title": "DELETE /api/admin/teams/{id} — identical second call must be safe", - "type": "test", - "method": "DELETE", - "path": "/api/admin/teams/{id}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "labels": { - "type": "idempotency" - }, - "generated_at": "2026-05-06T21:30:41.898559+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a23b7745", - "title": "[OWASP-API1] DELETE /api/admin/teams/{id} — BOLA unauthorized access", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api1-bola" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/teams/{id}", - "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access other user's resource", - "type": "test", - "method": "DELETE", - "path": "/api/admin/teams/{{other_resource_id}}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.898566+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f7305717", - "title": "[OWASP-API2] DELETE /api/admin/teams/{id} — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/teams/{id}", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "DELETE", - "path": "/api/admin/teams/{id}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.898567+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-cdcba009", - "title": "[OWASP-API7] DELETE /api/admin/teams/{id} — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/teams/{id}", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "DELETE", - "path": "/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.898571+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e0aa0be4", - "title": "[OWASP-API7] DELETE /api/admin/teams/{id} — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/teams/{id}", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "DELETE", - "path": "/api/admin/teams/%27%20OR%201=1--", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.898573+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-726d486c", - "title": "[OWASP-API7] DELETE /api/admin/teams/{id} — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/teams/{id}", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "DELETE", - "path": "/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.898575+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d700a9bc", - "title": "DELETE /api/admin/teams/{id} - missing required param \"id\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "DELETE /api/admin/teams/{id} parameters.id", - "rationale": "isolated failure: required param \"id\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"id\"", - "type": "test", - "method": "DELETE", - "path": "/api/admin/teams/1", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.898659+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-0d533645", - "title": "DELETE /api/admin/teams/{id} - IDOR id=99999 (alt_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "DELETE /api/admin/teams/{id} parameters.id", - "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=99999 (alt_id)", - "type": "test", - "method": "DELETE", - "path": "/api/admin/teams/99999", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.898667+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-04e9a0f9", - "title": "DELETE /api/admin/teams/{id} - IDOR id=0 (zero_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "DELETE /api/admin/teams/{id} parameters.id", - "rationale": "IDOR probe: substituting id=0 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=0 (zero_id)", - "type": "test", - "method": "DELETE", - "path": "/api/admin/teams/0", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.89867+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-92de58a1", - "title": "PUT /api/admin/teams/{id} - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "PUT /api/admin/teams/{id}", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Optimize company for lovely clarity.", - "displayName": "snore" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.isDeletable", - "operator": "exists" - }, - { - "target": "body.name", - "operator": "exists" - }, - { - "target": "body.createdAt", - "operator": "exists" - }, - { - "target": "body.description", - "operator": "exists" - }, - { - "target": "body.displayName", - "operator": "exists" - }, - { - "target": "body.id", - "operator": "exists" - }, - { - "target": "body.isDefault", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.898836+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1ca0ed36", - "title": "PUT /api/admin/teams/{id} - idempotent: second call must be safe", - "kind": "chain", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "idempotency", - "spec_path": "PUT /api/admin/teams/{id}", - "rationale": "PUT is a write operation; test that repeat calls are safe" - }, - "steps": [ - { - "id": "step-setup", - "title": "PUT /api/admin/teams/{id} — first call", - "type": "setup", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Anything lean when the person spikes.", - "displayName": "dig" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - }, - { - "id": "step-test", - "title": "PUT /api/admin/teams/{id} — identical second call must be safe", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Anything lean when the person spikes.", - "displayName": "dig" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "labels": { - "type": "idempotency" - }, - "generated_at": "2026-05-06T21:30:41.898855+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-50ace962", - "title": "[OWASP-API1] PUT /api/admin/teams/{id} — BOLA unauthorized access", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api1-bola" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/teams/{id}", - "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access other user's resource", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{{other_resource_id}}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.898882+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-fea6c4f7", - "title": "[OWASP-API2] PUT /api/admin/teams/{id} — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/teams/{id}", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.898883+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d147b4f6", - "title": "[OWASP-API3] PUT /api/admin/teams/{id} — BOPLA property-level access", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api3-bopla" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/teams/{id}", - "rationale": "PATCH/PUT with injected privileged fields; those fields must not be modified or reflected in the response" - }, - "steps": [ - { - "id": "step-1", - "title": "inject privileged fields in body", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Onward to better way!", - "displayName": "moreover", - "is_admin": true, - "role": "admin" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "jsonpath $.is_admin", - "operator": "ne", - "expected": true - }, - { - "target": "jsonpath $.role", - "operator": "ne", - "expected": "admin" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.898893+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6357ae57", - "title": "[OWASP-API6] PUT /api/admin/teams/{id} — mass assignment", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api6-mass-assignment" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/teams/{id}", - "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" - }, - "steps": [ - { - "id": "step-1", - "title": "inject read-only fields in body", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "createdAt": "2000-01-01T00:00:00Z", - "description": "Carefully massage the juicer daringly.", - "displayName": "theirs", - "id": 99999, - "updatedAt": "2000-01-01T00:00:00Z" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "jsonpath $.id", - "operator": "ne", - "expected": 99999 - }, - { - "target": "jsonpath $.createdAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - }, - { - "target": "jsonpath $.updatedAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.898903+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d3681129", - "title": "[OWASP-API7] PUT /api/admin/teams/{id} — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/teams/{id}", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.898905+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c7f786e4", - "title": "[OWASP-API7] PUT /api/admin/teams/{id} — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/teams/{id}", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/%27%20OR%201=1--", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.898907+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-894772da", - "title": "[OWASP-API7] PUT /api/admin/teams/{id} — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/teams/{id}", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.898909+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-09825850", - "title": "PUT /api/admin/teams/{id} - missing required param \"id\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "PUT /api/admin/teams/{id} parameters.id", - "rationale": "isolated failure: required param \"id\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"id\"", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/1", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899033+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-df8e9c3a", - "title": "PUT /api/admin/teams/{id} - mutation: description null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PUT /api/admin/teams/{id} requestBody.description", - "rationale": "field \"description\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: description → null value", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": null, - "displayName": "shall" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899052+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-eb263846", - "title": "PUT /api/admin/teams/{id} - mutation: description empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PUT /api/admin/teams/{id} requestBody.description", - "rationale": "field \"description\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: description → empty string", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "", - "displayName": "shall" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899054+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f0d62caa", - "title": "PUT /api/admin/teams/{id} - mutation: description integer instead of string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PUT /api/admin/teams/{id} requestBody.description", - "rationale": "field \"description\" mutated with integer instead of string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: description → integer instead of string", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": 12345, - "displayName": "shall" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899056+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-68ace4a3", - "title": "PUT /api/admin/teams/{id} - mutation: description oversized string (300 chars)", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PUT /api/admin/teams/{id} requestBody.description", - "rationale": "field \"description\" mutated with oversized string (300 chars); API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: description → oversized string (300 chars)", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "displayName": "shall" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899058+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c587ff33", - "title": "PUT /api/admin/teams/{id} - mutation: displayName null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PUT /api/admin/teams/{id} requestBody.displayName", - "rationale": "field \"displayName\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: displayName → null value", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "First of all, document the company and specify the rest.", - "displayName": null - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.89906+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-13a9f6ae", - "title": "PUT /api/admin/teams/{id} - mutation: displayName empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PUT /api/admin/teams/{id} requestBody.displayName", - "rationale": "field \"displayName\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: displayName → empty string", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "First of all, document the company and specify the rest.", - "displayName": "" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899062+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-05b44595", - "title": "PUT /api/admin/teams/{id} - mutation: displayName integer instead of string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PUT /api/admin/teams/{id} requestBody.displayName", - "rationale": "field \"displayName\" mutated with integer instead of string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: displayName → integer instead of string", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "First of all, document the company and specify the rest.", - "displayName": 12345 - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899064+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7def0ad8", - "title": "PUT /api/admin/teams/{id} - mutation: displayName oversized string (300 chars)", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PUT /api/admin/teams/{id} requestBody.displayName", - "rationale": "field \"displayName\" mutated with oversized string (300 chars); API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: displayName → oversized string (300 chars)", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "First of all, document the company and specify the rest.", - "displayName": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899066+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-794499ad", - "title": "PUT /api/admin/teams/{id} - null injection: description", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.description", - "rationale": "field \"description\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: description", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": null, - "displayName": "nervous" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899196+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6c433e61", - "title": "PUT /api/admin/teams/{id} - null injection: displayName", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.displayName", - "rationale": "field \"displayName\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: displayName", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Publish a changelog entry for the work.", - "displayName": null - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899199+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a77a2981", - "title": "PUT /api/admin/teams/{id} - wrong content-type (text/plain)", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "PUT /api/admin/teams/{id} requestBody", - "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", - "scenario": "WRONG_CONTENT_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "wrong content-type (text/plain)", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "text/plain" - }, - "body": { - "description": "Publish a changelog entry for the work.", - "displayName": "nervous" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 415 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899201+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3296a87f", - "title": "PUT /api/admin/teams/{id} - [type_coercion] description wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.description", - "rationale": "field \"description\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] description wrong_type_integer", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": 123, - "displayName": "addition" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899255+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6dd640a7", - "title": "PUT /api/admin/teams/{id} - [type_coercion] description wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.description", - "rationale": "field \"description\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] description wrong_type_boolean", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": true, - "displayName": "addition" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899258+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3ade9411", - "title": "PUT /api/admin/teams/{id} - [type_coercion] displayName wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.displayName", - "rationale": "field \"displayName\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] displayName wrong_type_integer", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Visualize hand for faster decisions.", - "displayName": 123 - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.89926+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ccdc6ae5", - "title": "PUT /api/admin/teams/{id} - [type_coercion] displayName wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.displayName", - "rationale": "field \"displayName\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] displayName wrong_type_boolean", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Visualize hand for faster decisions.", - "displayName": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899262+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d9200d81", - "title": "PUT /api/admin/teams/{id} - [unicode_fuzzing] description control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.description", - "rationale": "field \"description\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] description control_char", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "hello\u0000world", - "displayName": "quarterly" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899332+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1f9507e6", - "title": "PUT /api/admin/teams/{id} - [unicode_fuzzing] description zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.description", - "rationale": "field \"description\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] description zero_width", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "​hello", - "displayName": "quarterly" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899335+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c42ef106", - "title": "PUT /api/admin/teams/{id} - [unicode_fuzzing] description bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.description", - "rationale": "field \"description\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] description bidi_override", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "‮hello", - "displayName": "quarterly" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899337+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a87f58e7", - "title": "PUT /api/admin/teams/{id} - [unicode_fuzzing] description overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.description", - "rationale": "field \"description\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] description overlong", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "displayName": "quarterly" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899341+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e354e0de", - "title": "PUT /api/admin/teams/{id} - [unicode_fuzzing] description zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.description", - "rationale": "field \"description\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] description zalgo", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "z̀́̂̃̄̅̆̇a", - "displayName": "quarterly" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899343+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-39195267", - "title": "PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.displayName", - "rationale": "field \"displayName\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] displayName control_char", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Warm starts beat cold work.", - "displayName": "hello\u0000world" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899346+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a1cdc859", - "title": "PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.displayName", - "rationale": "field \"displayName\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] displayName zero_width", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Warm starts beat cold work.", - "displayName": "​hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899349+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7c97c5e9", - "title": "PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.displayName", - "rationale": "field \"displayName\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] displayName bidi_override", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Warm starts beat cold work.", - "displayName": "‮hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899351+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-cb9e326e", - "title": "PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.displayName", - "rationale": "field \"displayName\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] displayName overlong", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Warm starts beat cold work.", - "displayName": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899353+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5add01e6", - "title": "PUT /api/admin/teams/{id} - [unicode_fuzzing] displayName zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/teams/{id} requestBody.properties.displayName", - "rationale": "field \"displayName\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] displayName zalgo", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Warm starts beat cold work.", - "displayName": "z̀́̂̃̄̅̆̇a" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899356+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1b5cbca5", - "title": "PUT /api/admin/teams/{id} - [mass_assignment] privilege probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "PUT /api/admin/teams/{id} requestBody", - "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_PRIVILEGE" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] privilege probe", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "admin": true, - "description": "Alert on way thresholds yesterday.", - "displayName": "this", - "isAdmin": true, - "is_admin": true, - "role": "__probe__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899527+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c574427d", - "title": "PUT /api/admin/teams/{id} - [mass_assignment] status probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "PUT /api/admin/teams/{id} requestBody", - "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_STATUS" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] status probe", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "approved": true, - "banned": false, - "description": "Alert on way thresholds yesterday.", - "disabled": false, - "displayName": "this", - "verified": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.89953+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4c631268", - "title": "PUT /api/admin/teams/{id} - [mass_assignment] financial probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "PUT /api/admin/teams/{id} requestBody", - "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_FINANCIAL" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] financial probe", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "balance": 1, - "credits": 1, - "description": "Alert on way thresholds yesterday.", - "discount": 0, - "displayName": "this", - "price": 1 - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899534+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ed4e87e7", - "title": "PUT /api/admin/teams/{id} - [mass_assignment] identity probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "PUT /api/admin/teams/{id} requestBody", - "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_IDENTITY" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] identity probe", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "createdBy": "__probe__", - "description": "Alert on way thresholds yesterday.", - "displayName": "this", - "ownerId": "__probe__", - "userId": "__probe__", - "user_id": "__probe__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899536+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d4dddc4b", - "title": "PUT /api/admin/teams/{id} - IDOR id=99999 (alt_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "PUT /api/admin/teams/{id} parameters.id", - "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=99999 (alt_id)", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/99999", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899595+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3c4cc44b", - "title": "PUT /api/admin/teams/{id} - IDOR id=0 (zero_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "PUT /api/admin/teams/{id} parameters.id", - "rationale": "IDOR probe: substituting id=0 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=0 (zero_id)", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/0", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899597+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1b69193c", - "title": "GET /api/admin/teams/{id}/services - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "GET /api/admin/teams/{id}/services", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{id}/services", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.services", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899737+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ce61c6bf", - "title": "[OWASP-API1] GET /api/admin/teams/{id}/services — BOLA unauthorized access", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api1-bola" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/admin/teams/{id}/services", - "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access other user's resource", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{{other_resource_id}}/services", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.89978+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-29194ed9", - "title": "[OWASP-API2] GET /api/admin/teams/{id}/services — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/admin/teams/{id}/services", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{id}/services", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899781+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-80ccb269", - "title": "[OWASP-API7] GET /api/admin/teams/{id}/services — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/admin/teams/{id}/services", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/services", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899783+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2e72efb4", - "title": "[OWASP-API7] GET /api/admin/teams/{id}/services — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/admin/teams/{id}/services", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/%27%20OR%201=1--/services", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899785+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-961479c7", - "title": "[OWASP-API7] GET /api/admin/teams/{id}/services — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/admin/teams/{id}/services", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/services", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899787+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-bbd8e250", - "title": "GET /api/admin/teams/{id}/services - missing required param \"id\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "GET /api/admin/teams/{id}/services parameters.id", - "rationale": "isolated failure: required param \"id\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"id\"", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/1/services", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899874+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-09f2f077", - "title": "GET /api/admin/teams/{id}/services - IDOR id=99999 (alt_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "GET /api/admin/teams/{id}/services parameters.id", - "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=99999 (alt_id)", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/99999/services", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899913+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-405d2163", - "title": "GET /api/admin/teams/{id}/services - IDOR id=0 (zero_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "GET /api/admin/teams/{id}/services parameters.id", - "rationale": "IDOR probe: substituting id=0 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=0 (zero_id)", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/0/services", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.899915+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-fd2d7e20", - "title": "DELETE /api/admin/users/{id} - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "DELETE /api/admin/users/{id}", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "DELETE", - "path": "/api/admin/users/{id}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.ok", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.900097+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-380dcf78", - "title": "DELETE /api/admin/users/{id} - idempotent: second call must be safe", - "kind": "chain", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "idempotency", - "spec_path": "DELETE /api/admin/users/{id}", - "rationale": "DELETE is a write operation; test that repeat calls are safe" - }, - "steps": [ - { - "id": "step-setup", - "title": "DELETE /api/admin/users/{id} — first call", - "type": "setup", - "method": "DELETE", - "path": "/api/admin/users/{id}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - }, - { - "id": "step-test", - "title": "DELETE /api/admin/users/{id} — identical second call must be safe", - "type": "test", - "method": "DELETE", - "path": "/api/admin/users/{id}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "labels": { - "type": "idempotency" - }, - "generated_at": "2026-05-06T21:30:41.900154+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-073a78a5", - "title": "[OWASP-API1] DELETE /api/admin/users/{id} — BOLA unauthorized access", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api1-bola" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/users/{id}", - "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access other user's resource", - "type": "test", - "method": "DELETE", - "path": "/api/admin/users/{{other_resource_id}}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.900159+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5cc69e63", - "title": "[OWASP-API2] DELETE /api/admin/users/{id} — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/users/{id}", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "DELETE", - "path": "/api/admin/users/{id}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.90016+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ae1228c7", - "title": "[OWASP-API7] DELETE /api/admin/users/{id} — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/users/{id}", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "DELETE", - "path": "/api/admin/users/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.900162+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-35704eb4", - "title": "[OWASP-API7] DELETE /api/admin/users/{id} — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/users/{id}", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "DELETE", - "path": "/api/admin/users/%27%20OR%201=1--", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.900164+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-9a54d420", - "title": "[OWASP-API7] DELETE /api/admin/users/{id} — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/users/{id}", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "DELETE", - "path": "/api/admin/users/..%2F..%2F..%2Fetc%2Fpasswd", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.900166+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-abfeb37c", - "title": "DELETE /api/admin/users/{id} - missing required param \"id\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "DELETE /api/admin/users/{id} parameters.id", - "rationale": "isolated failure: required param \"id\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"id\"", - "type": "test", - "method": "DELETE", - "path": "/api/admin/users/1", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.900313+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f53c958f", - "title": "DELETE /api/admin/users/{id} - IDOR id=99999 (alt_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "DELETE /api/admin/users/{id} parameters.id", - "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=99999 (alt_id)", - "type": "test", - "method": "DELETE", - "path": "/api/admin/users/99999", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.900328+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f8eac138", - "title": "DELETE /api/admin/users/{id} - IDOR id=0 (zero_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "DELETE /api/admin/users/{id} parameters.id", - "rationale": "IDOR probe: substituting id=0 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=0 (zero_id)", - "type": "test", - "method": "DELETE", - "path": "/api/admin/users/0", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.90033+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d7979f2a", - "title": "PUT /api/admin/users/{id} - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "PUT /api/admin/users/{id}", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": true, - "role": "team_owner" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.ok", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.900481+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-920617a8", - "title": "PUT /api/admin/users/{id} - isActive = true", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "decision_table", - "spec_path": "PUT /api/admin/users/{id} requestBody.properties.isActive", - "rationale": "decision table: isActive takes boolean value true" - }, - "steps": [ - { - "id": "step-main", - "title": "isActive = true", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": true, - "role": "super_admin" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.900554+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-307b2101", - "title": "PUT /api/admin/users/{id} - isActive = false", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "decision_table", - "spec_path": "PUT /api/admin/users/{id} requestBody.properties.isActive", - "rationale": "decision table: isActive takes boolean value false" - }, - "steps": [ - { - "id": "step-main", - "title": "isActive = false", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": false, - "role": "team_member" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.900558+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-72c28c85", - "title": "PUT /api/admin/users/{id} - role = super_admin", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "decision_table", - "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", - "rationale": "decision table: role takes enum value super_admin" - }, - "steps": [ - { - "id": "step-main", - "title": "role = super_admin", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": false, - "role": "super_admin" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.900561+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c8807eae", - "title": "PUT /api/admin/users/{id} - role = team_owner", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "decision_table", - "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", - "rationale": "decision table: role takes enum value team_owner" - }, - "steps": [ - { - "id": "step-main", - "title": "role = team_owner", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": true, - "role": "team_owner" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.900564+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c19312b9", - "title": "PUT /api/admin/users/{id} - role = team_member", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "decision_table", - "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", - "rationale": "decision table: role takes enum value team_member" - }, - "steps": [ - { - "id": "step-main", - "title": "role = team_member", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": false, - "role": "team_member" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.900567+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d671319d", - "title": "PUT /api/admin/users/{id} - role = guest", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "decision_table", - "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", - "rationale": "decision table: role takes enum value guest" - }, - "steps": [ - { - "id": "step-main", - "title": "role = guest", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": false, - "role": "guest" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.90057+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-383d2878", - "title": "PUT /api/admin/users/{id} - idempotent: second call must be safe", - "kind": "chain", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "idempotency", - "spec_path": "PUT /api/admin/users/{id}", - "rationale": "PUT is a write operation; test that repeat calls are safe" - }, - "steps": [ - { - "id": "step-setup", - "title": "PUT /api/admin/users/{id} — first call", - "type": "setup", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": false, - "role": "team_owner" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - }, - { - "id": "step-test", - "title": "PUT /api/admin/users/{id} — identical second call must be safe", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": false, - "role": "team_owner" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "labels": { - "type": "idempotency" - }, - "generated_at": "2026-05-06T21:30:41.900736+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-91b47863", - "title": "[OWASP-API1] PUT /api/admin/users/{id} — BOLA unauthorized access", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api1-bola" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/users/{id}", - "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access other user's resource", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{{other_resource_id}}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.900785+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3552a6c6", - "title": "[OWASP-API2] PUT /api/admin/users/{id} — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/users/{id}", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.900786+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4ae5244a", - "title": "[OWASP-API3] PUT /api/admin/users/{id} — BOPLA property-level access", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api3-bopla" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/users/{id}", - "rationale": "PATCH/PUT with injected privileged fields; those fields must not be modified or reflected in the response" - }, - "steps": [ - { - "id": "step-1", - "title": "inject privileged fields in body", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": true, - "is_admin": true, - "role": "admin" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "jsonpath $.is_admin", - "operator": "ne", - "expected": true - }, - { - "target": "jsonpath $.role", - "operator": "ne", - "expected": "admin" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.90079+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-38dd166b", - "title": "[OWASP-API6] PUT /api/admin/users/{id} — mass assignment", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api6-mass-assignment" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/users/{id}", - "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" - }, - "steps": [ - { - "id": "step-1", - "title": "inject read-only fields in body", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "createdAt": "2000-01-01T00:00:00Z", - "id": 99999, - "isActive": false, - "role": "team_member", - "updatedAt": "2000-01-01T00:00:00Z" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "jsonpath $.id", - "operator": "ne", - "expected": 99999 - }, - { - "target": "jsonpath $.createdAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - }, - { - "target": "jsonpath $.updatedAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.900794+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-51b9a625", - "title": "[OWASP-API7] PUT /api/admin/users/{id} — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/users/{id}", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.900797+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c653b26d", - "title": "[OWASP-API7] PUT /api/admin/users/{id} — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/users/{id}", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/%27%20OR%201=1--", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.900799+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e9f5a9c9", - "title": "[OWASP-API7] PUT /api/admin/users/{id} — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/users/{id}", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/..%2F..%2F..%2Fetc%2Fpasswd", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.900801+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-9a696767", - "title": "PUT /api/admin/users/{id} - invalid isActive: wrong type (string for boolean)", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "PUT /api/admin/users/{id} requestBody.properties.isActive", - "rationale": "isolated failure: only \"isActive\" is invalid (wrong type (string for boolean)); all other fields valid", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "invalid isActive: wrong type (string for boolean)", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": "not_a_boolean", - "role": "super_admin" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.900998+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-be8b477d", - "title": "PUT /api/admin/users/{id} - invalid role: value not in enum", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", - "rationale": "isolated failure: only \"role\" is invalid (value not in enum); all other fields valid", - "scenario": "ENUM_INVALID" - }, - "steps": [ - { - "id": "step-main", - "title": "invalid role: value not in enum", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": true, - "role": "__invalid_enum__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-fe77f880", - "title": "PUT /api/admin/users/{id} - missing required param \"id\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "PUT /api/admin/users/{id} parameters.id", - "rationale": "isolated failure: required param \"id\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"id\"", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/1", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901002+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-891572b6", - "title": "PUT /api/admin/users/{id} - [schema_violation] isActive_wrong_type", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "schema_violation", - "spec_path": "PUT /api/admin/users/{id} requestBody.properties.isActive", - "rationale": "isActive is boolean but received a string" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] isActive_wrong_type", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": "not_a_boolean", - "role": "team_owner" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901116+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3765a2be", - "title": "PUT /api/admin/users/{id} - [schema_violation] role_invalid_enum", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "schema_violation", - "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", - "rationale": "role=\"__invalid__\" is not in enum [super_admin team_owner team_member guest]" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] role_invalid_enum", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": true, - "role": "__invalid__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901119+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-48706298", - "title": "PUT /api/admin/users/{id} - mutation: isActive null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PUT /api/admin/users/{id} requestBody.isActive", - "rationale": "field \"isActive\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: isActive → null value", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": null, - "role": "super_admin" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901164+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c83a8b69", - "title": "PUT /api/admin/users/{id} - mutation: isActive string instead of boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PUT /api/admin/users/{id} requestBody.isActive", - "rationale": "field \"isActive\" mutated with string instead of boolean; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: isActive → string instead of boolean", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": "yes", - "role": "super_admin" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901166+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-56c3f6cc", - "title": "PUT /api/admin/users/{id} - mutation: isActive integer instead of boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PUT /api/admin/users/{id} requestBody.isActive", - "rationale": "field \"isActive\" mutated with integer instead of boolean; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: isActive → integer instead of boolean", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": 1, - "role": "super_admin" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901168+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-091acd05", - "title": "PUT /api/admin/users/{id} - mutation: role null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PUT /api/admin/users/{id} requestBody.role", - "rationale": "field \"role\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: role → null value", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": false, - "role": null - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901171+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f4802a98", - "title": "PUT /api/admin/users/{id} - mutation: role empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PUT /api/admin/users/{id} requestBody.role", - "rationale": "field \"role\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: role → empty string", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": false, - "role": "" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901172+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1d2d0cbd", - "title": "PUT /api/admin/users/{id} - mutation: role integer instead of string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PUT /api/admin/users/{id} requestBody.role", - "rationale": "field \"role\" mutated with integer instead of string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: role → integer instead of string", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": false, - "role": 12345 - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.90118+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-786de8b3", - "title": "PUT /api/admin/users/{id} - mutation: role oversized string (300 chars)", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PUT /api/admin/users/{id} requestBody.role", - "rationale": "field \"role\" mutated with oversized string (300 chars); API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: role → oversized string (300 chars)", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": false, - "role": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901181+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c8deaf48", - "title": "PUT /api/admin/users/{id} - null injection: isActive", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "PUT /api/admin/users/{id} requestBody.properties.isActive", - "rationale": "field \"isActive\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: isActive", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": null, - "role": "super_admin" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901372+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e890383a", - "title": "PUT /api/admin/users/{id} - null injection: role", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", - "rationale": "field \"role\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: role", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": false, - "role": null - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901374+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-69ba511c", - "title": "PUT /api/admin/users/{id} - wrong content-type (text/plain)", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "PUT /api/admin/users/{id} requestBody", - "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", - "scenario": "WRONG_CONTENT_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "wrong content-type (text/plain)", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "text/plain" - }, - "body": { - "isActive": false, - "role": "super_admin" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 415 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901377+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4a329fab", - "title": "PUT /api/admin/users/{id} - [type_coercion] isActive wrong_type_string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "PUT /api/admin/users/{id} requestBody.properties.isActive", - "rationale": "field \"isActive\" is boolean but receives wrong_type_string — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] isActive wrong_type_string", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": "not_a_boolean", - "role": "super_admin" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901487+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-308337db", - "title": "PUT /api/admin/users/{id} - [type_coercion] isActive wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "PUT /api/admin/users/{id} requestBody.properties.isActive", - "rationale": "field \"isActive\" is boolean but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] isActive wrong_type_integer", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": 1, - "role": "super_admin" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901491+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-60c61680", - "title": "PUT /api/admin/users/{id} - [type_coercion] role wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", - "rationale": "field \"role\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] role wrong_type_integer", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": false, - "role": 123 - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901493+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c4d77768", - "title": "PUT /api/admin/users/{id} - [type_coercion] role wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", - "rationale": "field \"role\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] role wrong_type_boolean", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": false, - "role": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901496+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-be44c91e", - "title": "PUT /api/admin/users/{id} - [unicode_fuzzing] role control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", - "rationale": "field \"role\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] role control_char", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": false, - "role": "hello\u0000world" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901606+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b1e60615", - "title": "PUT /api/admin/users/{id} - [unicode_fuzzing] role zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", - "rationale": "field \"role\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] role zero_width", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": false, - "role": "​hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901609+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a2217373", - "title": "PUT /api/admin/users/{id} - [unicode_fuzzing] role bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", - "rationale": "field \"role\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] role bidi_override", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": false, - "role": "‮hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901611+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4c95b987", - "title": "PUT /api/admin/users/{id} - [unicode_fuzzing] role overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", - "rationale": "field \"role\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] role overlong", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": false, - "role": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901613+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d015a170", - "title": "PUT /api/admin/users/{id} - [unicode_fuzzing] role zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/users/{id} requestBody.properties.role", - "rationale": "field \"role\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] role zalgo", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": false, - "role": "z̀́̂̃̄̅̆̇a" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901617+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a6a6cd31", - "title": "PUT /api/admin/users/{id} - [mass_assignment] privilege probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "PUT /api/admin/users/{id} requestBody", - "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_PRIVILEGE" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] privilege probe", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "admin": true, - "isActive": true, - "isAdmin": true, - "is_admin": true, - "role": "__probe__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901757+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1054f864", - "title": "PUT /api/admin/users/{id} - [mass_assignment] status probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "PUT /api/admin/users/{id} requestBody", - "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_STATUS" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] status probe", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "approved": true, - "banned": false, - "disabled": false, - "isActive": true, - "role": "super_admin", - "verified": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901759+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-9e2cf67b", - "title": "PUT /api/admin/users/{id} - [mass_assignment] financial probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "PUT /api/admin/users/{id} requestBody", - "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_FINANCIAL" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] financial probe", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "balance": 1, - "credits": 1, - "discount": 0, - "isActive": true, - "price": 1, - "role": "super_admin" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901761+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4fb556e6", - "title": "PUT /api/admin/users/{id} - [mass_assignment] identity probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "PUT /api/admin/users/{id} requestBody", - "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_IDENTITY" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] identity probe", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "createdBy": "__probe__", - "isActive": true, - "ownerId": "__probe__", - "role": "super_admin", - "userId": "__probe__", - "user_id": "__probe__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901763+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b306fbb7", - "title": "PUT /api/admin/users/{id} - IDOR id=99999 (alt_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "PUT /api/admin/users/{id} parameters.id", - "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=99999 (alt_id)", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/99999", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901884+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1420839c", - "title": "PUT /api/admin/users/{id} - IDOR id=0 (zero_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "PUT /api/admin/users/{id} parameters.id", - "rationale": "IDOR probe: substituting id=0 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=0 (zero_id)", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/0", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.901886+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-978ae5a8", - "title": "GET /api/admin/teams - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "GET /api/admin/teams", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "GET", - "path": "/api/admin/teams", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.teams", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902048+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1e347647", - "title": "[OWASP-API2] GET /api/admin/teams — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/admin/teams", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "GET", - "path": "/api/admin/teams", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902101+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-17f73440", - "title": "POST /api/admin/teams - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /api/admin/teams", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Explicitly name the year before you enlist it.", - "displayName": "downstairs", - "name": "Amie Paul" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.isDefault", - "operator": "exists" - }, - { - "target": "body.isDeletable", - "operator": "exists" - }, - { - "target": "body.name", - "operator": "exists" - }, - { - "target": "body.createdAt", - "operator": "exists" - }, - { - "target": "body.description", - "operator": "exists" - }, - { - "target": "body.displayName", - "operator": "exists" - }, - { - "target": "body.id", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902269+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-11fe758b", - "title": "POST /api/admin/teams - missing required field \"name\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /api/admin/teams requestBody.properties.name", - "rationale": "invalid equivalence class: required field \"name\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"name\"", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Celebrate wins tied to the man.", - "displayName": "lastly" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902279+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-084178e7", - "title": "POST /api/admin/teams - name at min_valid boundary", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/admin/teams requestBody.properties.name", - "rationale": "boundary value analysis: name at min_valid", - "scenario": "STRING_MIN_LENGTH" - }, - "steps": [ - { - "id": "step-main", - "title": "name at min_valid boundary", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Set a realistic target for year.", - "displayName": "moreover", - "name": "X" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902377+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2ccbadc2", - "title": "POST /api/admin/teams - name at min_minus_one_invalid boundary", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/admin/teams requestBody.properties.name", - "rationale": "boundary value analysis: name at min_minus_one_invalid", - "scenario": "STRING_BELOW_MIN" - }, - "steps": [ - { - "id": "step-main", - "title": "name at min_minus_one_invalid boundary", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Set a realistic target for year.", - "displayName": "moreover", - "name": "s" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.90238+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b9c84944", - "title": "POST /api/admin/teams - name at max_valid boundary", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/admin/teams requestBody.properties.name", - "rationale": "boundary value analysis: name at max_valid", - "scenario": "STRING_MAX_LENGTH" - }, - "steps": [ - { - "id": "step-main", - "title": "name at max_valid boundary", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Set a realistic target for year.", - "displayName": "moreover", - "name": "QwCYspLXkpxGOghGBAQQBwflPXgoWvhGdSfHetGtYilHuuDTyQSJhKPGDgKczaCxDpqtPwSxTRBXZsvwyOKFUjPlXpiZYdiKJDkXXVdorLRBbSwkWgnsOYWFORpmxttOkrxBSpnwCjUTtdlyJAHEngHXxdIWDaffLvZkTZkWCJUVyiifCZgqSawuIlAGbEiAnDOroikvCBKifoHJslPiNnNblPtqCBgLmeBPgAYPdKbwYJijByQnQztRjhIMyOD" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902389+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5330751c", - "title": "POST /api/admin/teams - name at max_plus_one_invalid boundary", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/admin/teams requestBody.properties.name", - "rationale": "boundary value analysis: name at max_plus_one_invalid", - "scenario": "STRING_ABOVE_MAX" - }, - "steps": [ - { - "id": "step-main", - "title": "name at max_plus_one_invalid boundary", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Set a realistic target for year.", - "displayName": "moreover", - "name": "NsuMXKIpRYHIsYlDqMIwHXCpmoJEoGRjveFxqkteFFRHsDPXXDkOZQyCTvmlDediiHwswqMHROyBnxWdJtPOyhacYUuBuSvUUwXvrUKWVzudMnyjVntJuUYzBPFCotHeHkpYmkHdUOShzqofcgBtwMxJUjYmOXFRzNOHavFSdrdDbcwRZENjxPYAsrFWybsnpNXjCoirqTPMReAhczhfudWubkAFgtGBfAYCjEEcpOFGrDbNiwwxeNwTsovFnExW" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902408+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-bee426f4", - "title": "POST /api/admin/teams - idempotent: second call must be safe", - "kind": "chain", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "idempotency", - "spec_path": "POST /api/admin/teams", - "rationale": "POST is a write operation; test that repeat calls are safe" - }, - "steps": [ - { - "id": "step-setup", - "title": "POST /api/admin/teams — first call", - "type": "setup", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Theirs year do ready for idea.", - "displayName": "quality", - "name": "Lillie Hart" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - }, - { - "id": "step-test", - "title": "POST /api/admin/teams — identical second call must be safe", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Theirs year do ready for idea.", - "displayName": "quality", - "name": "Lillie Hart" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "labels": { - "type": "idempotency" - }, - "generated_at": "2026-05-06T21:30:41.90255+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-0f5c6cec", - "title": "[OWASP-API2] POST /api/admin/teams — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/teams", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902578+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e17876cf", - "title": "[OWASP-API6] POST /api/admin/teams — mass assignment", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api6-mass-assignment" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/teams", - "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" - }, - "steps": [ - { - "id": "step-1", - "title": "inject read-only fields in body", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "createdAt": "2000-01-01T00:00:00Z", - "description": "Prefer predictable government over surprising work.", - "displayName": "can", - "id": 99999, - "name": "Dane Bates", - "updatedAt": "2000-01-01T00:00:00Z" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 201 - }, - { - "target": "jsonpath $.id", - "operator": "ne", - "expected": 99999 - }, - { - "target": "jsonpath $.createdAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - }, - { - "target": "jsonpath $.updatedAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902585+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a582e336", - "title": "[OWASP-API7] POST /api/admin/teams — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/teams", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902587+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3e99ea9b", - "title": "[OWASP-API7] POST /api/admin/teams — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/teams", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "' OR 1=1--" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902589+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a1f1c968", - "title": "[OWASP-API7] POST /api/admin/teams — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/teams", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "../../../etc/passwd" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902592+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-80c70bf8", - "title": "POST /api/admin/teams - missing required field \"name\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /api/admin/teams requestBody.properties.name", - "rationale": "isolated failure: only \"name\" is absent; all other fields valid", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"name\"", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Track thing over time weekly.", - "displayName": "everybody" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902781+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-97aa6ff1", - "title": "POST /api/admin/teams - invalid name: empty string violates minLength 1", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /api/admin/teams requestBody.properties.name", - "rationale": "isolated failure: only \"name\" is invalid (empty string violates minLength 1); all other fields valid", - "scenario": "STRING_BELOW_MIN" - }, - "steps": [ - { - "id": "step-main", - "title": "invalid name: empty string violates minLength 1", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Track thing over time weekly.", - "displayName": "everybody", - "name": "" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902783+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-144ca893", - "title": "POST /api/admin/teams - [schema_violation] name_missing_required", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /api/admin/teams requestBody.properties.name", - "rationale": "required field \"name\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] name_missing_required", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Alert on person thresholds then.", - "displayName": "most" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902859+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2d1be97b", - "title": "POST /api/admin/teams - [schema_violation] name_too_short", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /api/admin/teams requestBody.properties.name", - "rationale": "name is empty, violates minLength 1" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] name_too_short", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Alert on person thresholds then.", - "displayName": "most", - "name": "" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902861+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-672e2bba", - "title": "POST /api/admin/teams - mutation: description null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams requestBody.description", - "rationale": "field \"description\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: description → null value", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": null, - "displayName": "his", - "name": "Alysson Tucker" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902939+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-569a3993", - "title": "POST /api/admin/teams - mutation: description empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams requestBody.description", - "rationale": "field \"description\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: description → empty string", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "", - "displayName": "his", - "name": "Alysson Tucker" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902942+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4d295fcc", - "title": "POST /api/admin/teams - mutation: description integer instead of string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams requestBody.description", - "rationale": "field \"description\" mutated with integer instead of string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: description → integer instead of string", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": 12345, - "displayName": "his", - "name": "Alysson Tucker" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902944+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-20eb5b64", - "title": "POST /api/admin/teams - mutation: description oversized string (300 chars)", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams requestBody.description", - "rationale": "field \"description\" mutated with oversized string (300 chars); API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: description → oversized string (300 chars)", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "displayName": "his", - "name": "Alysson Tucker" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902946+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-782f4da8", - "title": "POST /api/admin/teams - mutation: displayName null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams requestBody.displayName", - "rationale": "field \"displayName\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: displayName → null value", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "At this point the review, you want the number.", - "displayName": null, - "name": "Alysson Tucker" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902948+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-34993282", - "title": "POST /api/admin/teams - mutation: displayName empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams requestBody.displayName", - "rationale": "field \"displayName\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: displayName → empty string", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "At this point the review, you want the number.", - "displayName": "", - "name": "Alysson Tucker" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.90295+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c361779d", - "title": "POST /api/admin/teams - mutation: displayName integer instead of string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams requestBody.displayName", - "rationale": "field \"displayName\" mutated with integer instead of string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: displayName → integer instead of string", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "At this point the review, you want the number.", - "displayName": 12345, - "name": "Alysson Tucker" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902952+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b00969d7", - "title": "POST /api/admin/teams - mutation: displayName oversized string (300 chars)", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams requestBody.displayName", - "rationale": "field \"displayName\" mutated with oversized string (300 chars); API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: displayName → oversized string (300 chars)", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "At this point the review, you want the number.", - "displayName": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "name": "Alysson Tucker" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902954+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ec9e6e43", - "title": "POST /api/admin/teams - mutation: name null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams requestBody.name", - "rationale": "field \"name\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: name → null value", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "At this point the review, you want the number.", - "displayName": "his", - "name": null - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902956+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e4058fd4", - "title": "POST /api/admin/teams - mutation: name empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams requestBody.name", - "rationale": "field \"name\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: name → empty string", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "At this point the review, you want the number.", - "displayName": "his", - "name": "" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.902959+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5294fe7b", - "title": "POST /api/admin/teams - null injection: description", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/admin/teams requestBody.properties.description", - "rationale": "field \"description\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: description", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": null, - "displayName": "should", - "name": "Chloe Oliver" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.903338+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-acaa7cdb", - "title": "POST /api/admin/teams - null injection: displayName", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/admin/teams requestBody.properties.displayName", - "rationale": "field \"displayName\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: displayName", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Explicitly name the person before you wrap it.", - "displayName": null, - "name": "Chloe Oliver" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.90334+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-abe4e3e2", - "title": "POST /api/admin/teams - null injection: name", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/admin/teams requestBody.properties.name", - "rationale": "field \"name\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: name", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Explicitly name the person before you wrap it.", - "displayName": "should", - "name": null - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.903342+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-bd5b4e9e", - "title": "POST /api/admin/teams - wrong content-type (text/plain)", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/admin/teams requestBody", - "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", - "scenario": "WRONG_CONTENT_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "wrong content-type (text/plain)", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "text/plain" - }, - "body": { - "description": "Explicitly name the person before you wrap it.", - "displayName": "should", - "name": "Chloe Oliver" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 415 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.903345+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1aea557e", - "title": "POST /api/admin/teams - [type_coercion] description wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/teams requestBody.properties.description", - "rationale": "field \"description\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] description wrong_type_integer", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": 123, - "displayName": "yet", - "name": "Ardith Cole" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.903492+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-bf50b6f1", - "title": "POST /api/admin/teams - [type_coercion] description wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/teams requestBody.properties.description", - "rationale": "field \"description\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] description wrong_type_boolean", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": true, - "displayName": "yet", - "name": "Ardith Cole" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.903494+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-759d30e5", - "title": "POST /api/admin/teams - [type_coercion] displayName wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/teams requestBody.properties.displayName", - "rationale": "field \"displayName\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] displayName wrong_type_integer", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Map the happy path through part.", - "displayName": 123, - "name": "Ardith Cole" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.903496+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-97c4c8ca", - "title": "POST /api/admin/teams - [type_coercion] displayName wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/teams requestBody.properties.displayName", - "rationale": "field \"displayName\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] displayName wrong_type_boolean", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Map the happy path through part.", - "displayName": true, - "name": "Ardith Cole" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.903499+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-05c0d231", - "title": "POST /api/admin/teams - [type_coercion] name wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/teams requestBody.properties.name", - "rationale": "field \"name\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] name wrong_type_integer", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Map the happy path through part.", - "displayName": "yet", - "name": 123 - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.903501+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b516cdc6", - "title": "POST /api/admin/teams - [type_coercion] name wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/teams requestBody.properties.name", - "rationale": "field \"name\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] name wrong_type_boolean", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Map the happy path through part.", - "displayName": "yet", - "name": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.903503+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8656dd0b", - "title": "POST /api/admin/teams - [unicode_fuzzing] description control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams requestBody.properties.description", - "rationale": "field \"description\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] description control_char", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "hello\u0000world", - "displayName": "example", - "name": "Thomas Castillo" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.903767+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5161dc9c", - "title": "POST /api/admin/teams - [unicode_fuzzing] description zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams requestBody.properties.description", - "rationale": "field \"description\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] description zero_width", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "​hello", - "displayName": "example", - "name": "Thomas Castillo" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.90377+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d96ca637", - "title": "POST /api/admin/teams - [unicode_fuzzing] description bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams requestBody.properties.description", - "rationale": "field \"description\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] description bidi_override", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "‮hello", - "displayName": "example", - "name": "Thomas Castillo" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.903773+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-432c6afa", - "title": "POST /api/admin/teams - [unicode_fuzzing] description overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams requestBody.properties.description", - "rationale": "field \"description\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] description overlong", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "displayName": "example", - "name": "Thomas Castillo" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.903776+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-760794e2", - "title": "POST /api/admin/teams - [unicode_fuzzing] description zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams requestBody.properties.description", - "rationale": "field \"description\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] description zalgo", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "z̀́̂̃̄̅̆̇a", - "displayName": "example", - "name": "Thomas Castillo" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.903778+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7ead4ab7", - "title": "POST /api/admin/teams - [unicode_fuzzing] displayName control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams requestBody.properties.displayName", - "rationale": "field \"displayName\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] displayName control_char", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Review the woman every 2 weeks.", - "displayName": "hello\u0000world", - "name": "Thomas Castillo" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.903783+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8b028ce1", - "title": "POST /api/admin/teams - [unicode_fuzzing] displayName zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams requestBody.properties.displayName", - "rationale": "field \"displayName\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] displayName zero_width", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Review the woman every 2 weeks.", - "displayName": "​hello", - "name": "Thomas Castillo" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.903786+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-693c8224", - "title": "POST /api/admin/teams - [unicode_fuzzing] displayName bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams requestBody.properties.displayName", - "rationale": "field \"displayName\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] displayName bidi_override", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Review the woman every 2 weeks.", - "displayName": "‮hello", - "name": "Thomas Castillo" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.903788+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3d12d252", - "title": "POST /api/admin/teams - [unicode_fuzzing] displayName overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams requestBody.properties.displayName", - "rationale": "field \"displayName\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] displayName overlong", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Review the woman every 2 weeks.", - "displayName": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "name": "Thomas Castillo" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.90379+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6474b9c1", - "title": "POST /api/admin/teams - [unicode_fuzzing] displayName zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams requestBody.properties.displayName", - "rationale": "field \"displayName\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] displayName zalgo", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Review the woman every 2 weeks.", - "displayName": "z̀́̂̃̄̅̆̇a", - "name": "Thomas Castillo" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.903793+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4e8b3875", - "title": "POST /api/admin/teams - [unicode_fuzzing] name control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams requestBody.properties.name", - "rationale": "field \"name\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] name control_char", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Review the woman every 2 weeks.", - "displayName": "example", - "name": "hello\u0000world" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.903796+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-76a6b2ca", - "title": "POST /api/admin/teams - [unicode_fuzzing] name zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams requestBody.properties.name", - "rationale": "field \"name\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] name zero_width", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Review the woman every 2 weeks.", - "displayName": "example", - "name": "​hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.903798+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-19447855", - "title": "POST /api/admin/teams - [unicode_fuzzing] name bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams requestBody.properties.name", - "rationale": "field \"name\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] name bidi_override", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Review the woman every 2 weeks.", - "displayName": "example", - "name": "‮hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.9038+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ee78ddc5", - "title": "POST /api/admin/teams - [unicode_fuzzing] name overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams requestBody.properties.name", - "rationale": "field \"name\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] name overlong", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Review the woman every 2 weeks.", - "displayName": "example", - "name": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.903802+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b42d8584", - "title": "POST /api/admin/teams - [unicode_fuzzing] name zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams requestBody.properties.name", - "rationale": "field \"name\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] name zalgo", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Review the woman every 2 weeks.", - "displayName": "example", - "name": "z̀́̂̃̄̅̆̇a" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.903804+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ed2bac60", - "title": "POST /api/admin/teams - [mass_assignment] privilege probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/admin/teams requestBody", - "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_PRIVILEGE" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] privilege probe", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "admin": true, - "description": "Prefer predictable group over surprising thing.", - "displayName": "tensely", - "isAdmin": true, - "is_admin": true, - "name": "Jalen Lyons", - "role": "__probe__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.904384+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-9b89bdf9", - "title": "POST /api/admin/teams - [mass_assignment] status probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/admin/teams requestBody", - "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_STATUS" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] status probe", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "approved": true, - "banned": false, - "description": "Prefer predictable group over surprising thing.", - "disabled": false, - "displayName": "tensely", - "name": "Jalen Lyons", - "verified": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.90439+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3c2025cc", - "title": "POST /api/admin/teams - [mass_assignment] financial probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/admin/teams requestBody", - "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_FINANCIAL" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] financial probe", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "balance": 1, - "credits": 1, - "description": "Prefer predictable group over surprising thing.", - "discount": 0, - "displayName": "tensely", - "name": "Jalen Lyons", - "price": 1 - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.904392+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-82f380ef", - "title": "POST /api/admin/teams - [mass_assignment] identity probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/admin/teams requestBody", - "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_IDENTITY" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] identity probe", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "createdBy": "__probe__", - "description": "Prefer predictable group over surprising thing.", - "displayName": "tensely", - "name": "Jalen Lyons", - "ownerId": "__probe__", - "userId": "__probe__", - "user_id": "__probe__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.904394+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-787507a6", - "title": "POST /api/admin/teams - [field_boundary] name valid_min", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "field_boundary", - "spec_path": "POST /api/admin/teams requestBody.name", - "rationale": "field \"name\" boundary test: valid_min", - "scenario": "FIELD_BOUNDARY_VALID" - }, - "steps": [ - { - "id": "step-main", - "title": "[field_boundary] name valid_min", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Guard world with sensible limits.", - "displayName": "those", - "name": "a" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 200 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.90454+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f9b893d9", - "title": "POST /api/admin/teams - [field_boundary] name invalid_below_min", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "field_boundary", - "spec_path": "POST /api/admin/teams requestBody.name", - "rationale": "field \"name\" boundary test: invalid_below_min", - "scenario": "FIELD_BOUNDARY_INVALID" - }, - "steps": [ - { - "id": "step-main", - "title": "[field_boundary] name invalid_below_min", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "The lingering fact been unexpectedly tensely.", - "displayName": "yours", - "name": "" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.904548+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7a6a3b1a", - "title": "POST /api/admin/teams - [required_omission] name absent", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "required_omission", - "spec_path": "POST /api/admin/teams requestBody.name", - "rationale": "required field \"name\" omitted entirely (not null) — server must reject with 4xx", - "scenario": "REQUIRED_OMISSION" - }, - "steps": [ - { - "id": "step-main", - "title": "[required_omission] name absent", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Sample week at 11s intervals.", - "displayName": "annually" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.904616+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-abcd14ab", - "title": "GET /api/tokens - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "GET /api/tokens", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "GET", - "path": "/api/tokens", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.tokens", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.904756+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-dcecca87", - "title": "[OWASP-API2] GET /api/tokens — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/tokens", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "GET", - "path": "/api/tokens", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.904818+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6a65bf78", - "title": "POST /api/tokens - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /api/tokens", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Allison Hunter", - "scope": "read" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.name", - "operator": "exists" - }, - { - "target": "body.prefix", - "operator": "exists" - }, - { - "target": "body.scope", - "operator": "exists" - }, - { - "target": "body.token", - "operator": "exists" - }, - { - "target": "body.createdAt", - "operator": "exists" - }, - { - "target": "body.id", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.904975+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5566a91f", - "title": "POST /api/tokens - missing required field \"name\"", - "kind": "single", - "priority": "P1", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /api/tokens requestBody.properties.name", - "rationale": "invalid equivalence class: required field \"name\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"name\"", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "scope": "read" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.904982+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-aa18d499", - "title": "POST /api/tokens - missing required field \"scope\"", - "kind": "single", - "priority": "P1", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /api/tokens requestBody.properties.scope", - "rationale": "invalid equivalence class: required field \"scope\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"scope\"", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Lawrence Braun" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.904986+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1c063dd5", - "title": "POST /api/tokens - name at min_valid boundary", - "kind": "single", - "priority": "P1", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/tokens requestBody.properties.name", - "rationale": "boundary value analysis: name at min_valid", - "scenario": "STRING_MIN_LENGTH" - }, - "steps": [ - { - "id": "step-main", - "title": "name at min_valid boundary", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Y", - "scope": "read" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.90514+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d08f5a90", - "title": "POST /api/tokens - name at min_minus_one_invalid boundary", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/tokens requestBody.properties.name", - "rationale": "boundary value analysis: name at min_minus_one_invalid", - "scenario": "STRING_BELOW_MIN" - }, - "steps": [ - { - "id": "step-main", - "title": "name at min_minus_one_invalid boundary", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "e", - "scope": "read" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.905143+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a0247f03", - "title": "POST /api/tokens - name at max_valid boundary", - "kind": "single", - "priority": "P1", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/tokens requestBody.properties.name", - "rationale": "boundary value analysis: name at max_valid", - "scenario": "STRING_MAX_LENGTH" - }, - "steps": [ - { - "id": "step-main", - "title": "name at max_valid boundary", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "dIcVzeAXIpwOMzbhuWAKvYpdHpXhDnlquznBMpHNObsplNJMCmfagUMlgmyfFcxjiOSjnDPJMExECRCIPMONUmxCjiZwOKphjBRzxRgqBHCPWiUvPVxGpuIuOwqcjGDtPEXvUFwTFgNBEKmwQejgeRCcxYCgaGRusgCHYhGuMkhuWBKpkpOWZMOWQrWAqMGwVOnWXHenTnRwxoXQNWVzoLuAeLfEUWmvtOaUOzDopkvdpjDJgEGrzToimadBCbq", - "scope": "read" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.905152+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7b3217ba", - "title": "POST /api/tokens - name at max_plus_one_invalid boundary", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/tokens requestBody.properties.name", - "rationale": "boundary value analysis: name at max_plus_one_invalid", - "scenario": "STRING_ABOVE_MAX" - }, - "steps": [ - { - "id": "step-main", - "title": "name at max_plus_one_invalid boundary", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "gZkkKaBcgUUrJhMvMmXsjgUJDOfrVpkfGCKVAUujjHuMbmjqYrroOdpRDCHXNKftgwkIjzdVDnyjNbwYqqZrajsqPvSTaCwhMFwMjAZyBQIjmghcfkelirBpAPxhbuYkwsodExCcRneWXSlyLvtcufLRHJWucpZNlpPiKuSLlicpZPdObnVxJdhXykuHmqCapfBevaSSFSPEtYlzUlPAVbisIBFXneKSEoFFcgPCMSeUhOCBMxaqhfiLFJvQwWsX", - "scope": "read" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.905161+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-85621889", - "title": "POST /api/tokens - idempotent: second call must be safe", - "kind": "chain", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "idempotency", - "spec_path": "POST /api/tokens", - "rationale": "POST is a write operation; test that repeat calls are safe" - }, - "steps": [ - { - "id": "step-setup", - "title": "POST /api/tokens — first call", - "type": "setup", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Kaya Saunders", - "scope": "read" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - }, - { - "id": "step-test", - "title": "POST /api/tokens — identical second call must be safe", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Kaya Saunders", - "scope": "read" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "labels": { - "type": "idempotency" - }, - "generated_at": "2026-05-06T21:30:41.905324+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-9e6576d2", - "title": "[OWASP-API2] POST /api/tokens — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/tokens", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.905369+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d9979992", - "title": "[OWASP-API6] POST /api/tokens — mass assignment", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api6-mass-assignment" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/tokens", - "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" - }, - "steps": [ - { - "id": "step-1", - "title": "inject read-only fields in body", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "createdAt": "2000-01-01T00:00:00Z", - "id": 99999, - "name": "Marianne Nolan", - "scope": "write", - "updatedAt": "2000-01-01T00:00:00Z" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 201 - }, - { - "target": "jsonpath $.updatedAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - }, - { - "target": "jsonpath $.id", - "operator": "ne", - "expected": 99999 - }, - { - "target": "jsonpath $.createdAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.905373+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8157a3a5", - "title": "[OWASP-API7] POST /api/tokens — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/tokens", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "scope": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.905375+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1df31a27", - "title": "[OWASP-API7] POST /api/tokens — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/tokens", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "scope": "' OR 1=1--" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.905377+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-26975d5c", - "title": "[OWASP-API7] POST /api/tokens — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/tokens", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "scope": "../../../etc/passwd" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.905378+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-75703d6a", - "title": "POST /api/tokens - missing required field \"name\"", - "kind": "single", - "priority": "P1", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /api/tokens requestBody.properties.name", - "rationale": "isolated failure: only \"name\" is absent; all other fields valid", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"name\"", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "scope": "read" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.905607+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6284c90d", - "title": "POST /api/tokens - missing required field \"scope\"", - "kind": "single", - "priority": "P1", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /api/tokens requestBody.properties.scope", - "rationale": "isolated failure: only \"scope\" is absent; all other fields valid", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"scope\"", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Damion Rivera" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.905609+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b579ade9", - "title": "POST /api/tokens - invalid name: empty string violates minLength 1", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /api/tokens requestBody.properties.name", - "rationale": "isolated failure: only \"name\" is invalid (empty string violates minLength 1); all other fields valid", - "scenario": "STRING_BELOW_MIN" - }, - "steps": [ - { - "id": "step-main", - "title": "invalid name: empty string violates minLength 1", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "", - "scope": "read" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.905611+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a9cdb025", - "title": "POST /api/tokens - invalid scope: value not in enum", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /api/tokens requestBody.properties.scope", - "rationale": "isolated failure: only \"scope\" is invalid (value not in enum); all other fields valid", - "scenario": "ENUM_INVALID" - }, - "steps": [ - { - "id": "step-main", - "title": "invalid scope: value not in enum", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Damion Rivera", - "scope": "__invalid_enum__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.905615+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c2cef5a1", - "title": "POST /api/tokens - [schema_violation] name_missing_required", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /api/tokens requestBody.properties.name", - "rationale": "required field \"name\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] name_missing_required", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "scope": "read" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.906058+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ad285328", - "title": "POST /api/tokens - [schema_violation] scope_missing_required", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /api/tokens requestBody.properties.scope", - "rationale": "required field \"scope\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] scope_missing_required", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Bonita Hermann" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.90607+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-bf65e63e", - "title": "POST /api/tokens - [schema_violation] name_too_short", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /api/tokens requestBody.properties.name", - "rationale": "name is empty, violates minLength 1" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] name_too_short", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "", - "scope": "read" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.906075+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a6a38420", - "title": "POST /api/tokens - [schema_violation] scope_invalid_enum", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /api/tokens requestBody.properties.scope", - "rationale": "scope=\"__invalid__\" is not in enum [read write]" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] scope_invalid_enum", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Bonita Hermann", - "scope": "__invalid__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.906082+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-816809db", - "title": "POST /api/tokens - mutation: name null value", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/tokens requestBody.name", - "rationale": "field \"name\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: name → null value", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": null, - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.906335+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-188465c8", - "title": "POST /api/tokens - mutation: name empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/tokens requestBody.name", - "rationale": "field \"name\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: name → empty string", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "", - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.906346+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-30aabbdc", - "title": "POST /api/tokens - mutation: name integer instead of string", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/tokens requestBody.name", - "rationale": "field \"name\" mutated with integer instead of string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: name → integer instead of string", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": 12345, - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.906351+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8c9976d8", - "title": "POST /api/tokens - mutation: name oversized string (300 chars)", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/tokens requestBody.name", - "rationale": "field \"name\" mutated with oversized string (300 chars); API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: name → oversized string (300 chars)", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.906357+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-75bc6e95", - "title": "POST /api/tokens - mutation: scope null value", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/tokens requestBody.scope", - "rationale": "field \"scope\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: scope → null value", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Clifford Ruiz", - "scope": null - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.906371+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c8cd2aed", - "title": "POST /api/tokens - mutation: scope empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/tokens requestBody.scope", - "rationale": "field \"scope\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: scope → empty string", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Clifford Ruiz", - "scope": "" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.906375+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-745ea604", - "title": "POST /api/tokens - mutation: scope integer instead of string", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/tokens requestBody.scope", - "rationale": "field \"scope\" mutated with integer instead of string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: scope → integer instead of string", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Clifford Ruiz", - "scope": 12345 - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.906379+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4d189659", - "title": "POST /api/tokens - mutation: scope oversized string (300 chars)", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/tokens requestBody.scope", - "rationale": "field \"scope\" mutated with oversized string (300 chars); API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: scope → oversized string (300 chars)", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Clifford Ruiz", - "scope": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.906383+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-97bd0c77", - "title": "POST /api/tokens - null injection: name", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/tokens requestBody.properties.name", - "rationale": "field \"name\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: name", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": null, - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.906877+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-0b4d216c", - "title": "POST /api/tokens - null injection: scope", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/tokens requestBody.properties.scope", - "rationale": "field \"scope\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: scope", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Evelyn Coleman", - "scope": null - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.90688+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b0b71990", - "title": "POST /api/tokens - wrong content-type (text/plain)", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/tokens requestBody", - "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", - "scenario": "WRONG_CONTENT_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "wrong content-type (text/plain)", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "text/plain" - }, - "body": { - "name": "Evelyn Coleman", - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 415 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.906882+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-9bc60d9a", - "title": "POST /api/tokens - [type_coercion] name wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/tokens requestBody.properties.name", - "rationale": "field \"name\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] name wrong_type_integer", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": 123, - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.907024+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-bd1e61be", - "title": "POST /api/tokens - [type_coercion] name wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/tokens requestBody.properties.name", - "rationale": "field \"name\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] name wrong_type_boolean", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": true, - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.907027+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-9bf5d669", - "title": "POST /api/tokens - [type_coercion] scope wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/tokens requestBody.properties.scope", - "rationale": "field \"scope\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] scope wrong_type_integer", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Nathanael Connelly", - "scope": 123 - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.90703+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-28d94662", - "title": "POST /api/tokens - [type_coercion] scope wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/tokens requestBody.properties.scope", - "rationale": "field \"scope\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] scope wrong_type_boolean", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Nathanael Connelly", - "scope": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.907032+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-fc869137", - "title": "POST /api/tokens - [unicode_fuzzing] name control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/tokens requestBody.properties.name", - "rationale": "field \"name\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] name control_char", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "hello\u0000world", - "scope": "read" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.907222+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6f9f1e83", - "title": "POST /api/tokens - [unicode_fuzzing] name zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/tokens requestBody.properties.name", - "rationale": "field \"name\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] name zero_width", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "​hello", - "scope": "read" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.907225+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-33a5a9d7", - "title": "POST /api/tokens - [unicode_fuzzing] name bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/tokens requestBody.properties.name", - "rationale": "field \"name\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] name bidi_override", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "‮hello", - "scope": "read" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.907227+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4faf49f0", - "title": "POST /api/tokens - [unicode_fuzzing] name overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/tokens requestBody.properties.name", - "rationale": "field \"name\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] name overlong", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "scope": "read" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.90723+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-431d2bbf", - "title": "POST /api/tokens - [unicode_fuzzing] name zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/tokens requestBody.properties.name", - "rationale": "field \"name\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] name zalgo", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "z̀́̂̃̄̅̆̇a", - "scope": "read" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.907232+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-0d728fca", - "title": "POST /api/tokens - [unicode_fuzzing] scope control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/tokens requestBody.properties.scope", - "rationale": "field \"scope\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] scope control_char", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Amelia Cummings", - "scope": "hello\u0000world" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.907236+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6b8f84d1", - "title": "POST /api/tokens - [unicode_fuzzing] scope zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/tokens requestBody.properties.scope", - "rationale": "field \"scope\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] scope zero_width", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Amelia Cummings", - "scope": "​hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.907243+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8643ca22", - "title": "POST /api/tokens - [unicode_fuzzing] scope bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/tokens requestBody.properties.scope", - "rationale": "field \"scope\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] scope bidi_override", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Amelia Cummings", - "scope": "‮hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.907245+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8adfe998", - "title": "POST /api/tokens - [unicode_fuzzing] scope overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/tokens requestBody.properties.scope", - "rationale": "field \"scope\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] scope overlong", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Amelia Cummings", - "scope": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.907247+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-734aea93", - "title": "POST /api/tokens - [unicode_fuzzing] scope zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/tokens requestBody.properties.scope", - "rationale": "field \"scope\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] scope zalgo", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Amelia Cummings", - "scope": "z̀́̂̃̄̅̆̇a" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.907249+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2411ba2b", - "title": "POST /api/tokens - [mass_assignment] privilege probe", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/tokens requestBody", - "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_PRIVILEGE" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] privilege probe", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "admin": true, - "isAdmin": true, - "is_admin": true, - "name": "Jalen Phillips", - "role": "__probe__", - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.907695+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-248852e9", - "title": "POST /api/tokens - [mass_assignment] status probe", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/tokens requestBody", - "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_STATUS" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] status probe", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "approved": true, - "banned": false, - "disabled": false, - "name": "Jalen Phillips", - "scope": "write", - "verified": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.907697+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b896a4fe", - "title": "POST /api/tokens - [mass_assignment] financial probe", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/tokens requestBody", - "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_FINANCIAL" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] financial probe", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "balance": 1, - "credits": 1, - "discount": 0, - "name": "Jalen Phillips", - "price": 1, - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.907699+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b46880dc", - "title": "POST /api/tokens - [mass_assignment] identity probe", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/tokens requestBody", - "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_IDENTITY" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] identity probe", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "createdBy": "__probe__", - "name": "Jalen Phillips", - "ownerId": "__probe__", - "scope": "write", - "userId": "__probe__", - "user_id": "__probe__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.907701+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-041bf0da", - "title": "POST /api/tokens - [field_boundary] name valid_min", - "kind": "single", - "priority": "P1", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "field_boundary", - "spec_path": "POST /api/tokens requestBody.name", - "rationale": "field \"name\" boundary test: valid_min", - "scenario": "FIELD_BOUNDARY_VALID" - }, - "steps": [ - { - "id": "step-main", - "title": "[field_boundary] name valid_min", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "a", - "scope": "read" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 200 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.907874+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-107263c8", - "title": "POST /api/tokens - [field_boundary] name invalid_below_min", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "field_boundary", - "spec_path": "POST /api/tokens requestBody.name", - "rationale": "field \"name\" boundary test: invalid_below_min", - "scenario": "FIELD_BOUNDARY_INVALID" - }, - "steps": [ - { - "id": "step-main", - "title": "[field_boundary] name invalid_below_min", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "", - "scope": "read" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.907877+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b998dc1a", - "title": "POST /api/tokens - [required_omission] name absent", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "required_omission", - "spec_path": "POST /api/tokens requestBody.name", - "rationale": "required field \"name\" omitted entirely (not null) — server must reject with 4xx", - "scenario": "REQUIRED_OMISSION" - }, - "steps": [ - { - "id": "step-main", - "title": "[required_omission] name absent", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.907964+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-fcb3e065", - "title": "POST /api/tokens - [required_omission] scope absent", - "kind": "single", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "required_omission", - "spec_path": "POST /api/tokens requestBody.scope", - "rationale": "required field \"scope\" omitted entirely (not null) — server must reject with 4xx", - "scenario": "REQUIRED_OMISSION" - }, - "steps": [ - { - "id": "step-main", - "title": "[required_omission] scope absent", - "type": "test", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Macey Wolfe" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.907967+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a517ccf9", - "title": "POST /auth/logout - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Auth" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /auth/logout", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "POST", - "path": "/auth/logout", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.ok", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.90814+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-cf0be90a", - "title": "POST /auth/logout - idempotent: second call must be safe", - "kind": "chain", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "idempotency", - "spec_path": "POST /auth/logout", - "rationale": "POST is a write operation; test that repeat calls are safe" - }, - "steps": [ - { - "id": "step-setup", - "title": "POST /auth/logout — first call", - "type": "setup", - "method": "POST", - "path": "/auth/logout", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - }, - { - "id": "step-test", - "title": "POST /auth/logout — identical second call must be safe", - "type": "test", - "method": "POST", - "path": "/auth/logout", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "labels": { - "type": "idempotency" - }, - "generated_at": "2026-05-06T21:30:41.908207+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f1d4a7ff", - "title": "GET /api/admin/teams/{id}/members - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "GET /api/admin/teams/{id}/members", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{id}/members", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.members", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.908347+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-be93ffb9", - "title": "[OWASP-API1] GET /api/admin/teams/{id}/members — BOLA unauthorized access", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api1-bola" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/admin/teams/{id}/members", - "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access other user's resource", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{{other_resource_id}}/members", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.908417+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-942888a7", - "title": "[OWASP-API2] GET /api/admin/teams/{id}/members — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/admin/teams/{id}/members", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{id}/members", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.908418+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-9935c2df", - "title": "[OWASP-API7] GET /api/admin/teams/{id}/members — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/admin/teams/{id}/members", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/members", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.908421+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-05eacd8d", - "title": "[OWASP-API7] GET /api/admin/teams/{id}/members — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/admin/teams/{id}/members", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/%27%20OR%201=1--/members", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.908422+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c5fcb2bd", - "title": "[OWASP-API7] GET /api/admin/teams/{id}/members — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/admin/teams/{id}/members", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/members", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.908424+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-724cd05d", - "title": "GET /api/admin/teams/{id}/members - missing required param \"id\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "GET /api/admin/teams/{id}/members parameters.id", - "rationale": "isolated failure: required param \"id\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"id\"", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/1/members", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.908669+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4af55f13", - "title": "GET /api/admin/teams/{id}/members - IDOR id=99999 (alt_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "GET /api/admin/teams/{id}/members parameters.id", - "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=99999 (alt_id)", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/99999/members", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.908724+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8d769a8b", - "title": "GET /api/admin/teams/{id}/members - IDOR id=0 (zero_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "GET /api/admin/teams/{id}/members parameters.id", - "rationale": "IDOR probe: substituting id=0 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=0 (zero_id)", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/0/members", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.908726+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-17f7b78e", - "title": "POST /api/admin/teams/{id}/members - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /api/admin/teams/{id}/members", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "member", - "userId": "a3bd36d6-0660-42cd-82e2-4ffe231776bc" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.ok", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.908902+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-aea81fb1", - "title": "POST /api/admin/teams/{id}/members - missing required field \"userId\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.userId", - "rationale": "invalid equivalence class: required field \"userId\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"userId\"", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "owner" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.908907+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-fce8d8db", - "title": "POST /api/admin/teams/{id}/members - idempotent: second call must be safe", - "kind": "chain", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "idempotency", - "spec_path": "POST /api/admin/teams/{id}/members", - "rationale": "POST is a write operation; test that repeat calls are safe" - }, - "steps": [ - { - "id": "step-setup", - "title": "POST /api/admin/teams/{id}/members — first call", - "type": "setup", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "member", - "userId": "f78fd0f2-6376-4a2b-8124-8006f5d96d4a" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - }, - { - "id": "step-test", - "title": "POST /api/admin/teams/{id}/members — identical second call must be safe", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "member", - "userId": "f78fd0f2-6376-4a2b-8124-8006f5d96d4a" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "labels": { - "type": "idempotency" - }, - "generated_at": "2026-05-06T21:30:41.909032+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-bc997516", - "title": "[OWASP-API1] POST /api/admin/teams/{id}/members — BOLA unauthorized access", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api1-bola" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/teams/{id}/members", - "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access other user's resource", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{{other_resource_id}}/members", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.909082+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d1200108", - "title": "[OWASP-API2] POST /api/admin/teams/{id}/members — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/teams/{id}/members", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.909083+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5a01a3ba", - "title": "[OWASP-API6] POST /api/admin/teams/{id}/members — mass assignment", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api6-mass-assignment" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/teams/{id}/members", - "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" - }, - "steps": [ - { - "id": "step-1", - "title": "inject read-only fields in body", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "createdAt": "2000-01-01T00:00:00Z", - "id": 99999, - "role": "owner", - "updatedAt": "2000-01-01T00:00:00Z", - "userId": "4409317f-6972-4069-8ed6-942e90d42ec2" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 201 - }, - { - "target": "jsonpath $.id", - "operator": "ne", - "expected": 99999 - }, - { - "target": "jsonpath $.createdAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - }, - { - "target": "jsonpath $.updatedAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.909087+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-dd4d8c19", - "title": "[OWASP-API7] POST /api/admin/teams/{id}/members — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/teams/{id}/members", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/members", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.90909+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5a3931f1", - "title": "[OWASP-API7] POST /api/admin/teams/{id}/members — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/teams/{id}/members", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/%27%20OR%201=1--/members", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.909092+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-60a70815", - "title": "[OWASP-API7] POST /api/admin/teams/{id}/members — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/teams/{id}/members", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/members", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.909093+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4eda623b", - "title": "POST /api/admin/teams/{id}/members - missing required field \"userId\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.userId", - "rationale": "isolated failure: only \"userId\" is absent; all other fields valid", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"userId\"", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "member" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.909407+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-54b6ea73", - "title": "POST /api/admin/teams/{id}/members - invalid role: value not in enum", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.role", - "rationale": "isolated failure: only \"role\" is invalid (value not in enum); all other fields valid", - "scenario": "ENUM_INVALID" - }, - "steps": [ - { - "id": "step-main", - "title": "invalid role: value not in enum", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "__invalid_enum__", - "userId": "45cf0fb5-a53d-4f38-94af-85fabe94e394" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.909409+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e44fc900", - "title": "POST /api/admin/teams/{id}/members - missing required param \"id\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /api/admin/teams/{id}/members parameters.id", - "rationale": "isolated failure: required param \"id\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"id\"", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/1/members", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.909411+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-71efcd62", - "title": "POST /api/admin/teams/{id}/members - [schema_violation] userId_missing_required", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.userId", - "rationale": "required field \"userId\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] userId_missing_required", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "member" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.909567+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1d2b8bb8", - "title": "POST /api/admin/teams/{id}/members - [schema_violation] role_invalid_enum", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.role", - "rationale": "role=\"__invalid__\" is not in enum [owner member]" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] role_invalid_enum", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "__invalid__", - "userId": "b28b1b32-e5b1-4269-b005-d53ff9fd5a8d" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.909569+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-aff2608e", - "title": "POST /api/admin/teams/{id}/members - mutation: role null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.role", - "rationale": "field \"role\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: role → null value", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": null, - "userId": "eb5af601-571e-49ce-a28d-f33fe87bc344" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.909673+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-0cb69d90", - "title": "POST /api/admin/teams/{id}/members - mutation: role empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.role", - "rationale": "field \"role\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: role → empty string", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "", - "userId": "eb5af601-571e-49ce-a28d-f33fe87bc344" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.909675+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-dc8849f5", - "title": "POST /api/admin/teams/{id}/members - mutation: role integer instead of string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.role", - "rationale": "field \"role\" mutated with integer instead of string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: role → integer instead of string", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": 12345, - "userId": "eb5af601-571e-49ce-a28d-f33fe87bc344" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.909677+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-977e71fa", - "title": "POST /api/admin/teams/{id}/members - mutation: role oversized string (300 chars)", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.role", - "rationale": "field \"role\" mutated with oversized string (300 chars); API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: role → oversized string (300 chars)", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "userId": "eb5af601-571e-49ce-a28d-f33fe87bc344" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.90968+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8e4fd867", - "title": "POST /api/admin/teams/{id}/members - mutation: userId null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.userId", - "rationale": "field \"userId\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: userId → null value", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "member", - "userId": null - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.909682+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b3beebbb", - "title": "POST /api/admin/teams/{id}/members - mutation: userId empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.userId", - "rationale": "field \"userId\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: userId → empty string", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "member", - "userId": "" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.909684+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d8212bc8", - "title": "POST /api/admin/teams/{id}/members - mutation: userId integer instead of string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.userId", - "rationale": "field \"userId\" mutated with integer instead of string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: userId → integer instead of string", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "member", - "userId": 12345 - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.909686+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5739a85b", - "title": "POST /api/admin/teams/{id}/members - mutation: userId oversized string (300 chars)", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.userId", - "rationale": "field \"userId\" mutated with oversized string (300 chars); API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: userId → oversized string (300 chars)", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "member", - "userId": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.909688+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a2c2e196", - "title": "POST /api/admin/teams/{id}/members - null injection: role", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.role", - "rationale": "field \"role\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: role", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": null, - "userId": "b6f51cc4-2389-42c5-a864-35545c08cda9" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.910109+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1b45482b", - "title": "POST /api/admin/teams/{id}/members - null injection: userId", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.userId", - "rationale": "field \"userId\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: userId", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "owner", - "userId": null - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.910111+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-0f904569", - "title": "POST /api/admin/teams/{id}/members - wrong content-type (text/plain)", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/admin/teams/{id}/members requestBody", - "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", - "scenario": "WRONG_CONTENT_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "wrong content-type (text/plain)", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "text/plain" - }, - "body": { - "role": "owner", - "userId": "b6f51cc4-2389-42c5-a864-35545c08cda9" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 415 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.910113+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-95fd239a", - "title": "POST /api/admin/teams/{id}/members - [type_coercion] role wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.role", - "rationale": "field \"role\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] role wrong_type_integer", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": 123, - "userId": "8aa00d9d-7b81-42a4-830e-092302d2f2c4" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.910267+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2a4f0269", - "title": "POST /api/admin/teams/{id}/members - [type_coercion] role wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.role", - "rationale": "field \"role\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] role wrong_type_boolean", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": true, - "userId": "8aa00d9d-7b81-42a4-830e-092302d2f2c4" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.910269+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-76bfddd4", - "title": "POST /api/admin/teams/{id}/members - [type_coercion] userId wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.userId", - "rationale": "field \"userId\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] userId wrong_type_integer", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "member", - "userId": 123 - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.910271+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8aeef740", - "title": "POST /api/admin/teams/{id}/members - [type_coercion] userId wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.userId", - "rationale": "field \"userId\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] userId wrong_type_boolean", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "member", - "userId": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.910274+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-39e9a695", - "title": "POST /api/admin/teams/{id}/members - [unicode_fuzzing] role control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.role", - "rationale": "field \"role\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] role control_char", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "hello\u0000world", - "userId": "00287abb-135c-4e57-a40f-6a5a00caf19e" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.91049+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-241bc1b4", - "title": "POST /api/admin/teams/{id}/members - [unicode_fuzzing] role zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.role", - "rationale": "field \"role\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] role zero_width", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "​hello", - "userId": "00287abb-135c-4e57-a40f-6a5a00caf19e" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.910492+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-aa47e2dd", - "title": "POST /api/admin/teams/{id}/members - [unicode_fuzzing] role bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.role", - "rationale": "field \"role\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] role bidi_override", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "‮hello", - "userId": "00287abb-135c-4e57-a40f-6a5a00caf19e" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.910494+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7473f431", - "title": "POST /api/admin/teams/{id}/members - [unicode_fuzzing] role overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.role", - "rationale": "field \"role\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] role overlong", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "userId": "00287abb-135c-4e57-a40f-6a5a00caf19e" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.910497+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-83be4bd5", - "title": "POST /api/admin/teams/{id}/members - [unicode_fuzzing] role zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.role", - "rationale": "field \"role\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] role zalgo", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "z̀́̂̃̄̅̆̇a", - "userId": "00287abb-135c-4e57-a40f-6a5a00caf19e" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.910498+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-382c05ef", - "title": "POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.userId", - "rationale": "field \"userId\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] userId control_char", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "owner", - "userId": "hello\u0000world" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.910501+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-bdeeed04", - "title": "POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.userId", - "rationale": "field \"userId\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] userId zero_width", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "owner", - "userId": "​hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.910503+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e839caab", - "title": "POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.userId", - "rationale": "field \"userId\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] userId bidi_override", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "owner", - "userId": "‮hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.910505+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-cbe2af65", - "title": "POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.userId", - "rationale": "field \"userId\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] userId overlong", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "owner", - "userId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.910506+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-9cd03a11", - "title": "POST /api/admin/teams/{id}/members - [unicode_fuzzing] userId zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.properties.userId", - "rationale": "field \"userId\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] userId zalgo", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "owner", - "userId": "z̀́̂̃̄̅̆̇a" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.910509+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-850dd902", - "title": "POST /api/admin/teams/{id}/members - [mass_assignment] privilege probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/admin/teams/{id}/members requestBody", - "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_PRIVILEGE" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] privilege probe", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "admin": true, - "isAdmin": true, - "is_admin": true, - "role": "__probe__", - "userId": "b21cab01-ede4-49da-9080-18aced242f70" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.911028+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-edb444ec", - "title": "POST /api/admin/teams/{id}/members - [mass_assignment] status probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/admin/teams/{id}/members requestBody", - "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_STATUS" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] status probe", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "approved": true, - "banned": false, - "disabled": false, - "role": "member", - "userId": "b21cab01-ede4-49da-9080-18aced242f70", - "verified": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.91103+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-31f44a55", - "title": "POST /api/admin/teams/{id}/members - [mass_assignment] financial probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/admin/teams/{id}/members requestBody", - "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_FINANCIAL" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] financial probe", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "balance": 1, - "credits": 1, - "discount": 0, - "price": 1, - "role": "member", - "userId": "b21cab01-ede4-49da-9080-18aced242f70" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.911032+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-09f9b8eb", - "title": "POST /api/admin/teams/{id}/members - [mass_assignment] identity probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/admin/teams/{id}/members requestBody", - "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_IDENTITY" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] identity probe", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "createdBy": "__probe__", - "ownerId": "__probe__", - "role": "member", - "userId": "__probe__", - "user_id": "__probe__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.911034+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d1a0e9c6", - "title": "POST /api/admin/teams/{id}/members - IDOR id=99999 (alt_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "POST /api/admin/teams/{id}/members parameters.id", - "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=99999 (alt_id)", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/99999/members", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.911244+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-07948765", - "title": "POST /api/admin/teams/{id}/members - IDOR id=0 (zero_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "POST /api/admin/teams/{id}/members parameters.id", - "rationale": "IDOR probe: substituting id=0 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=0 (zero_id)", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/0/members", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.911246+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1da7a2c3", - "title": "POST /api/admin/teams/{id}/members - [required_omission] userId absent", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "required_omission", - "spec_path": "POST /api/admin/teams/{id}/members requestBody.userId", - "rationale": "required field \"userId\" omitted entirely (not null) — server must reject with 4xx", - "scenario": "REQUIRED_OMISSION" - }, - "steps": [ - { - "id": "step-main", - "title": "[required_omission] userId absent", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "owner" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.911346+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e159fefe", - "title": "GET /api/specs/{service}/{branch}/openapi.json - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Specs" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "GET /api/specs/{service}/{branch}/openapi.json", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "GET", - "path": "/api/specs/{service}/{branch}/openapi.json", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.911516+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5b840153", - "title": "[OWASP-API2] GET /api/specs/{service}/{branch}/openapi.json — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/specs/{service}/{branch}/openapi.json", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "GET", - "path": "/api/specs/{service}/{branch}/openapi.json", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.91157+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-69cf35a6", - "title": "[OWASP-API7] GET /api/specs/{service}/{branch}/openapi.json — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/specs/{service}/{branch}/openapi.json", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "GET", - "path": "/api/specs/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/{branch}/openapi.json", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.911572+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3e62652b", - "title": "[OWASP-API7] GET /api/specs/{service}/{branch}/openapi.json — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/specs/{service}/{branch}/openapi.json", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "GET", - "path": "/api/specs/%27%20OR%201=1--/{branch}/openapi.json", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.911574+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-217a31ae", - "title": "[OWASP-API7] GET /api/specs/{service}/{branch}/openapi.json — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/specs/{service}/{branch}/openapi.json", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "GET", - "path": "/api/specs/..%2F..%2F..%2Fetc%2Fpasswd/{branch}/openapi.json", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.911576+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-14b52fbb", - "title": "GET /api/specs/{service}/{branch}/openapi.json - missing required param \"service\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Specs" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "GET /api/specs/{service}/{branch}/openapi.json parameters.service", - "rationale": "isolated failure: required param \"service\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"service\"", - "type": "test", - "method": "GET", - "path": "/api/specs/1/1/openapi.json", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.911778+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-dd4faa6a", - "title": "GET /api/specs/{service}/{branch}/openapi.json - missing required param \"branch\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Specs" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "GET /api/specs/{service}/{branch}/openapi.json parameters.branch", - "rationale": "isolated failure: required param \"branch\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"branch\"", - "type": "test", - "method": "GET", - "path": "/api/specs/1/1/openapi.json", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.911781+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-787a33be", - "title": "POST /auth/register - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Auth" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /auth/register", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "alessandravaldez@daniel.net", - "password": "who" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.userId", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.911971+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-445d8b1f", - "title": "POST /auth/register - missing required field \"email\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Auth" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /auth/register requestBody.properties.email", - "rationale": "invalid equivalence class: required field \"email\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"email\"", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "password": "still" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.911976+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-31707ae5", - "title": "POST /auth/register - missing required field \"password\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Auth" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /auth/register requestBody.properties.password", - "rationale": "invalid equivalence class: required field \"password\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"password\"", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "leahawkins@white.io" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.91198+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-0f0b429e", - "title": "POST /auth/register - password at min_valid boundary", - "kind": "single", - "priority": "P1", - "tags": [ - "Auth" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /auth/register requestBody.properties.password", - "rationale": "boundary value analysis: password at min_valid", - "scenario": "STRING_MIN_LENGTH" - }, - "steps": [ - { - "id": "step-main", - "title": "password at min_valid boundary", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "kasandravelazquez@willis.org", - "password": "htnnilAG" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.912148+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-15e47d10", - "title": "POST /auth/register - password at min_minus_one_invalid boundary", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /auth/register requestBody.properties.password", - "rationale": "boundary value analysis: password at min_minus_one_invalid", - "scenario": "STRING_BELOW_MIN" - }, - "steps": [ - { - "id": "step-main", - "title": "password at min_minus_one_invalid boundary", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "kasandravelazquez@willis.org", - "password": "qnWvUIn" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.91215+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b381fdb9", - "title": "POST /auth/register - password at max_valid boundary", - "kind": "single", - "priority": "P1", - "tags": [ - "Auth" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /auth/register requestBody.properties.password", - "rationale": "boundary value analysis: password at max_valid", - "scenario": "STRING_MAX_LENGTH" - }, - "steps": [ - { - "id": "step-main", - "title": "password at max_valid boundary", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "kasandravelazquez@willis.org", - "password": "zBlKzdHplyIohqMEAqvZSLUwRAAjdZKfbpkfEhUcSKoTKSlgMvwBEjoRpxXhryTaTAoTzCYyWaXpUkIgpumlAMpSEYEqFYHvmPDdtFumNUpHtbSoyugqaeiVyRdgqNwJsZzlXPJtrDBniDFcfYhHvlLEZBOqZCOoAPKPXTaHVHlRPRLPdCiRYyBYiVNGQIfRCXVbfVAECwwZbjBrGaKIfctBAjeidCzjvfjsjckVQIlqUrEHxrxTFDKxXvgrcFS" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.912159+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-0de23fb9", - "title": "POST /auth/register - password at max_plus_one_invalid boundary", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /auth/register requestBody.properties.password", - "rationale": "boundary value analysis: password at max_plus_one_invalid", - "scenario": "STRING_ABOVE_MAX" - }, - "steps": [ - { - "id": "step-main", - "title": "password at max_plus_one_invalid boundary", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "kasandravelazquez@willis.org", - "password": "rPNlcdUMPwImsPdHFstXXMFIWbajRRdQloozwcKtoDbGhjiVVjHhIxcPpxMVGqqKfZycxZGoowdemLuYWOaEvFeerqBahGZywYIkuGXZrJdCNLryEunbqPYCHWypnUwNviWToCVJFisKyZtCteizZYgpdPlJDBzSucWfdtYFBAzmlDrKirFlAXDxVwWdZscUXFIAryQbydibyCuTJuKPjVPFBgydzlVHJwlOmkfnmyWhxdOnhlOMZdXVRggOpqya" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.912167+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d4349959", - "title": "POST /auth/register - idempotent: second call must be safe", - "kind": "chain", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "idempotency", - "spec_path": "POST /auth/register", - "rationale": "POST is a write operation; test that repeat calls are safe" - }, - "steps": [ - { - "id": "step-setup", - "title": "POST /auth/register — first call", - "type": "setup", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "selenagarza@ross.name", - "password": "break" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - }, - { - "id": "step-test", - "title": "POST /auth/register — identical second call must be safe", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "selenagarza@ross.name", - "password": "break" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "labels": { - "type": "idempotency" - }, - "generated_at": "2026-05-06T21:30:41.912366+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e8a47f18", - "title": "[OWASP-API2] POST /auth/register — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /auth/register", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "POST", - "path": "/auth/register", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.912416+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-900b6a9f", - "title": "[OWASP-API6] POST /auth/register — mass assignment", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api6-mass-assignment" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /auth/register", - "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" - }, - "steps": [ - { - "id": "step-1", - "title": "inject read-only fields in body", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "createdAt": "2000-01-01T00:00:00Z", - "email": "gennarogislason@newton.io", - "id": 99999, - "password": "did", - "updatedAt": "2000-01-01T00:00:00Z" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 201 - }, - { - "target": "jsonpath $.createdAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - }, - { - "target": "jsonpath $.updatedAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - }, - { - "target": "jsonpath $.id", - "operator": "ne", - "expected": 99999 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.912422+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-368fd7b5", - "title": "[OWASP-API7] POST /auth/register — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /auth/register", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.912424+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ff6e6a6b", - "title": "[OWASP-API7] POST /auth/register — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /auth/register", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "' OR 1=1--" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.912425+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2f3c6761", - "title": "[OWASP-API7] POST /auth/register — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /auth/register", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "../../../etc/passwd" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.912426+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-cae39bb3", - "title": "POST /auth/register - missing required field \"email\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Auth" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /auth/register requestBody.properties.email", - "rationale": "isolated failure: only \"email\" is absent; all other fields valid", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"email\"", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "password": "this" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.912695+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-72f7ecb7", - "title": "POST /auth/register - missing required field \"password\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Auth" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /auth/register requestBody.properties.password", - "rationale": "isolated failure: only \"password\" is absent; all other fields valid", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"password\"", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "mayragrant@nichols.name" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.912696+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8449b518", - "title": "POST /auth/register - invalid email: invalid email format", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /auth/register requestBody.properties.email", - "rationale": "isolated failure: only \"email\" is invalid (invalid email format); all other fields valid", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "invalid email: invalid email format", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "not-an-email", - "password": "this" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.912698+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-cf64a6d3", - "title": "POST /auth/register - invalid password: empty string violates minLength 8", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /auth/register requestBody.properties.password", - "rationale": "isolated failure: only \"password\" is invalid (empty string violates minLength 8); all other fields valid", - "scenario": "STRING_BELOW_MIN" - }, - "steps": [ - { - "id": "step-main", - "title": "invalid password: empty string violates minLength 8", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "mayragrant@nichols.name", - "password": "" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.912701+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-95b20a12", - "title": "POST /auth/register - [schema_violation] email_missing_required", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /auth/register requestBody.properties.email", - "rationale": "required field \"email\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] email_missing_required", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "password": "these" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.912906+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-88fb391a", - "title": "POST /auth/register - [schema_violation] password_missing_required", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /auth/register requestBody.properties.password", - "rationale": "required field \"password\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] password_missing_required", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "jadonrobertson@wu.org" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.912908+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-75e2908b", - "title": "POST /auth/register - [schema_violation] email_invalid_format_email", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /auth/register requestBody.properties.email", - "rationale": "email=\"not-an-email\" violates format \"email\"" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] email_invalid_format_email", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "not-an-email", - "password": "these" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.912909+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-225366e2", - "title": "POST /auth/register - [schema_violation] password_too_short", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /auth/register requestBody.properties.password", - "rationale": "password is empty, violates minLength 8" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] password_too_short", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "jadonrobertson@wu.org", - "password": "" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.912911+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6da4f717", - "title": "POST /auth/register - mutation: email null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /auth/register requestBody.email", - "rationale": "field \"email\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: email → null value", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": null, - "password": "where" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.913116+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b9e7832e", - "title": "POST /auth/register - mutation: email empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /auth/register requestBody.email", - "rationale": "field \"email\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: email → empty string", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "", - "password": "where" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.913119+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-00b95383", - "title": "POST /auth/register - mutation: email integer instead of string", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /auth/register requestBody.email", - "rationale": "field \"email\" mutated with integer instead of string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: email → integer instead of string", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": 12345, - "password": "where" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.913124+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3dfbbb02", - "title": "POST /auth/register - mutation: email oversized string (300 chars)", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /auth/register requestBody.email", - "rationale": "field \"email\" mutated with oversized string (300 chars); API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: email → oversized string (300 chars)", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "password": "where" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.913126+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7c859b9c", - "title": "POST /auth/register - mutation: email invalid email format", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /auth/register requestBody.email", - "rationale": "field \"email\" mutated with invalid email format; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: email → invalid email format", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "not-an-email", - "password": "where" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.913131+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8df134ff", - "title": "POST /auth/register - mutation: password null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /auth/register requestBody.password", - "rationale": "field \"password\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: password → null value", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "marjoriecole@donnelly.org", - "password": null - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.913133+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f66d6ba8", - "title": "POST /auth/register - mutation: password empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /auth/register requestBody.password", - "rationale": "field \"password\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: password → empty string", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "marjoriecole@donnelly.org", - "password": "" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.913135+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-85af6488", - "title": "POST /auth/register - mutation: password integer instead of string", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /auth/register requestBody.password", - "rationale": "field \"password\" mutated with integer instead of string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: password → integer instead of string", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "marjoriecole@donnelly.org", - "password": 12345 - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.913136+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ffcd46cb", - "title": "POST /auth/register - mutation: password oversized string (300 chars)", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /auth/register requestBody.password", - "rationale": "field \"password\" mutated with oversized string (300 chars); API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: password → oversized string (300 chars)", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "marjoriecole@donnelly.org", - "password": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.913138+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-031620b5", - "title": "POST /auth/register - null injection: email", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /auth/register requestBody.properties.email", - "rationale": "field \"email\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: email", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": null, - "password": "mouth" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.913607+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-dc0c76f3", - "title": "POST /auth/register - null injection: password", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /auth/register requestBody.properties.password", - "rationale": "field \"password\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: password", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "audreygarrett@morris.info", - "password": null - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.913608+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-9cf203de", - "title": "POST /auth/register - wrong content-type (text/plain)", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /auth/register requestBody", - "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", - "scenario": "WRONG_CONTENT_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "wrong content-type (text/plain)", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "text/plain" - }, - "body": { - "email": "audreygarrett@morris.info", - "password": "mouth" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 415 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.91361+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c40fa64f", - "title": "POST /auth/register - [type_coercion] email wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /auth/register requestBody.properties.email", - "rationale": "field \"email\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] email wrong_type_integer", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": 123, - "password": "it" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.913763+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-cff3b5ee", - "title": "POST /auth/register - [type_coercion] email wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /auth/register requestBody.properties.email", - "rationale": "field \"email\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] email wrong_type_boolean", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": true, - "password": "it" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.913765+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4a32c12b", - "title": "POST /auth/register - [type_coercion] password wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /auth/register requestBody.properties.password", - "rationale": "field \"password\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] password wrong_type_integer", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "bentonwoods@marsh.net", - "password": 123 - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.913767+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4af1b36a", - "title": "POST /auth/register - [type_coercion] password wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /auth/register requestBody.properties.password", - "rationale": "field \"password\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] password wrong_type_boolean", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "bentonwoods@marsh.net", - "password": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.91377+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-619e4131", - "title": "POST /auth/register - [unicode_fuzzing] email control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Auth" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /auth/register requestBody.properties.email", - "rationale": "field \"email\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] email control_char", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "hello\u0000world", - "password": "every" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.913979+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c30816fe", - "title": "POST /auth/register - [unicode_fuzzing] email zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Auth" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /auth/register requestBody.properties.email", - "rationale": "field \"email\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] email zero_width", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "​hello", - "password": "every" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.913981+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-cd50c303", - "title": "POST /auth/register - [unicode_fuzzing] email bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Auth" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /auth/register requestBody.properties.email", - "rationale": "field \"email\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] email bidi_override", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "‮hello", - "password": "every" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.913983+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-aea85ac5", - "title": "POST /auth/register - [unicode_fuzzing] email overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Auth" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /auth/register requestBody.properties.email", - "rationale": "field \"email\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] email overlong", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "password": "every" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.913985+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-67eec10b", - "title": "POST /auth/register - [unicode_fuzzing] email zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Auth" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /auth/register requestBody.properties.email", - "rationale": "field \"email\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] email zalgo", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "z̀́̂̃̄̅̆̇a", - "password": "every" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.913986+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-cd54b4b0", - "title": "POST /auth/register - [unicode_fuzzing] password control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Auth" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /auth/register requestBody.properties.password", - "rationale": "field \"password\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] password control_char", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "charityross@barber.biz", - "password": "hello\u0000world" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.913993+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e4e8966c", - "title": "POST /auth/register - [unicode_fuzzing] password zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Auth" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /auth/register requestBody.properties.password", - "rationale": "field \"password\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] password zero_width", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "charityross@barber.biz", - "password": "​hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.913995+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-28ca4955", - "title": "POST /auth/register - [unicode_fuzzing] password bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Auth" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /auth/register requestBody.properties.password", - "rationale": "field \"password\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] password bidi_override", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "charityross@barber.biz", - "password": "‮hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.913998+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3ac12861", - "title": "POST /auth/register - [unicode_fuzzing] password overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Auth" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /auth/register requestBody.properties.password", - "rationale": "field \"password\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] password overlong", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "charityross@barber.biz", - "password": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.913999+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ab0475dc", - "title": "POST /auth/register - [unicode_fuzzing] password zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Auth" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /auth/register requestBody.properties.password", - "rationale": "field \"password\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] password zalgo", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "charityross@barber.biz", - "password": "z̀́̂̃̄̅̆̇a" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.914002+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-065d2087", - "title": "POST /auth/register - [mass_assignment] privilege probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /auth/register requestBody", - "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_PRIVILEGE" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] privilege probe", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "admin": true, - "email": "waynedaniels@farrell.io", - "isAdmin": true, - "is_admin": true, - "password": "instead", - "role": "__probe__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.914519+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-cabe7291", - "title": "POST /auth/register - [mass_assignment] status probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /auth/register requestBody", - "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_STATUS" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] status probe", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "approved": true, - "banned": false, - "disabled": false, - "email": "waynedaniels@farrell.io", - "password": "instead", - "verified": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.914521+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-9b577a9f", - "title": "POST /auth/register - [mass_assignment] financial probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /auth/register requestBody", - "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_FINANCIAL" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] financial probe", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "balance": 1, - "credits": 1, - "discount": 0, - "email": "waynedaniels@farrell.io", - "password": "instead", - "price": 1 - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.914523+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-be5d4ca2", - "title": "POST /auth/register - [mass_assignment] identity probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /auth/register requestBody", - "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_IDENTITY" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] identity probe", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "createdBy": "__probe__", - "email": "waynedaniels@farrell.io", - "ownerId": "__probe__", - "password": "instead", - "userId": "__probe__", - "user_id": "__probe__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.914525+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-31e0ac94", - "title": "POST /auth/register - [field_boundary] password valid_min", - "kind": "single", - "priority": "P1", - "tags": [ - "Auth" - ], - "source": { - "technique": "field_boundary", - "spec_path": "POST /auth/register requestBody.password", - "rationale": "field \"password\" boundary test: valid_min", - "scenario": "FIELD_BOUNDARY_VALID" - }, - "steps": [ - { - "id": "step-main", - "title": "[field_boundary] password valid_min", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "cedrickhermann@morales.org", - "password": "aaaaaaaa" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 200 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.914738+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-29d13f96", - "title": "POST /auth/register - [field_boundary] password invalid_below_min", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "field_boundary", - "spec_path": "POST /auth/register requestBody.password", - "rationale": "field \"password\" boundary test: invalid_below_min", - "scenario": "FIELD_BOUNDARY_INVALID" - }, - "steps": [ - { - "id": "step-main", - "title": "[field_boundary] password invalid_below_min", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "carmelmaldonado@schwartz.org", - "password": "aaaaaaa" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.914742+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b724df31", - "title": "POST /auth/register - [required_omission] email absent", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "required_omission", - "spec_path": "POST /auth/register requestBody.email", - "rationale": "required field \"email\" omitted entirely (not null) — server must reject with 4xx", - "scenario": "REQUIRED_OMISSION" - }, - "steps": [ - { - "id": "step-main", - "title": "[required_omission] email absent", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "password": "themselves" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.914845+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3d6d9a7d", - "title": "POST /auth/register - [required_omission] password absent", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "required_omission", - "spec_path": "POST /auth/register requestBody.password", - "rationale": "required field \"password\" omitted entirely (not null) — server must reject with 4xx", - "scenario": "REQUIRED_OMISSION" - }, - "steps": [ - { - "id": "step-main", - "title": "[required_omission] password absent", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "artperkins@smith.net" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.914849+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-cb06322f", - "title": "GET /api/me - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Auth" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "GET /api/me", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "GET", - "path": "/api/me", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.id", - "operator": "exists" - }, - { - "target": "body.role", - "operator": "exists" - }, - { - "target": "body.teams", - "operator": "exists" - }, - { - "target": "body.email", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.915053+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-16f4aef5", - "title": "[OWASP-API2] GET /api/me — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/me", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "GET", - "path": "/api/me", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.91512+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d5427a01", - "title": "GET /api/admin/teams/{id}/grants - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "GET /api/admin/teams/{id}/grants", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{id}/grants", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.outgoing", - "operator": "exists" - }, - { - "target": "body.incoming", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.915259+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-9c3bba1f", - "title": "[OWASP-API1] GET /api/admin/teams/{id}/grants — BOLA unauthorized access", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api1-bola" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/admin/teams/{id}/grants", - "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access other user's resource", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{{other_resource_id}}/grants", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.915325+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2dae98a0", - "title": "[OWASP-API2] GET /api/admin/teams/{id}/grants — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/admin/teams/{id}/grants", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{id}/grants", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.915327+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-269d7a97", - "title": "[OWASP-API7] GET /api/admin/teams/{id}/grants — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/admin/teams/{id}/grants", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/grants", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.915329+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a7917f13", - "title": "[OWASP-API7] GET /api/admin/teams/{id}/grants — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/admin/teams/{id}/grants", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/%27%20OR%201=1--/grants", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.915331+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b5400171", - "title": "[OWASP-API7] GET /api/admin/teams/{id}/grants — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/admin/teams/{id}/grants", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/grants", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.915334+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-aa4a85d2", - "title": "GET /api/admin/teams/{id}/grants - missing required param \"id\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "GET /api/admin/teams/{id}/grants parameters.id", - "rationale": "isolated failure: required param \"id\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"id\"", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/1/grants", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.915584+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1e7138b3", - "title": "GET /api/admin/teams/{id}/grants - IDOR id=99999 (alt_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "GET /api/admin/teams/{id}/grants parameters.id", - "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=99999 (alt_id)", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/99999/grants", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.915636+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-625bb61d", - "title": "GET /api/admin/teams/{id}/grants - IDOR id=0 (zero_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "GET /api/admin/teams/{id}/grants parameters.id", - "rationale": "IDOR probe: substituting id=0 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=0 (zero_id)", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/0/grants", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.915638+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-62bccfec", - "title": "POST /api/admin/teams/{id}/grants - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /api/admin/teams/{id}/grants", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "other" - ], - "expiresAt": "2020-03-12T16:50:23Z", - "granteeTeamId": "fcea5c7d-08df-4a6b-a40b-cc22936c70a6", - "granteeUserId": "4b66d87d-2a87-436a-9cba-cbd963fe3725", - "serviceId": "20931bd8-47ab-4a34-9161-aa0f41c54efd" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.id", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.915851+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-33636c2c", - "title": "POST /api/admin/teams/{id}/grants - missing required field \"serviceId\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.serviceId", - "rationale": "invalid equivalence class: required field \"serviceId\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"serviceId\"", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "lastly" - ], - "expiresAt": "2010-02-21T09:42:07Z", - "granteeTeamId": "54d614e8-78c4-4be4-8d58-6262bc0ed601", - "granteeUserId": "ebe6434a-7451-43df-a2a8-4ff4abc09840" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.915858+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-810053e8", - "title": "POST /api/admin/teams/{id}/grants - idempotent: second call must be safe", - "kind": "chain", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "idempotency", - "spec_path": "POST /api/admin/teams/{id}/grants", - "rationale": "POST is a write operation; test that repeat calls are safe" - }, - "steps": [ - { - "id": "step-setup", - "title": "POST /api/admin/teams/{id}/grants — first call", - "type": "setup", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "mercy" - ], - "expiresAt": "1999-12-17T23:28:47Z", - "granteeTeamId": "65e38a66-d932-4217-b7b6-b9d191c81aaf", - "granteeUserId": "41f62f9a-dcd8-4b25-86af-1c3d9ec30857", - "serviceId": "4926c858-e08e-4a3f-bf7b-0bb8e4309181" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - }, - { - "id": "step-test", - "title": "POST /api/admin/teams/{id}/grants — identical second call must be safe", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "mercy" - ], - "expiresAt": "1999-12-17T23:28:47Z", - "granteeTeamId": "65e38a66-d932-4217-b7b6-b9d191c81aaf", - "granteeUserId": "41f62f9a-dcd8-4b25-86af-1c3d9ec30857", - "serviceId": "4926c858-e08e-4a3f-bf7b-0bb8e4309181" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "labels": { - "type": "idempotency" - }, - "generated_at": "2026-05-06T21:30:41.916391+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-750fd5ab", - "title": "[OWASP-API1] POST /api/admin/teams/{id}/grants — BOLA unauthorized access", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api1-bola" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/teams/{id}/grants", - "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access other user's resource", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{{other_resource_id}}/grants", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.91642+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a5db835c", - "title": "[OWASP-API2] POST /api/admin/teams/{id}/grants — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/teams/{id}/grants", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.916425+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e74b3c2c", - "title": "[OWASP-API6] POST /api/admin/teams/{id}/grants — mass assignment", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api6-mass-assignment" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/teams/{id}/grants", - "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" - }, - "steps": [ - { - "id": "step-1", - "title": "inject read-only fields in body", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "might" - ], - "createdAt": "2000-01-01T00:00:00Z", - "expiresAt": "1904-11-16T00:21:56Z", - "granteeTeamId": "80cfeb39-de1f-4afc-b29b-dbf268b668eb", - "granteeUserId": "af0ce4e0-f8fb-4c7c-b929-9d7dfc463d99", - "id": 99999, - "serviceId": "3751ed85-6162-4db7-8287-4b7491018fb0", - "updatedAt": "2000-01-01T00:00:00Z" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 201 - }, - { - "target": "jsonpath $.id", - "operator": "ne", - "expected": 99999 - }, - { - "target": "jsonpath $.createdAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - }, - { - "target": "jsonpath $.updatedAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.916437+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c288f174", - "title": "[OWASP-API7] POST /api/admin/teams/{id}/grants — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/teams/{id}/grants", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/grants", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.91644+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ea6fd919", - "title": "[OWASP-API7] POST /api/admin/teams/{id}/grants — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/teams/{id}/grants", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/%27%20OR%201=1--/grants", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.916444+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-aa0b7128", - "title": "[OWASP-API7] POST /api/admin/teams/{id}/grants — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/teams/{id}/grants", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/grants", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.916447+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-62d899fa", - "title": "POST /api/admin/teams/{id}/grants - missing required field \"serviceId\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.serviceId", - "rationale": "isolated failure: only \"serviceId\" is absent; all other fields valid", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"serviceId\"", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "for" - ], - "expiresAt": "1953-03-29T14:02:05Z", - "granteeTeamId": "6d698330-9f66-45db-a309-61a79c0db5ba", - "granteeUserId": "8867a80d-0d36-4338-ae27-3e2177ebe961" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.91686+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-aee10eee", - "title": "POST /api/admin/teams/{id}/grants - missing required param \"id\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /api/admin/teams/{id}/grants parameters.id", - "rationale": "isolated failure: required param \"id\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"id\"", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/1/grants", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.916862+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4b79a206", - "title": "POST /api/admin/teams/{id}/grants - [schema_violation] serviceId_missing_required", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.serviceId", - "rationale": "required field \"serviceId\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] serviceId_missing_required", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "am" - ], - "expiresAt": "1970-08-02T20:53:06Z", - "granteeTeamId": "7a8e7c06-efab-4a89-8471-23bbf2a20eea", - "granteeUserId": "55b411ae-4ae9-4cf6-802a-a4a242203443" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.916955+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-9509a04a", - "title": "POST /api/admin/teams/{id}/grants - [schema_violation] expiresAt_invalid_format_date-time", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.expiresAt", - "rationale": "expiresAt=\"not-a-date\" violates format \"date-time\"" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] expiresAt_invalid_format_date-time", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "am" - ], - "expiresAt": "not-a-date", - "granteeTeamId": "7a8e7c06-efab-4a89-8471-23bbf2a20eea", - "granteeUserId": "55b411ae-4ae9-4cf6-802a-a4a242203443", - "serviceId": "435a1f1c-09a1-4465-b8ad-2053fa825257" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.916957+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3f1f0acd", - "title": "POST /api/admin/teams/{id}/grants - mutation: branches null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.branches", - "rationale": "field \"branches\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: branches → null value", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": null, - "expiresAt": "2008-02-06T15:08:34Z", - "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", - "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", - "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.917055+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-963f2d23", - "title": "POST /api/admin/teams/{id}/grants - mutation: branches string instead of array", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.branches", - "rationale": "field \"branches\" mutated with string instead of array; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: branches → string instead of array", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": "not-an-array", - "expiresAt": "2008-02-06T15:08:34Z", - "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", - "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", - "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.917057+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c0bd2a08", - "title": "POST /api/admin/teams/{id}/grants - mutation: branches object instead of array", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.branches", - "rationale": "field \"branches\" mutated with object instead of array; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: branches → object instead of array", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": {}, - "expiresAt": "2008-02-06T15:08:34Z", - "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", - "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", - "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.917058+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-759658e7", - "title": "POST /api/admin/teams/{id}/grants - mutation: expiresAt null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.expiresAt", - "rationale": "field \"expiresAt\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: expiresAt → null value", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "himself" - ], - "expiresAt": null, - "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", - "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", - "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.917061+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2894700e", - "title": "POST /api/admin/teams/{id}/grants - mutation: expiresAt empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.expiresAt", - "rationale": "field \"expiresAt\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: expiresAt → empty string", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "himself" - ], - "expiresAt": "", - "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", - "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", - "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.917063+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c03df9f9", - "title": "POST /api/admin/teams/{id}/grants - mutation: expiresAt integer instead of string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.expiresAt", - "rationale": "field \"expiresAt\" mutated with integer instead of string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: expiresAt → integer instead of string", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "himself" - ], - "expiresAt": 12345, - "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", - "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", - "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.917064+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-0ee96c4d", - "title": "POST /api/admin/teams/{id}/grants - mutation: expiresAt oversized string (300 chars)", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.expiresAt", - "rationale": "field \"expiresAt\" mutated with oversized string (300 chars); API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: expiresAt → oversized string (300 chars)", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "himself" - ], - "expiresAt": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", - "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", - "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.917067+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6260c870", - "title": "POST /api/admin/teams/{id}/grants - mutation: expiresAt invalid date format", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.expiresAt", - "rationale": "field \"expiresAt\" mutated with invalid date format; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: expiresAt → invalid date format", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "himself" - ], - "expiresAt": "not-a-date", - "granteeTeamId": "7147d6bf-cb22-4db1-b2c4-dfaecc9b5353", - "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", - "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.917068+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-0064709a", - "title": "POST /api/admin/teams/{id}/grants - mutation: granteeTeamId null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.granteeTeamId", - "rationale": "field \"granteeTeamId\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: granteeTeamId → null value", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "himself" - ], - "expiresAt": "2008-02-06T15:08:34Z", - "granteeTeamId": null, - "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", - "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.91707+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7d06efc6", - "title": "POST /api/admin/teams/{id}/grants - mutation: granteeTeamId empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.granteeTeamId", - "rationale": "field \"granteeTeamId\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: granteeTeamId → empty string", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "himself" - ], - "expiresAt": "2008-02-06T15:08:34Z", - "granteeTeamId": "", - "granteeUserId": "75344e9e-e685-43e6-adbc-d314f39096cb", - "serviceId": "b5523acd-dea4-47c8-826c-23ff81d46ccf" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.917072+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2571eb1b", - "title": "POST /api/admin/teams/{id}/grants - null injection: serviceId", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.serviceId", - "rationale": "field \"serviceId\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: serviceId", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "sari" - ], - "expiresAt": "1914-05-11T22:00:14Z", - "granteeTeamId": "bcaeb7d9-6d53-4be0-8f2e-d1beacfc2fa1", - "granteeUserId": "44099659-ceca-4310-b565-88e5257ae6f0", - "serviceId": null - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.917535+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e32391c6", - "title": "POST /api/admin/teams/{id}/grants - null injection: branches", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.branches", - "rationale": "field \"branches\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: branches", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": null, - "expiresAt": "1914-05-11T22:00:14Z", - "granteeTeamId": "bcaeb7d9-6d53-4be0-8f2e-d1beacfc2fa1", - "granteeUserId": "44099659-ceca-4310-b565-88e5257ae6f0", - "serviceId": "4e8d3cff-ce68-4019-af70-67a1bb961ec8" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.917537+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-df39db3e", - "title": "POST /api/admin/teams/{id}/grants - null injection: expiresAt", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.expiresAt", - "rationale": "field \"expiresAt\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: expiresAt", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "sari" - ], - "expiresAt": null, - "granteeTeamId": "bcaeb7d9-6d53-4be0-8f2e-d1beacfc2fa1", - "granteeUserId": "44099659-ceca-4310-b565-88e5257ae6f0", - "serviceId": "4e8d3cff-ce68-4019-af70-67a1bb961ec8" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.917539+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-63fd31b7", - "title": "POST /api/admin/teams/{id}/grants - null injection: granteeTeamId", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeTeamId", - "rationale": "field \"granteeTeamId\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: granteeTeamId", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "sari" - ], - "expiresAt": "1914-05-11T22:00:14Z", - "granteeTeamId": null, - "granteeUserId": "44099659-ceca-4310-b565-88e5257ae6f0", - "serviceId": "4e8d3cff-ce68-4019-af70-67a1bb961ec8" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.917541+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-593b0773", - "title": "POST /api/admin/teams/{id}/grants - null injection: granteeUserId", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeUserId", - "rationale": "field \"granteeUserId\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: granteeUserId", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "sari" - ], - "expiresAt": "1914-05-11T22:00:14Z", - "granteeTeamId": "bcaeb7d9-6d53-4be0-8f2e-d1beacfc2fa1", - "granteeUserId": null, - "serviceId": "4e8d3cff-ce68-4019-af70-67a1bb961ec8" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.917543+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a9ed456f", - "title": "POST /api/admin/teams/{id}/grants - wrong content-type (text/plain)", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody", - "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", - "scenario": "WRONG_CONTENT_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "wrong content-type (text/plain)", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "text/plain" - }, - "body": { - "branches": [ - "sari" - ], - "expiresAt": "1914-05-11T22:00:14Z", - "granteeTeamId": "bcaeb7d9-6d53-4be0-8f2e-d1beacfc2fa1", - "granteeUserId": "44099659-ceca-4310-b565-88e5257ae6f0", - "serviceId": "4e8d3cff-ce68-4019-af70-67a1bb961ec8" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 415 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.917544+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-291b984a", - "title": "POST /api/admin/teams/{id}/grants - [type_coercion] branches wrong_type_string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.branches", - "rationale": "field \"branches\" is array but receives wrong_type_string — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] branches wrong_type_string", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": "not_an_array", - "expiresAt": "2013-09-12T21:41:49Z", - "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", - "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", - "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.917829+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4440c404", - "title": "POST /api/admin/teams/{id}/grants - [type_coercion] expiresAt wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.expiresAt", - "rationale": "field \"expiresAt\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] expiresAt wrong_type_integer", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "bad" - ], - "expiresAt": 123, - "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", - "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", - "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.917831+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d73bcfa6", - "title": "POST /api/admin/teams/{id}/grants - [type_coercion] expiresAt wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.expiresAt", - "rationale": "field \"expiresAt\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] expiresAt wrong_type_boolean", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "bad" - ], - "expiresAt": true, - "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", - "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", - "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.917833+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-50132b05", - "title": "POST /api/admin/teams/{id}/grants - [type_coercion] granteeTeamId wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeTeamId", - "rationale": "field \"granteeTeamId\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] granteeTeamId wrong_type_integer", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "bad" - ], - "expiresAt": "2013-09-12T21:41:49Z", - "granteeTeamId": 123, - "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", - "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.917835+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8920e31f", - "title": "POST /api/admin/teams/{id}/grants - [type_coercion] granteeTeamId wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeTeamId", - "rationale": "field \"granteeTeamId\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] granteeTeamId wrong_type_boolean", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "bad" - ], - "expiresAt": "2013-09-12T21:41:49Z", - "granteeTeamId": true, - "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", - "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.917836+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3f9db72b", - "title": "POST /api/admin/teams/{id}/grants - [type_coercion] granteeUserId wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeUserId", - "rationale": "field \"granteeUserId\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] granteeUserId wrong_type_integer", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "bad" - ], - "expiresAt": "2013-09-12T21:41:49Z", - "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", - "granteeUserId": 123, - "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.917839+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1566fad3", - "title": "POST /api/admin/teams/{id}/grants - [type_coercion] granteeUserId wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeUserId", - "rationale": "field \"granteeUserId\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] granteeUserId wrong_type_boolean", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "bad" - ], - "expiresAt": "2013-09-12T21:41:49Z", - "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", - "granteeUserId": true, - "serviceId": "5d4bc090-b3d1-49ab-83a2-4855a8fbaee8" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.91784+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e98b7c31", - "title": "POST /api/admin/teams/{id}/grants - [type_coercion] serviceId wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.serviceId", - "rationale": "field \"serviceId\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] serviceId wrong_type_integer", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "bad" - ], - "expiresAt": "2013-09-12T21:41:49Z", - "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", - "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", - "serviceId": 123 - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.917842+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f4852904", - "title": "POST /api/admin/teams/{id}/grants - [type_coercion] serviceId wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.serviceId", - "rationale": "field \"serviceId\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] serviceId wrong_type_boolean", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "bad" - ], - "expiresAt": "2013-09-12T21:41:49Z", - "granteeTeamId": "caab12dc-a7c5-4aae-b5a0-a7bac0b2deab", - "granteeUserId": "a5671961-7609-4c30-865c-7e0cf0f5a413", - "serviceId": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.917846+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ed7d403f", - "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.expiresAt", - "rationale": "field \"expiresAt\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] expiresAt control_char", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "eye" - ], - "expiresAt": "hello\u0000world", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.918268+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c67b22d4", - "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.expiresAt", - "rationale": "field \"expiresAt\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] expiresAt zero_width", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "eye" - ], - "expiresAt": "​hello", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.91827+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-691f2024", - "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.expiresAt", - "rationale": "field \"expiresAt\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] expiresAt bidi_override", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "eye" - ], - "expiresAt": "‮hello", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.918272+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e80f6e77", - "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.expiresAt", - "rationale": "field \"expiresAt\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] expiresAt overlong", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "eye" - ], - "expiresAt": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.918273+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e8fa18b3", - "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] expiresAt zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.expiresAt", - "rationale": "field \"expiresAt\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] expiresAt zalgo", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "eye" - ], - "expiresAt": "z̀́̂̃̄̅̆̇a", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.918275+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d5595214", - "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeTeamId", - "rationale": "field \"granteeTeamId\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] granteeTeamId control_char", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "hello\u0000world", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.918278+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-28a0c8b4", - "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeTeamId", - "rationale": "field \"granteeTeamId\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] granteeTeamId zero_width", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "​hello", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.91828+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d197e84d", - "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeTeamId", - "rationale": "field \"granteeTeamId\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] granteeTeamId bidi_override", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "‮hello", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.918282+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4df41e59", - "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeTeamId", - "rationale": "field \"granteeTeamId\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] granteeTeamId overlong", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.918283+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-603eeaa8", - "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeTeamId zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeTeamId", - "rationale": "field \"granteeTeamId\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] granteeTeamId zalgo", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "z̀́̂̃̄̅̆̇a", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.918286+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-bb1058c5", - "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeUserId", - "rationale": "field \"granteeUserId\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] granteeUserId control_char", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "hello\u0000world", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.918288+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7f787ffd", - "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeUserId", - "rationale": "field \"granteeUserId\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] granteeUserId zero_width", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "​hello", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.91829+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-57831769", - "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeUserId", - "rationale": "field \"granteeUserId\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] granteeUserId bidi_override", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "‮hello", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.918292+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-81f35d0c", - "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeUserId", - "rationale": "field \"granteeUserId\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] granteeUserId overlong", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.918294+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7682a2d7", - "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] granteeUserId zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.granteeUserId", - "rationale": "field \"granteeUserId\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] granteeUserId zalgo", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "z̀́̂̃̄̅̆̇a", - "serviceId": "20b4459a-3c62-4892-9a64-1ee451cbd675" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.918295+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-aea6968a", - "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.serviceId", - "rationale": "field \"serviceId\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] serviceId control_char", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "hello\u0000world" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.918298+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c9798ccb", - "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.serviceId", - "rationale": "field \"serviceId\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] serviceId zero_width", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "​hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.9183+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-894450de", - "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.serviceId", - "rationale": "field \"serviceId\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] serviceId bidi_override", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "‮hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.918302+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ae4ea893", - "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.serviceId", - "rationale": "field \"serviceId\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] serviceId overlong", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.918304+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3b372657", - "title": "POST /api/admin/teams/{id}/grants - [unicode_fuzzing] serviceId zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.properties.serviceId", - "rationale": "field \"serviceId\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] serviceId zalgo", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "eye" - ], - "expiresAt": "1910-02-22T19:02:33Z", - "granteeTeamId": "2a53aa87-8c01-4d67-959b-fef4369d639b", - "granteeUserId": "2c643fc3-d35d-409a-9c59-573ae43f37e6", - "serviceId": "z̀́̂̃̄̅̆̇a" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.918306+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-eaaad8f0", - "title": "POST /api/admin/teams/{id}/grants - [mass_assignment] privilege probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody", - "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_PRIVILEGE" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] privilege probe", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "admin": true, - "branches": [ - "these" - ], - "expiresAt": "1935-06-17T15:07:26Z", - "granteeTeamId": "02c4dc55-7e2a-4090-a2d0-b4fed5e1277e", - "granteeUserId": "85fb4919-bc0a-470e-9fae-9fa164ef5b88", - "isAdmin": true, - "is_admin": true, - "role": "__probe__", - "serviceId": "b5371d8e-203f-403f-bbb6-ab0e4e8f8466" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.919269+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-54b93b94", - "title": "POST /api/admin/teams/{id}/grants - [mass_assignment] status probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody", - "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_STATUS" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] status probe", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "approved": true, - "banned": false, - "branches": [ - "these" - ], - "disabled": false, - "expiresAt": "1935-06-17T15:07:26Z", - "granteeTeamId": "02c4dc55-7e2a-4090-a2d0-b4fed5e1277e", - "granteeUserId": "85fb4919-bc0a-470e-9fae-9fa164ef5b88", - "serviceId": "b5371d8e-203f-403f-bbb6-ab0e4e8f8466", - "verified": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.919272+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8b55910b", - "title": "POST /api/admin/teams/{id}/grants - [mass_assignment] financial probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody", - "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_FINANCIAL" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] financial probe", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "balance": 1, - "branches": [ - "these" - ], - "credits": 1, - "discount": 0, - "expiresAt": "1935-06-17T15:07:26Z", - "granteeTeamId": "02c4dc55-7e2a-4090-a2d0-b4fed5e1277e", - "granteeUserId": "85fb4919-bc0a-470e-9fae-9fa164ef5b88", - "price": 1, - "serviceId": "b5371d8e-203f-403f-bbb6-ab0e4e8f8466" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.919275+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-74060ffe", - "title": "POST /api/admin/teams/{id}/grants - [mass_assignment] identity probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody", - "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_IDENTITY" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] identity probe", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "these" - ], - "createdBy": "__probe__", - "expiresAt": "1935-06-17T15:07:26Z", - "granteeTeamId": "02c4dc55-7e2a-4090-a2d0-b4fed5e1277e", - "granteeUserId": "85fb4919-bc0a-470e-9fae-9fa164ef5b88", - "ownerId": "__probe__", - "serviceId": "b5371d8e-203f-403f-bbb6-ab0e4e8f8466", - "userId": "__probe__", - "user_id": "__probe__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.919279+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-14f8c7cc", - "title": "POST /api/admin/teams/{id}/grants - IDOR id=99999 (alt_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "POST /api/admin/teams/{id}/grants parameters.id", - "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=99999 (alt_id)", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/99999/grants", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.919451+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-82f1376b", - "title": "POST /api/admin/teams/{id}/grants - IDOR id=0 (zero_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "POST /api/admin/teams/{id}/grants parameters.id", - "rationale": "IDOR probe: substituting id=0 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=0 (zero_id)", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/0/grants", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.919453+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-eb992221", - "title": "POST /api/admin/teams/{id}/grants - [required_omission] serviceId absent", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "required_omission", - "spec_path": "POST /api/admin/teams/{id}/grants requestBody.serviceId", - "rationale": "required field \"serviceId\" omitted entirely (not null) — server must reject with 4xx", - "scenario": "REQUIRED_OMISSION" - }, - "steps": [ - { - "id": "step-main", - "title": "[required_omission] serviceId absent", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "several" - ], - "expiresAt": "1989-03-13T15:48:36Z", - "granteeTeamId": "849dc625-c140-49ac-bf25-8a047cafbb78", - "granteeUserId": "f936f656-e5c6-4646-85ad-e56be5d8778e" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.919557+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f8bdece6", - "title": "GET /api/specs/:service/versions - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Specs" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "GET /api/specs/:service/versions", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "GET", - "path": "/api/specs/:service/versions", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.versions", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.91971+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-9b5eb037", - "title": "[OWASP-API2] GET /api/specs/:service/versions — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/specs/:service/versions", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "GET", - "path": "/api/specs/:service/versions", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.919779+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-cf42e9f4", - "title": "[OWASP-API7] GET /api/specs/:service/versions — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/specs/:service/versions", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "GET", - "path": "/api/specs/:service/versions", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.919781+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ffc707f5", - "title": "[OWASP-API7] GET /api/specs/:service/versions — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/specs/:service/versions", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "GET", - "path": "/api/specs/:service/versions", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.919783+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-106c80c0", - "title": "[OWASP-API7] GET /api/specs/:service/versions — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/specs/:service/versions", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "GET", - "path": "/api/specs/:service/versions", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.919785+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-95c1cee7", - "title": "GET /api/specs/:service/versions - missing required param \"service\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Specs" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "GET /api/specs/:service/versions parameters.service", - "rationale": "isolated failure: required param \"service\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"service\"", - "type": "test", - "method": "GET", - "path": "/api/specs/:service/versions?branch=valid", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.919968+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e71dd727", - "title": "GET /api/specs/:service/versions - missing required param \"branch\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Specs" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "GET /api/specs/:service/versions parameters.branch", - "rationale": "isolated failure: required param \"branch\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"branch\"", - "type": "test", - "method": "GET", - "path": "/api/specs/:service/versions", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.919971+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ae0a2dc3", - "title": "POST /api/admin/webhooks/:id/test - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /api/admin/webhooks/:id/test", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks/:id/test", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.ok", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.920147+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ff996bd3", - "title": "POST /api/admin/webhooks/:id/test - idempotent: second call must be safe", - "kind": "chain", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "idempotency", - "spec_path": "POST /api/admin/webhooks/:id/test", - "rationale": "POST is a write operation; test that repeat calls are safe" - }, - "steps": [ - { - "id": "step-setup", - "title": "POST /api/admin/webhooks/:id/test — first call", - "type": "setup", - "method": "POST", - "path": "/api/admin/webhooks/:id/test", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - }, - { - "id": "step-test", - "title": "POST /api/admin/webhooks/:id/test — identical second call must be safe", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks/:id/test", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "labels": { - "type": "idempotency" - }, - "generated_at": "2026-05-06T21:30:41.920214+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7054030e", - "title": "[OWASP-API2] POST /api/admin/webhooks/:id/test — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/webhooks/:id/test", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks/:id/test", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.920262+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e8743ba7", - "title": "[OWASP-API7] POST /api/admin/webhooks/:id/test — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/webhooks/:id/test", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks/:id/test", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.920264+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7a0227b0", - "title": "[OWASP-API7] POST /api/admin/webhooks/:id/test — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/webhooks/:id/test", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks/:id/test", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.920266+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6c16c87b", - "title": "[OWASP-API7] POST /api/admin/webhooks/:id/test — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/webhooks/:id/test", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks/:id/test", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.920267+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8f3b353e", - "title": "POST /api/admin/webhooks/:id/test - missing required param \"id\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /api/admin/webhooks/:id/test parameters.id", - "rationale": "isolated failure: required param \"id\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"id\"", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks/:id/test", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.920457+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-eb0b8c82", - "title": "POST /api/admin/webhooks/:id/test - IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "POST /api/admin/webhooks/:id/test parameters.id", - "rationale": "IDOR probe: substituting id=00000000-0000-0000-0000-000000000001 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid)", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks/:id/test", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.920504+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-33f46434", - "title": "POST /api/admin/webhooks/:id/test - IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "POST /api/admin/webhooks/:id/test parameters.id", - "rationale": "IDOR probe: substituting id=00000000-0000-0000-0000-000000000000 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid)", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks/:id/test", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.920506+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-03c20c58", - "title": "DELETE /api/admin/grants/{id} - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "DELETE /api/admin/grants/{id}", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "DELETE", - "path": "/api/admin/grants/{id}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.ok", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.920681+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1f6fc417", - "title": "DELETE /api/admin/grants/{id} - idempotent: second call must be safe", - "kind": "chain", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "idempotency", - "spec_path": "DELETE /api/admin/grants/{id}", - "rationale": "DELETE is a write operation; test that repeat calls are safe" - }, - "steps": [ - { - "id": "step-setup", - "title": "DELETE /api/admin/grants/{id} — first call", - "type": "setup", - "method": "DELETE", - "path": "/api/admin/grants/{id}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - }, - { - "id": "step-test", - "title": "DELETE /api/admin/grants/{id} — identical second call must be safe", - "type": "test", - "method": "DELETE", - "path": "/api/admin/grants/{id}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "labels": { - "type": "idempotency" - }, - "generated_at": "2026-05-06T21:30:41.920742+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d8d75c69", - "title": "[OWASP-API1] DELETE /api/admin/grants/{id} — BOLA unauthorized access", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api1-bola" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/grants/{id}", - "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access other user's resource", - "type": "test", - "method": "DELETE", - "path": "/api/admin/grants/{{other_resource_id}}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.920791+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2b26b1b2", - "title": "[OWASP-API2] DELETE /api/admin/grants/{id} — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/grants/{id}", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "DELETE", - "path": "/api/admin/grants/{id}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.920792+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7e26f4e3", - "title": "[OWASP-API7] DELETE /api/admin/grants/{id} — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/grants/{id}", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "DELETE", - "path": "/api/admin/grants/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.920794+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3883f876", - "title": "[OWASP-API7] DELETE /api/admin/grants/{id} — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/grants/{id}", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "DELETE", - "path": "/api/admin/grants/%27%20OR%201=1--", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.920798+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5cfaf557", - "title": "[OWASP-API7] DELETE /api/admin/grants/{id} — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/grants/{id}", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "DELETE", - "path": "/api/admin/grants/..%2F..%2F..%2Fetc%2Fpasswd", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.9208+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-57e2f5d8", - "title": "DELETE /api/admin/grants/{id} - missing required param \"id\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "DELETE /api/admin/grants/{id} parameters.id", - "rationale": "isolated failure: required param \"id\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"id\"", - "type": "test", - "method": "DELETE", - "path": "/api/admin/grants/1", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.921031+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b20f3be6", - "title": "DELETE /api/admin/grants/{id} - IDOR id=99999 (alt_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "DELETE /api/admin/grants/{id} parameters.id", - "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=99999 (alt_id)", - "type": "test", - "method": "DELETE", - "path": "/api/admin/grants/99999", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.92108+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c0c54349", - "title": "DELETE /api/admin/grants/{id} - IDOR id=0 (zero_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "DELETE /api/admin/grants/{id} parameters.id", - "rationale": "IDOR probe: substituting id=0 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=0 (zero_id)", - "type": "test", - "method": "DELETE", - "path": "/api/admin/grants/0", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.921081+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-138640de", - "title": "DELETE /api/tokens/{id} - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "DELETE /api/tokens/{id}", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "DELETE", - "path": "/api/tokens/{id}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.ok", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.921253+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ea338ec1", - "title": "DELETE /api/tokens/{id} - idempotent: second call must be safe", - "kind": "chain", - "priority": "P2", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "idempotency", - "spec_path": "DELETE /api/tokens/{id}", - "rationale": "DELETE is a write operation; test that repeat calls are safe" - }, - "steps": [ - { - "id": "step-setup", - "title": "DELETE /api/tokens/{id} — first call", - "type": "setup", - "method": "DELETE", - "path": "/api/tokens/{id}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - }, - { - "id": "step-test", - "title": "DELETE /api/tokens/{id} — identical second call must be safe", - "type": "test", - "method": "DELETE", - "path": "/api/tokens/{id}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "labels": { - "type": "idempotency" - }, - "generated_at": "2026-05-06T21:30:41.921314+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2d207a0d", - "title": "[OWASP-API1] DELETE /api/tokens/{id} — BOLA unauthorized access", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api1-bola" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/tokens/{id}", - "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access other user's resource", - "type": "test", - "method": "DELETE", - "path": "/api/tokens/{{other_resource_id}}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.921361+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-599ddef6", - "title": "[OWASP-API2] DELETE /api/tokens/{id} — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/tokens/{id}", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "DELETE", - "path": "/api/tokens/{id}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.921362+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ebab5e69", - "title": "[OWASP-API7] DELETE /api/tokens/{id} — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/tokens/{id}", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "DELETE", - "path": "/api/tokens/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.921364+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e54ea4ce", - "title": "[OWASP-API7] DELETE /api/tokens/{id} — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/tokens/{id}", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "DELETE", - "path": "/api/tokens/%27%20OR%201=1--", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.921366+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-85b86fe3", - "title": "[OWASP-API7] DELETE /api/tokens/{id} — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/tokens/{id}", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "DELETE", - "path": "/api/tokens/..%2F..%2F..%2Fetc%2Fpasswd", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.921367+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c2abfd5e", - "title": "DELETE /api/tokens/{id} - missing required param \"id\"", - "kind": "single", - "priority": "P1", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "DELETE /api/tokens/{id} parameters.id", - "rationale": "isolated failure: required param \"id\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"id\"", - "type": "test", - "method": "DELETE", - "path": "/api/tokens/1", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.921606+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-502920f7", - "title": "DELETE /api/tokens/{id} - IDOR id=99999 (alt_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "idor", - "spec_path": "DELETE /api/tokens/{id} parameters.id", - "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=99999 (alt_id)", - "type": "test", - "method": "DELETE", - "path": "/api/tokens/99999", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.921653+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d0e0481e", - "title": "DELETE /api/tokens/{id} - IDOR id=0 (zero_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "idor", - "spec_path": "DELETE /api/tokens/{id} parameters.id", - "rationale": "IDOR probe: substituting id=0 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=0 (zero_id)", - "type": "test", - "method": "DELETE", - "path": "/api/tokens/0", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.921655+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c3e5fa48", - "title": "GET /api/admin/webhooks - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "GET /api/admin/webhooks", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "GET", - "path": "/api/admin/webhooks", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.webhooks", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.921831+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ec46e5a8", - "title": "[OWASP-API2] GET /api/admin/webhooks — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/admin/webhooks", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "GET", - "path": "/api/admin/webhooks", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.921889+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-42a4fab4", - "title": "POST /api/admin/webhooks - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /api/admin/webhooks", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "set" - ], - "name": "Fletcher Mendez", - "providerType": "these", - "teamId": "7b7e7d08-a4c7-4b59-a185-b2a7b8576f2e", - "url": "http://www.nationalcross-platform.org/infomediaries/killer/technologies/frictionless" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.createdBy", - "operator": "exists" - }, - { - "target": "body.isActive", - "operator": "exists" - }, - { - "target": "body.providerType", - "operator": "exists" - }, - { - "target": "body.teamId", - "operator": "exists" - }, - { - "target": "body.name", - "operator": "exists" - }, - { - "target": "body.url", - "operator": "exists" - }, - { - "target": "body.createdAt", - "operator": "exists" - }, - { - "target": "body.id", - "operator": "exists" - }, - { - "target": "body.events", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.922029+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-45423b82", - "title": "POST /api/admin/webhooks - missing required field \"name\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /api/admin/webhooks requestBody.properties.name", - "rationale": "invalid equivalence class: required field \"name\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"name\"", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "Plutonian" - ], - "providerType": "choir", - "teamId": "5289bf89-a443-44f7-a319-2a66891988ac", - "url": "https://www.humandeploy.io/magnetic/roi/maximize/embrace" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.922044+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6ed0d9f4", - "title": "POST /api/admin/webhooks - missing required field \"url\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /api/admin/webhooks requestBody.properties.url", - "rationale": "invalid equivalence class: required field \"url\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"url\"", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "the" - ], - "name": "Carey Jimenez", - "providerType": "hourly", - "teamId": "68326c3d-2def-4030-9c4f-dfcb153eda58" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.92205+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d6a5b0c7", - "title": "POST /api/admin/webhooks - missing required field \"events\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /api/admin/webhooks requestBody.properties.events", - "rationale": "invalid equivalence class: required field \"events\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"events\"", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Rebecca Mann", - "providerType": "painter", - "teamId": "1485872f-38ec-4ac0-88b9-3d10f551b3a4", - "url": "https://www.chiefsyndicate.biz/utilize/deliverables/innovate/transition" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.922056+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-72f21135", - "title": "POST /api/admin/webhooks - name at min_valid boundary", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/admin/webhooks requestBody.properties.name", - "rationale": "boundary value analysis: name at min_valid", - "scenario": "STRING_MIN_LENGTH" - }, - "steps": [ - { - "id": "step-main", - "title": "name at min_valid boundary", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "these" - ], - "name": "u", - "providerType": "infrequently", - "teamId": "4a6f39f6-5059-431c-b5eb-9711769c6023", - "url": "http://www.juniorexpedite.com/partnerships" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.922238+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5b4327aa", - "title": "POST /api/admin/webhooks - name at min_minus_one_invalid boundary", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/admin/webhooks requestBody.properties.name", - "rationale": "boundary value analysis: name at min_minus_one_invalid", - "scenario": "STRING_BELOW_MIN" - }, - "steps": [ - { - "id": "step-main", - "title": "name at min_minus_one_invalid boundary", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "these" - ], - "name": "b", - "providerType": "infrequently", - "teamId": "4a6f39f6-5059-431c-b5eb-9711769c6023", - "url": "http://www.juniorexpedite.com/partnerships" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.922241+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d8fb6781", - "title": "POST /api/admin/webhooks - name at max_valid boundary", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/admin/webhooks requestBody.properties.name", - "rationale": "boundary value analysis: name at max_valid", - "scenario": "STRING_MAX_LENGTH" - }, - "steps": [ - { - "id": "step-main", - "title": "name at max_valid boundary", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "these" - ], - "name": "SncWFCUvZpQFNFdrRgNJvYbFANxRmLnQRwBDZqHrTHNxToOSzvIyMmzYXYNlTmqxqecveYPPJkHsbPGoaolHtERzLSSWSCxHgCRyXtiMrbXGLHWZPsGbytTNsOuzeJeHwrLudLzbVBdbBDdVDJAEXLewLKAlJsnbYaiuzbPulctRaehbdWqhpaxcUFmpSCgDEsQEUPqkVaYFLwaCaeKPlKLmHypHEUNlnmuYwzseXfFSYIVfMKOFtwTgnGGRbhK", - "providerType": "infrequently", - "teamId": "4a6f39f6-5059-431c-b5eb-9711769c6023", - "url": "http://www.juniorexpedite.com/partnerships" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.922249+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-94214268", - "title": "POST /api/admin/webhooks - name at max_plus_one_invalid boundary", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/admin/webhooks requestBody.properties.name", - "rationale": "boundary value analysis: name at max_plus_one_invalid", - "scenario": "STRING_ABOVE_MAX" - }, - "steps": [ - { - "id": "step-main", - "title": "name at max_plus_one_invalid boundary", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "these" - ], - "name": "IOYvYIBkAQYqFIqDJMZycrqRFIVCjZIMbSjDHSMaqySSJJGZbEevnwNUYIPXWkWwHWoWMoAdnxnBkAPWCFrpnBgxDdlsucOVjhDdRObECkUodPRyLJNwwstZUaRwXafrnWjLfrJjRGEeTNKnkRrBzcspeyWjjpHjsLvGfcgxXrgoqgfZptELkyLFdklDpBUEtlqfaHPyFoMWMGjhbPWSrFIuUhQHvQOZmItpXjLrWGQNFNXHxaZDTmDNLFhUJSOO", - "providerType": "infrequently", - "teamId": "4a6f39f6-5059-431c-b5eb-9711769c6023", - "url": "http://www.juniorexpedite.com/partnerships" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.922257+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-06e188f6", - "title": "POST /api/admin/webhooks - idempotent: second call must be safe", - "kind": "chain", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "idempotency", - "spec_path": "POST /api/admin/webhooks", - "rationale": "POST is a write operation; test that repeat calls are safe" - }, - "steps": [ - { - "id": "step-setup", - "title": "POST /api/admin/webhooks — first call", - "type": "setup", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "now" - ], - "name": "Anya Wright", - "providerType": "yesterday", - "teamId": "cd7a7947-5e97-4e0c-bd41-40373e8f332b", - "url": "http://www.primaryaction-items.org/enhance/deploy/interfaces" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - }, - { - "id": "step-test", - "title": "POST /api/admin/webhooks — identical second call must be safe", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "now" - ], - "name": "Anya Wright", - "providerType": "yesterday", - "teamId": "cd7a7947-5e97-4e0c-bd41-40373e8f332b", - "url": "http://www.primaryaction-items.org/enhance/deploy/interfaces" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "labels": { - "type": "idempotency" - }, - "generated_at": "2026-05-06T21:30:41.922434+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f690ca7e", - "title": "[OWASP-API2] POST /api/admin/webhooks — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/webhooks", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.922476+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1b59ba48", - "title": "[OWASP-API6] POST /api/admin/webhooks — mass assignment", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api6-mass-assignment" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/webhooks", - "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" - }, - "steps": [ - { - "id": "step-1", - "title": "inject read-only fields in body", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "createdAt": "2000-01-01T00:00:00Z", - "events": [ - "Lebanese" - ], - "id": 99999, - "name": "Rowan Bartell", - "providerType": "Polish", - "teamId": "5bfa6b50-a743-4866-b2b2-f649decc8c37", - "updatedAt": "2000-01-01T00:00:00Z", - "url": "https://www.regionalfacilitate.com/users/intuitive" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 201 - }, - { - "target": "jsonpath $.createdAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - }, - { - "target": "jsonpath $.updatedAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - }, - { - "target": "jsonpath $.id", - "operator": "ne", - "expected": 99999 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.922482+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a1a1e257", - "title": "[OWASP-API7] POST /api/admin/webhooks — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/webhooks", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "providerType": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.922484+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-03accab7", - "title": "[OWASP-API7] POST /api/admin/webhooks — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/webhooks", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "providerType": "' OR 1=1--" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.922485+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a39cab42", - "title": "[OWASP-API7] POST /api/admin/webhooks — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/webhooks", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "providerType": "../../../etc/passwd" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.922487+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-fa3b21f3", - "title": "[OWASP-API10] POST /api/admin/webhooks — SSRF", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api10-ssrf" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/admin/webhooks", - "rationale": "Inject internal URL http://127.0.0.1; server must validate and reject (400)" - }, - "steps": [ - { - "id": "step-1", - "title": "inject internal URL for SSRF", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "url": "http://127.0.0.1" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.922489+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6c83435b", - "title": "POST /api/admin/webhooks - missing required field \"name\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /api/admin/webhooks requestBody.properties.name", - "rationale": "isolated failure: only \"name\" is absent; all other fields valid", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"name\"", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "as" - ], - "providerType": "his", - "teamId": "4c031d9f-941f-4af7-bf94-9bb5b7ae85a3", - "url": "https://www.investormethodologies.net/maximize" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.922774+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f322285b", - "title": "POST /api/admin/webhooks - missing required field \"url\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /api/admin/webhooks requestBody.properties.url", - "rationale": "isolated failure: only \"url\" is absent; all other fields valid", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"url\"", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "as" - ], - "name": "Beulah Douglas", - "providerType": "his", - "teamId": "4c031d9f-941f-4af7-bf94-9bb5b7ae85a3" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.922776+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-dfcc1c56", - "title": "POST /api/admin/webhooks - missing required field \"events\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /api/admin/webhooks requestBody.properties.events", - "rationale": "isolated failure: only \"events\" is absent; all other fields valid", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"events\"", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Beulah Douglas", - "providerType": "his", - "teamId": "4c031d9f-941f-4af7-bf94-9bb5b7ae85a3", - "url": "https://www.investormethodologies.net/maximize" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.922777+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-41ef09da", - "title": "POST /api/admin/webhooks - invalid events: empty array violates minItems 1", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /api/admin/webhooks requestBody.properties.events", - "rationale": "isolated failure: only \"events\" is invalid (empty array violates minItems 1); all other fields valid", - "scenario": "ARRAY_MIN_ITEMS" - }, - "steps": [ - { - "id": "step-main", - "title": "invalid events: empty array violates minItems 1", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [], - "name": "Beulah Douglas", - "providerType": "his", - "teamId": "4c031d9f-941f-4af7-bf94-9bb5b7ae85a3", - "url": "https://www.investormethodologies.net/maximize" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.92278+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-86292ddb", - "title": "POST /api/admin/webhooks - invalid name: empty string violates minLength 1", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /api/admin/webhooks requestBody.properties.name", - "rationale": "isolated failure: only \"name\" is invalid (empty string violates minLength 1); all other fields valid", - "scenario": "STRING_BELOW_MIN" - }, - "steps": [ - { - "id": "step-main", - "title": "invalid name: empty string violates minLength 1", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "as" - ], - "name": "", - "providerType": "his", - "teamId": "4c031d9f-941f-4af7-bf94-9bb5b7ae85a3", - "url": "https://www.investormethodologies.net/maximize" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.922782+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7b8cab12", - "title": "POST /api/admin/webhooks - [schema_violation] name_missing_required", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /api/admin/webhooks requestBody.properties.name", - "rationale": "required field \"name\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] name_missing_required", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "hundred" - ], - "providerType": "me", - "teamId": "8afc12a7-a242-4e1f-b05b-4ade3fb01c0f", - "url": "https://www.legacyincubate.io/seize" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.92302+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4d32f3c3", - "title": "POST /api/admin/webhooks - [schema_violation] url_missing_required", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /api/admin/webhooks requestBody.properties.url", - "rationale": "required field \"url\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] url_missing_required", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "hundred" - ], - "name": "Raphael Davies", - "providerType": "me", - "teamId": "8afc12a7-a242-4e1f-b05b-4ade3fb01c0f" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.923021+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e4df148d", - "title": "POST /api/admin/webhooks - [schema_violation] events_missing_required", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /api/admin/webhooks requestBody.properties.events", - "rationale": "required field \"events\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] events_missing_required", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Raphael Davies", - "providerType": "me", - "teamId": "8afc12a7-a242-4e1f-b05b-4ade3fb01c0f", - "url": "https://www.legacyincubate.io/seize" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.923023+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b49ea6fa", - "title": "POST /api/admin/webhooks - [schema_violation] name_too_short", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /api/admin/webhooks requestBody.properties.name", - "rationale": "name is empty, violates minLength 1" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] name_too_short", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "hundred" - ], - "name": "", - "providerType": "me", - "teamId": "8afc12a7-a242-4e1f-b05b-4ade3fb01c0f", - "url": "https://www.legacyincubate.io/seize" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.923024+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a0bdf58b", - "title": "POST /api/admin/webhooks - [schema_violation] events_too_few_items", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /api/admin/webhooks requestBody.properties.events", - "rationale": "events=[] violates minItems 1" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] events_too_few_items", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [], - "name": "Raphael Davies", - "providerType": "me", - "teamId": "8afc12a7-a242-4e1f-b05b-4ade3fb01c0f", - "url": "https://www.legacyincubate.io/seize" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.923026+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2c34fbf1", - "title": "POST /api/admin/webhooks - mutation: events null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/webhooks requestBody.events", - "rationale": "field \"events\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: events → null value", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": null, - "name": "Javier Bogan", - "providerType": "regiment", - "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", - "url": "http://www.groupembrace.net/engage/best-of-breed/scale" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.923262+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-19783d1d", - "title": "POST /api/admin/webhooks - mutation: events string instead of array", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/webhooks requestBody.events", - "rationale": "field \"events\" mutated with string instead of array; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: events → string instead of array", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": "not-an-array", - "name": "Javier Bogan", - "providerType": "regiment", - "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", - "url": "http://www.groupembrace.net/engage/best-of-breed/scale" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.923264+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4a653004", - "title": "POST /api/admin/webhooks - mutation: events object instead of array", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/webhooks requestBody.events", - "rationale": "field \"events\" mutated with object instead of array; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: events → object instead of array", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": {}, - "name": "Javier Bogan", - "providerType": "regiment", - "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", - "url": "http://www.groupembrace.net/engage/best-of-breed/scale" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.923265+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b75000cd", - "title": "POST /api/admin/webhooks - mutation: name null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/webhooks requestBody.name", - "rationale": "field \"name\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: name → null value", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "this" - ], - "name": null, - "providerType": "regiment", - "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", - "url": "http://www.groupembrace.net/engage/best-of-breed/scale" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.923267+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f615d2a9", - "title": "POST /api/admin/webhooks - mutation: name empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/webhooks requestBody.name", - "rationale": "field \"name\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: name → empty string", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "this" - ], - "name": "", - "providerType": "regiment", - "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", - "url": "http://www.groupembrace.net/engage/best-of-breed/scale" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.923269+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-cf6c122c", - "title": "POST /api/admin/webhooks - mutation: name integer instead of string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/webhooks requestBody.name", - "rationale": "field \"name\" mutated with integer instead of string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: name → integer instead of string", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "this" - ], - "name": 12345, - "providerType": "regiment", - "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", - "url": "http://www.groupembrace.net/engage/best-of-breed/scale" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.923271+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5be879ce", - "title": "POST /api/admin/webhooks - mutation: name oversized string (300 chars)", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/webhooks requestBody.name", - "rationale": "field \"name\" mutated with oversized string (300 chars); API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: name → oversized string (300 chars)", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "this" - ], - "name": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "providerType": "regiment", - "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", - "url": "http://www.groupembrace.net/engage/best-of-breed/scale" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.923272+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-595d67fc", - "title": "POST /api/admin/webhooks - mutation: providerType null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/webhooks requestBody.providerType", - "rationale": "field \"providerType\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: providerType → null value", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "this" - ], - "name": "Javier Bogan", - "providerType": null, - "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", - "url": "http://www.groupembrace.net/engage/best-of-breed/scale" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.923274+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-9b991c26", - "title": "POST /api/admin/webhooks - mutation: providerType empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/webhooks requestBody.providerType", - "rationale": "field \"providerType\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: providerType → empty string", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "this" - ], - "name": "Javier Bogan", - "providerType": "", - "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", - "url": "http://www.groupembrace.net/engage/best-of-breed/scale" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.923275+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-83e13d1b", - "title": "POST /api/admin/webhooks - mutation: providerType integer instead of string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/admin/webhooks requestBody.providerType", - "rationale": "field \"providerType\" mutated with integer instead of string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: providerType → integer instead of string", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "this" - ], - "name": "Javier Bogan", - "providerType": 12345, - "teamId": "e174fc1d-b8a7-4b7c-936d-1a4ea32d8bd1", - "url": "http://www.groupembrace.net/engage/best-of-breed/scale" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.923277+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-52359f32", - "title": "POST /api/admin/webhooks - null injection: url", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/admin/webhooks requestBody.properties.url", - "rationale": "field \"url\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: url", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "from" - ], - "name": "Tanner Gardner", - "providerType": "patiently", - "teamId": "19ccbd87-5161-4a81-beda-3e6a1d5aa25e", - "url": null - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.923754+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-35254559", - "title": "POST /api/admin/webhooks - null injection: events", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/admin/webhooks requestBody.properties.events", - "rationale": "field \"events\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: events", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": null, - "name": "Tanner Gardner", - "providerType": "patiently", - "teamId": "19ccbd87-5161-4a81-beda-3e6a1d5aa25e", - "url": "https://www.seniorsynergies.info/one-to-one" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.923756+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-169dbf8c", - "title": "POST /api/admin/webhooks - null injection: name", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/admin/webhooks requestBody.properties.name", - "rationale": "field \"name\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: name", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "from" - ], - "name": null, - "providerType": "patiently", - "teamId": "19ccbd87-5161-4a81-beda-3e6a1d5aa25e", - "url": "https://www.seniorsynergies.info/one-to-one" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.923758+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d40094c4", - "title": "POST /api/admin/webhooks - null injection: providerType", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/admin/webhooks requestBody.properties.providerType", - "rationale": "field \"providerType\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: providerType", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "from" - ], - "name": "Tanner Gardner", - "providerType": null, - "teamId": "19ccbd87-5161-4a81-beda-3e6a1d5aa25e", - "url": "https://www.seniorsynergies.info/one-to-one" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.92376+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4f42ea82", - "title": "POST /api/admin/webhooks - null injection: teamId", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/admin/webhooks requestBody.properties.teamId", - "rationale": "field \"teamId\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: teamId", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "from" - ], - "name": "Tanner Gardner", - "providerType": "patiently", - "teamId": null, - "url": "https://www.seniorsynergies.info/one-to-one" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.923761+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7a40055b", - "title": "POST /api/admin/webhooks - wrong content-type (text/plain)", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/admin/webhooks requestBody", - "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", - "scenario": "WRONG_CONTENT_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "wrong content-type (text/plain)", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "text/plain" - }, - "body": { - "events": [ - "from" - ], - "name": "Tanner Gardner", - "providerType": "patiently", - "teamId": "19ccbd87-5161-4a81-beda-3e6a1d5aa25e", - "url": "https://www.seniorsynergies.info/one-to-one" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 415 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.923763+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-07b6f191", - "title": "POST /api/admin/webhooks - [type_coercion] events wrong_type_string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/webhooks requestBody.properties.events", - "rationale": "field \"events\" is array but receives wrong_type_string — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] events wrong_type_string", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": "not_an_array", - "name": "Horace Evans", - "providerType": "impress", - "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", - "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924044+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-39c60504", - "title": "POST /api/admin/webhooks - [type_coercion] name wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/webhooks requestBody.properties.name", - "rationale": "field \"name\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] name wrong_type_integer", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "improvised" - ], - "name": 123, - "providerType": "impress", - "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", - "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924046+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-49b71fc3", - "title": "POST /api/admin/webhooks - [type_coercion] name wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/webhooks requestBody.properties.name", - "rationale": "field \"name\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] name wrong_type_boolean", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "improvised" - ], - "name": true, - "providerType": "impress", - "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", - "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924048+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e227c019", - "title": "POST /api/admin/webhooks - [type_coercion] providerType wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/webhooks requestBody.properties.providerType", - "rationale": "field \"providerType\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] providerType wrong_type_integer", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "improvised" - ], - "name": "Horace Evans", - "providerType": 123, - "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", - "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.92405+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2f2c0975", - "title": "POST /api/admin/webhooks - [type_coercion] providerType wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/webhooks requestBody.properties.providerType", - "rationale": "field \"providerType\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] providerType wrong_type_boolean", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "improvised" - ], - "name": "Horace Evans", - "providerType": true, - "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", - "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924052+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5db01d88", - "title": "POST /api/admin/webhooks - [type_coercion] teamId wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/webhooks requestBody.properties.teamId", - "rationale": "field \"teamId\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] teamId wrong_type_integer", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "improvised" - ], - "name": "Horace Evans", - "providerType": "impress", - "teamId": 123, - "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924057+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b27447cc", - "title": "POST /api/admin/webhooks - [type_coercion] teamId wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/webhooks requestBody.properties.teamId", - "rationale": "field \"teamId\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] teamId wrong_type_boolean", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "improvised" - ], - "name": "Horace Evans", - "providerType": "impress", - "teamId": true, - "url": "https://www.productplatforms.com/impactful/turn-key/infrastructures/integrate" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924059+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ea2aab8e", - "title": "POST /api/admin/webhooks - [type_coercion] url wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/webhooks requestBody.properties.url", - "rationale": "field \"url\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] url wrong_type_integer", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "improvised" - ], - "name": "Horace Evans", - "providerType": "impress", - "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", - "url": 123 - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924061+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2d482d43", - "title": "POST /api/admin/webhooks - [type_coercion] url wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/admin/webhooks requestBody.properties.url", - "rationale": "field \"url\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] url wrong_type_boolean", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "improvised" - ], - "name": "Horace Evans", - "providerType": "impress", - "teamId": "f82e8b17-baa1-4aef-a496-6b602b3c5f43", - "url": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924062+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5943393b", - "title": "POST /api/admin/webhooks - [unicode_fuzzing] name control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/webhooks requestBody.properties.name", - "rationale": "field \"name\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] name control_char", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "you" - ], - "name": "hello\u0000world", - "providerType": "anyway", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924493+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2a6bf0cb", - "title": "POST /api/admin/webhooks - [unicode_fuzzing] name zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/webhooks requestBody.properties.name", - "rationale": "field \"name\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] name zero_width", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "you" - ], - "name": "​hello", - "providerType": "anyway", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924495+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-07e9eae2", - "title": "POST /api/admin/webhooks - [unicode_fuzzing] name bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/webhooks requestBody.properties.name", - "rationale": "field \"name\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] name bidi_override", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "you" - ], - "name": "‮hello", - "providerType": "anyway", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924498+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-bee28f66", - "title": "POST /api/admin/webhooks - [unicode_fuzzing] name overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/webhooks requestBody.properties.name", - "rationale": "field \"name\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] name overlong", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "you" - ], - "name": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "providerType": "anyway", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924499+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a7f8f480", - "title": "POST /api/admin/webhooks - [unicode_fuzzing] name zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/webhooks requestBody.properties.name", - "rationale": "field \"name\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] name zalgo", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "you" - ], - "name": "z̀́̂̃̄̅̆̇a", - "providerType": "anyway", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924501+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-dc945e0e", - "title": "POST /api/admin/webhooks - [unicode_fuzzing] providerType control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/webhooks requestBody.properties.providerType", - "rationale": "field \"providerType\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] providerType control_char", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "hello\u0000world", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924504+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e32282d7", - "title": "POST /api/admin/webhooks - [unicode_fuzzing] providerType zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/webhooks requestBody.properties.providerType", - "rationale": "field \"providerType\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] providerType zero_width", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "​hello", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924506+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8724a676", - "title": "POST /api/admin/webhooks - [unicode_fuzzing] providerType bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/webhooks requestBody.properties.providerType", - "rationale": "field \"providerType\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] providerType bidi_override", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "‮hello", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924507+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2cc3a01a", - "title": "POST /api/admin/webhooks - [unicode_fuzzing] providerType overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/webhooks requestBody.properties.providerType", - "rationale": "field \"providerType\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] providerType overlong", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924509+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-07152569", - "title": "POST /api/admin/webhooks - [unicode_fuzzing] providerType zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/webhooks requestBody.properties.providerType", - "rationale": "field \"providerType\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] providerType zalgo", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "z̀́̂̃̄̅̆̇a", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924511+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f031554f", - "title": "POST /api/admin/webhooks - [unicode_fuzzing] teamId control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/webhooks requestBody.properties.teamId", - "rationale": "field \"teamId\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] teamId control_char", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "anyway", - "teamId": "hello\u0000world", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924513+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3128deb0", - "title": "POST /api/admin/webhooks - [unicode_fuzzing] teamId zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/webhooks requestBody.properties.teamId", - "rationale": "field \"teamId\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] teamId zero_width", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "anyway", - "teamId": "​hello", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924515+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-0c229c2d", - "title": "POST /api/admin/webhooks - [unicode_fuzzing] teamId bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/webhooks requestBody.properties.teamId", - "rationale": "field \"teamId\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] teamId bidi_override", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "anyway", - "teamId": "‮hello", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924516+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7de8af57", - "title": "POST /api/admin/webhooks - [unicode_fuzzing] teamId overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/webhooks requestBody.properties.teamId", - "rationale": "field \"teamId\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] teamId overlong", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "anyway", - "teamId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924518+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-bba333a6", - "title": "POST /api/admin/webhooks - [unicode_fuzzing] teamId zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/webhooks requestBody.properties.teamId", - "rationale": "field \"teamId\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] teamId zalgo", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "anyway", - "teamId": "z̀́̂̃̄̅̆̇a", - "url": "https://www.futureb2c.biz/viral/vortals/clicks-and-mortar" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924519+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c4479bd1", - "title": "POST /api/admin/webhooks - [unicode_fuzzing] url control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/webhooks requestBody.properties.url", - "rationale": "field \"url\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] url control_char", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "anyway", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "hello\u0000world" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924521+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d101973c", - "title": "POST /api/admin/webhooks - [unicode_fuzzing] url zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/webhooks requestBody.properties.url", - "rationale": "field \"url\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] url zero_width", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "anyway", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "​hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924523+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-caf839d6", - "title": "POST /api/admin/webhooks - [unicode_fuzzing] url bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/webhooks requestBody.properties.url", - "rationale": "field \"url\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] url bidi_override", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "anyway", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "‮hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924525+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-132333e4", - "title": "POST /api/admin/webhooks - [unicode_fuzzing] url overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/webhooks requestBody.properties.url", - "rationale": "field \"url\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] url overlong", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "anyway", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924527+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6343c227", - "title": "POST /api/admin/webhooks - [unicode_fuzzing] url zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/admin/webhooks requestBody.properties.url", - "rationale": "field \"url\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] url zalgo", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "you" - ], - "name": "Anika Lane", - "providerType": "anyway", - "teamId": "70da9d0e-d12a-4d62-a990-03d8a490c890", - "url": "z̀́̂̃̄̅̆̇a" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.924529+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f5c743f7", - "title": "POST /api/admin/webhooks - [mass_assignment] privilege probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/admin/webhooks requestBody", - "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_PRIVILEGE" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] privilege probe", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "admin": true, - "events": [ - "actor" - ], - "isAdmin": true, - "is_admin": true, - "name": "Agustina McKenzie", - "providerType": "eye", - "role": "__probe__", - "teamId": "304932c0-8102-4bb0-bd20-eb20fbf9ab2f", - "url": "http://www.vicemethodologies.com/virtual/metrics" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.925489+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-33b56375", - "title": "POST /api/admin/webhooks - [mass_assignment] status probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/admin/webhooks requestBody", - "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_STATUS" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] status probe", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "approved": true, - "banned": false, - "disabled": false, - "events": [ - "actor" - ], - "name": "Agustina McKenzie", - "providerType": "eye", - "teamId": "304932c0-8102-4bb0-bd20-eb20fbf9ab2f", - "url": "http://www.vicemethodologies.com/virtual/metrics", - "verified": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.925492+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-241955ee", - "title": "POST /api/admin/webhooks - [mass_assignment] financial probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/admin/webhooks requestBody", - "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_FINANCIAL" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] financial probe", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "balance": 1, - "credits": 1, - "discount": 0, - "events": [ - "actor" - ], - "name": "Agustina McKenzie", - "price": 1, - "providerType": "eye", - "teamId": "304932c0-8102-4bb0-bd20-eb20fbf9ab2f", - "url": "http://www.vicemethodologies.com/virtual/metrics" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.925494+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-30b18c5f", - "title": "POST /api/admin/webhooks - [mass_assignment] identity probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/admin/webhooks requestBody", - "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_IDENTITY" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] identity probe", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "createdBy": "__probe__", - "events": [ - "actor" - ], - "name": "Agustina McKenzie", - "ownerId": "__probe__", - "providerType": "eye", - "teamId": "304932c0-8102-4bb0-bd20-eb20fbf9ab2f", - "url": "http://www.vicemethodologies.com/virtual/metrics", - "userId": "__probe__", - "user_id": "__probe__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.925496+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-85b28596", - "title": "POST /api/admin/webhooks - [field_boundary] name valid_min", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "field_boundary", - "spec_path": "POST /api/admin/webhooks requestBody.name", - "rationale": "field \"name\" boundary test: valid_min", - "scenario": "FIELD_BOUNDARY_VALID" - }, - "steps": [ - { - "id": "step-main", - "title": "[field_boundary] name valid_min", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "that" - ], - "name": "a", - "providerType": "year", - "teamId": "2078e75e-ac88-4a37-93b9-0aad2a57623c", - "url": "http://www.principalinteractive.net/turn-key/redefine" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 200 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.925669+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7b9e5b4d", - "title": "POST /api/admin/webhooks - [field_boundary] name invalid_below_min", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "field_boundary", - "spec_path": "POST /api/admin/webhooks requestBody.name", - "rationale": "field \"name\" boundary test: invalid_below_min", - "scenario": "FIELD_BOUNDARY_INVALID" - }, - "steps": [ - { - "id": "step-main", - "title": "[field_boundary] name invalid_below_min", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "regularly" - ], - "name": "", - "providerType": "pen", - "teamId": "8e786d80-b9b5-471b-8643-4dea8db9db45", - "url": "http://www.seniorb2b.io/webservices/repurpose/mindshare" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.925677+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-09946d4c", - "title": "POST /api/admin/webhooks - [required_omission] events absent", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "required_omission", - "spec_path": "POST /api/admin/webhooks requestBody.events", - "rationale": "required field \"events\" omitted entirely (not null) — server must reject with 4xx", - "scenario": "REQUIRED_OMISSION" - }, - "steps": [ - { - "id": "step-main", - "title": "[required_omission] events absent", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Molly Hudson", - "providerType": "next", - "teamId": "6c927896-300a-4cc9-a530-93b2a15d5633", - "url": "http://www.humanusers.name/engage" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.925763+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d0373487", - "title": "POST /api/admin/webhooks - [required_omission] name absent", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "required_omission", - "spec_path": "POST /api/admin/webhooks requestBody.name", - "rationale": "required field \"name\" omitted entirely (not null) — server must reject with 4xx", - "scenario": "REQUIRED_OMISSION" - }, - "steps": [ - { - "id": "step-main", - "title": "[required_omission] name absent", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "it" - ], - "providerType": "few", - "teamId": "949cf797-62f1-45ef-9b37-71379d7223ec", - "url": "http://www.regionalproactive.io/scalable" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.925769+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6d3bc221", - "title": "POST /api/admin/webhooks - [required_omission] url absent", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "required_omission", - "spec_path": "POST /api/admin/webhooks requestBody.url", - "rationale": "required field \"url\" omitted entirely (not null) — server must reject with 4xx", - "scenario": "REQUIRED_OMISSION" - }, - "steps": [ - { - "id": "step-main", - "title": "[required_omission] url absent", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "last" - ], - "name": "Alvina Powell", - "providerType": "itself", - "teamId": "3652daaf-fcaf-461d-97f6-ccc7da39f569" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.925774+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f98b2b82", - "title": "GET /api/diff - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Specs" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "GET /api/diff", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "GET", - "path": "/api/diff", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.added", - "operator": "exists" - }, - { - "target": "body.modified", - "operator": "exists" - }, - { - "target": "body.removed", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.926235+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f6e6d81e", - "title": "[OWASP-API2] GET /api/diff — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/diff", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "GET", - "path": "/api/diff", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.926255+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1fb05370", - "title": "[OWASP-API7] GET /api/diff — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/diff", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "GET", - "path": "/api/diff?from=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.92626+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2add12cf", - "title": "[OWASP-API7] GET /api/diff — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/diff", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "GET", - "path": "/api/diff?from=%27+OR+1%3D1--", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.926263+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d2e88748", - "title": "[OWASP-API7] GET /api/diff — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/diff", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "GET", - "path": "/api/diff?from=..%2F..%2F..%2Fetc%2Fpasswd", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.926269+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-436315da", - "title": "GET /api/diff - missing required param \"from\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Specs" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "GET /api/diff parameters.from", - "rationale": "isolated failure: required param \"from\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"from\"", - "type": "test", - "method": "GET", - "path": "/api/diff?to=valid", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.926713+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-592a212d", - "title": "GET /api/diff - missing required param \"to\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Specs" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "GET /api/diff parameters.to", - "rationale": "isolated failure: required param \"to\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"to\"", - "type": "test", - "method": "GET", - "path": "/api/diff?from=valid", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.926717+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-486e8c2a", - "title": "POST /auth/login - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Auth" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /auth/login", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "ezrahowell@franklin.biz", - "password": "work" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.role", - "operator": "exists" - }, - { - "target": "body.token", - "operator": "exists" - }, - { - "target": "body.userId", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.926917+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4cc99b0c", - "title": "POST /auth/login - missing required field \"email\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Auth" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /auth/login requestBody.properties.email", - "rationale": "invalid equivalence class: required field \"email\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"email\"", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "password": "fuel" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.926924+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-70187e79", - "title": "POST /auth/login - missing required field \"password\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Auth" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /auth/login requestBody.properties.password", - "rationale": "invalid equivalence class: required field \"password\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"password\"", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "montemendez@campbell.name" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.926928+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-dc706f80", - "title": "POST /auth/login - idempotent: second call must be safe", - "kind": "chain", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "idempotency", - "spec_path": "POST /auth/login", - "rationale": "POST is a write operation; test that repeat calls are safe" - }, - "steps": [ - { - "id": "step-setup", - "title": "POST /auth/login — first call", - "type": "setup", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "arvidhanson@deckow.com", - "password": "thoughtful" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - }, - { - "id": "step-test", - "title": "POST /auth/login — identical second call must be safe", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "arvidhanson@deckow.com", - "password": "thoughtful" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "labels": { - "type": "idempotency" - }, - "generated_at": "2026-05-06T21:30:41.92709+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-09c747ae", - "title": "[OWASP-API6] POST /auth/login — mass assignment", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api6-mass-assignment" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /auth/login", - "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" - }, - "steps": [ - { - "id": "step-1", - "title": "inject read-only fields in body", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "createdAt": "2000-01-01T00:00:00Z", - "email": "eddhanson@thomas.net", - "id": 99999, - "password": "we", - "updatedAt": "2000-01-01T00:00:00Z" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 201 - }, - { - "target": "jsonpath $.id", - "operator": "ne", - "expected": 99999 - }, - { - "target": "jsonpath $.createdAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - }, - { - "target": "jsonpath $.updatedAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.927143+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d41b3855", - "title": "[OWASP-API7] POST /auth/login — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /auth/login", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.927145+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-504b6c9e", - "title": "[OWASP-API7] POST /auth/login — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /auth/login", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "' OR 1=1--" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.927146+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c3fc26dc", - "title": "[OWASP-API7] POST /auth/login — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /auth/login", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "../../../etc/passwd" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.927152+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-9b253ab6", - "title": "POST /auth/login - missing required field \"email\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Auth" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /auth/login requestBody.properties.email", - "rationale": "isolated failure: only \"email\" is absent; all other fields valid", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"email\"", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "password": "sigh" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.927335+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a6bbbeb7", - "title": "POST /auth/login - missing required field \"password\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Auth" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /auth/login requestBody.properties.password", - "rationale": "isolated failure: only \"password\" is absent; all other fields valid", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"password\"", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "ebonysilva@mendez.info" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.927337+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2286db52", - "title": "POST /auth/login - invalid email: invalid email format", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /auth/login requestBody.properties.email", - "rationale": "isolated failure: only \"email\" is invalid (invalid email format); all other fields valid", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "invalid email: invalid email format", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "not-an-email", - "password": "sigh" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.927339+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-46bb3d69", - "title": "POST /auth/login - [schema_violation] email_missing_required", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /auth/login requestBody.properties.email", - "rationale": "required field \"email\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] email_missing_required", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "password": "eye" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.927481+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5bddd51c", - "title": "POST /auth/login - [schema_violation] password_missing_required", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /auth/login requestBody.properties.password", - "rationale": "required field \"password\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] password_missing_required", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "clovissoto@clay.io" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.927483+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-891b32a4", - "title": "POST /auth/login - [schema_violation] email_invalid_format_email", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /auth/login requestBody.properties.email", - "rationale": "email=\"not-an-email\" violates format \"email\"" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] email_invalid_format_email", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "not-an-email", - "password": "eye" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.927484+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b5693707", - "title": "POST /auth/login - mutation: email null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /auth/login requestBody.email", - "rationale": "field \"email\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: email → null value", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": null, - "password": "staff" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.927616+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-81062c2f", - "title": "POST /auth/login - mutation: email empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /auth/login requestBody.email", - "rationale": "field \"email\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: email → empty string", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "", - "password": "staff" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.927618+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d7ccf79e", - "title": "POST /auth/login - mutation: email integer instead of string", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /auth/login requestBody.email", - "rationale": "field \"email\" mutated with integer instead of string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: email → integer instead of string", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": 12345, - "password": "staff" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.92762+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7f53df98", - "title": "POST /auth/login - mutation: email oversized string (300 chars)", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /auth/login requestBody.email", - "rationale": "field \"email\" mutated with oversized string (300 chars); API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: email → oversized string (300 chars)", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "password": "staff" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.927622+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6926df81", - "title": "POST /auth/login - mutation: email invalid email format", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /auth/login requestBody.email", - "rationale": "field \"email\" mutated with invalid email format; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: email → invalid email format", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "not-an-email", - "password": "staff" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.927624+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b531d0ea", - "title": "POST /auth/login - mutation: password null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /auth/login requestBody.password", - "rationale": "field \"password\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: password → null value", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "naomipierce@lewis.biz", - "password": null - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.927626+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a0ca01b6", - "title": "POST /auth/login - mutation: password empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /auth/login requestBody.password", - "rationale": "field \"password\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: password → empty string", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "naomipierce@lewis.biz", - "password": "" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.927627+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f16c5d8d", - "title": "POST /auth/login - mutation: password integer instead of string", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /auth/login requestBody.password", - "rationale": "field \"password\" mutated with integer instead of string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: password → integer instead of string", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "naomipierce@lewis.biz", - "password": 12345 - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.927629+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-acbb9354", - "title": "POST /auth/login - mutation: password oversized string (300 chars)", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /auth/login requestBody.password", - "rationale": "field \"password\" mutated with oversized string (300 chars); API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: password → oversized string (300 chars)", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "naomipierce@lewis.biz", - "password": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.92763+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a1de0446", - "title": "POST /auth/login - null injection: email", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /auth/login requestBody.properties.email", - "rationale": "field \"email\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: email", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": null, - "password": "float" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.928014+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-191c3a5b", - "title": "POST /auth/login - null injection: password", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /auth/login requestBody.properties.password", - "rationale": "field \"password\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: password", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "ottonorris@sullivan.com", - "password": null - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.928016+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ea0be7b9", - "title": "POST /auth/login - wrong content-type (text/plain)", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /auth/login requestBody", - "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", - "scenario": "WRONG_CONTENT_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "wrong content-type (text/plain)", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "text/plain" - }, - "body": { - "email": "ottonorris@sullivan.com", - "password": "float" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 415 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.928018+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2e0174b6", - "title": "POST /auth/login - [type_coercion] email wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /auth/login requestBody.properties.email", - "rationale": "field \"email\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] email wrong_type_integer", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": 123, - "password": "whole" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.928153+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-91a4d98b", - "title": "POST /auth/login - [type_coercion] email wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /auth/login requestBody.properties.email", - "rationale": "field \"email\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] email wrong_type_boolean", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": true, - "password": "whole" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.928155+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-28167496", - "title": "POST /auth/login - [type_coercion] password wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /auth/login requestBody.properties.password", - "rationale": "field \"password\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] password wrong_type_integer", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "lunasaunders@greene.net", - "password": 123 - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.928157+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5c25d6d2", - "title": "POST /auth/login - [type_coercion] password wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /auth/login requestBody.properties.password", - "rationale": "field \"password\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] password wrong_type_boolean", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "lunasaunders@greene.net", - "password": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.928159+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ce646cde", - "title": "POST /auth/login - [unicode_fuzzing] email control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Auth" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /auth/login requestBody.properties.email", - "rationale": "field \"email\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] email control_char", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "hello\u0000world", - "password": "themselves" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.928344+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e4c515d2", - "title": "POST /auth/login - [unicode_fuzzing] email zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Auth" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /auth/login requestBody.properties.email", - "rationale": "field \"email\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] email zero_width", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "​hello", - "password": "themselves" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.928346+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-08bd8265", - "title": "POST /auth/login - [unicode_fuzzing] email bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Auth" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /auth/login requestBody.properties.email", - "rationale": "field \"email\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] email bidi_override", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "‮hello", - "password": "themselves" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.928348+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1951562a", - "title": "POST /auth/login - [unicode_fuzzing] email overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Auth" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /auth/login requestBody.properties.email", - "rationale": "field \"email\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] email overlong", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "password": "themselves" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.928352+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1091cce6", - "title": "POST /auth/login - [unicode_fuzzing] email zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Auth" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /auth/login requestBody.properties.email", - "rationale": "field \"email\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] email zalgo", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "z̀́̂̃̄̅̆̇a", - "password": "themselves" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.928354+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3fbdbf7e", - "title": "POST /auth/login - [unicode_fuzzing] password control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Auth" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /auth/login requestBody.properties.password", - "rationale": "field \"password\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] password control_char", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "lilyperez@allen.io", - "password": "hello\u0000world" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.928357+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4e879dad", - "title": "POST /auth/login - [unicode_fuzzing] password zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Auth" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /auth/login requestBody.properties.password", - "rationale": "field \"password\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] password zero_width", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "lilyperez@allen.io", - "password": "​hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.928358+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-dc3d45d4", - "title": "POST /auth/login - [unicode_fuzzing] password bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Auth" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /auth/login requestBody.properties.password", - "rationale": "field \"password\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] password bidi_override", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "lilyperez@allen.io", - "password": "‮hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.92836+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b2225a4c", - "title": "POST /auth/login - [unicode_fuzzing] password overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Auth" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /auth/login requestBody.properties.password", - "rationale": "field \"password\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] password overlong", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "lilyperez@allen.io", - "password": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.928362+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7329e86c", - "title": "POST /auth/login - [unicode_fuzzing] password zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Auth" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /auth/login requestBody.properties.password", - "rationale": "field \"password\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] password zalgo", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "lilyperez@allen.io", - "password": "z̀́̂̃̄̅̆̇a" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.928364+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f4f54666", - "title": "POST /auth/login - [mass_assignment] privilege probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /auth/login requestBody", - "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_PRIVILEGE" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] privilege probe", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "admin": true, - "email": "kriswong@koch.io", - "isAdmin": true, - "is_admin": true, - "password": "us", - "role": "__probe__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.928801+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f197447f", - "title": "POST /auth/login - [mass_assignment] status probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /auth/login requestBody", - "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_STATUS" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] status probe", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "approved": true, - "banned": false, - "disabled": false, - "email": "kriswong@koch.io", - "password": "us", - "verified": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.928803+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5bcafac5", - "title": "POST /auth/login - [mass_assignment] financial probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /auth/login requestBody", - "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_FINANCIAL" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] financial probe", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "balance": 1, - "credits": 1, - "discount": 0, - "email": "kriswong@koch.io", - "password": "us", - "price": 1 - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.928804+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4c0c3203", - "title": "POST /auth/login - [mass_assignment] identity probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /auth/login requestBody", - "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_IDENTITY" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] identity probe", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "createdBy": "__probe__", - "email": "kriswong@koch.io", - "ownerId": "__probe__", - "password": "us", - "userId": "__probe__", - "user_id": "__probe__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.928806+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3eaacfef", - "title": "POST /auth/login - [required_omission] email absent", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "required_omission", - "spec_path": "POST /auth/login requestBody.email", - "rationale": "required field \"email\" omitted entirely (not null) — server must reject with 4xx", - "scenario": "REQUIRED_OMISSION" - }, - "steps": [ - { - "id": "step-main", - "title": "[required_omission] email absent", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "password": "abroad" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.92898+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-0a64a19d", - "title": "POST /auth/login - [required_omission] password absent", - "kind": "single", - "priority": "P2", - "tags": [ - "Auth" - ], - "source": { - "technique": "required_omission", - "spec_path": "POST /auth/login requestBody.password", - "rationale": "required field \"password\" omitted entirely (not null) — server must reject with 4xx", - "scenario": "REQUIRED_OMISSION" - }, - "steps": [ - { - "id": "step-main", - "title": "[required_omission] password absent", - "type": "test", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "darylfarrell@santiago.org" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.928983+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c8662867", - "title": "PUT /api/admin/services/{serviceId}/team - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "PUT /api/admin/services/{serviceId}/team", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "teamId": "8439a10e-558d-4569-b260-f0f36a116d83" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.ok", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.929153+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8397ba83", - "title": "PUT /api/admin/services/{serviceId}/team - missing required field \"teamId\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.properties.teamId", - "rationale": "invalid equivalence class: required field \"teamId\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"teamId\"", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": {}, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.929158+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-dc1513dd", - "title": "PUT /api/admin/services/{serviceId}/team - idempotent: second call must be safe", - "kind": "chain", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "idempotency", - "spec_path": "PUT /api/admin/services/{serviceId}/team", - "rationale": "PUT is a write operation; test that repeat calls are safe" - }, - "steps": [ - { - "id": "step-setup", - "title": "PUT /api/admin/services/{serviceId}/team — first call", - "type": "setup", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "teamId": "b954d030-15a4-4bc5-a0ad-c5e46e96e0a7" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - }, - { - "id": "step-test", - "title": "PUT /api/admin/services/{serviceId}/team — identical second call must be safe", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "teamId": "b954d030-15a4-4bc5-a0ad-c5e46e96e0a7" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "labels": { - "type": "idempotency" - }, - "generated_at": "2026-05-06T21:30:41.929262+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b7125bf5", - "title": "[OWASP-API1] PUT /api/admin/services/{serviceId}/team — BOLA unauthorized access", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api1-bola" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/services/{serviceId}/team", - "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access other user's resource", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{{other_resource_id}}/team", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.92931+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6bc9b636", - "title": "[OWASP-API2] PUT /api/admin/services/{serviceId}/team — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/services/{serviceId}/team", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.929311+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-26712b87", - "title": "[OWASP-API3] PUT /api/admin/services/{serviceId}/team — BOPLA property-level access", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api3-bopla" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/services/{serviceId}/team", - "rationale": "PATCH/PUT with injected privileged fields; those fields must not be modified or reflected in the response" - }, - "steps": [ - { - "id": "step-1", - "title": "inject privileged fields in body", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "is_admin": true, - "role": "admin", - "teamId": "da2ce66b-ccba-4bc0-b582-c8fa43a6926f" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "jsonpath $.is_admin", - "operator": "ne", - "expected": true - }, - { - "target": "jsonpath $.role", - "operator": "ne", - "expected": "admin" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.929314+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-29a92605", - "title": "[OWASP-API6] PUT /api/admin/services/{serviceId}/team — mass assignment", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api6-mass-assignment" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/services/{serviceId}/team", - "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" - }, - "steps": [ - { - "id": "step-1", - "title": "inject read-only fields in body", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "createdAt": "2000-01-01T00:00:00Z", - "id": 99999, - "teamId": "d9bf3e10-6529-49aa-b714-03fd1a939f04", - "updatedAt": "2000-01-01T00:00:00Z" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "jsonpath $.id", - "operator": "ne", - "expected": 99999 - }, - { - "target": "jsonpath $.createdAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - }, - { - "target": "jsonpath $.updatedAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.929316+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3ad867af", - "title": "[OWASP-API7] PUT /api/admin/services/{serviceId}/team — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/services/{serviceId}/team", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/team", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.929319+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-53f0e55f", - "title": "[OWASP-API7] PUT /api/admin/services/{serviceId}/team — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/services/{serviceId}/team", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/%27%20OR%201=1--/team", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.92932+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b621722f", - "title": "[OWASP-API7] PUT /api/admin/services/{serviceId}/team — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/services/{serviceId}/team", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/..%2F..%2F..%2Fetc%2Fpasswd/team", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.929321+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-bc585ae5", - "title": "PUT /api/admin/services/{serviceId}/team - missing required field \"teamId\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.properties.teamId", - "rationale": "isolated failure: only \"teamId\" is absent; all other fields valid", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"teamId\"", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": {}, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.929633+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3dc3ff8a", - "title": "PUT /api/admin/services/{serviceId}/team - missing required param \"serviceId\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "PUT /api/admin/services/{serviceId}/team parameters.serviceId", - "rationale": "isolated failure: required param \"serviceId\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"serviceId\"", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/1/team", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.929634+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c8b11e1e", - "title": "PUT /api/admin/services/{serviceId}/team - [schema_violation] teamId_missing_required", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "schema_violation", - "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.properties.teamId", - "rationale": "required field \"teamId\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] teamId_missing_required", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": {}, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.929726+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3c6b4929", - "title": "PUT /api/admin/services/{serviceId}/team - mutation: teamId null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.teamId", - "rationale": "field \"teamId\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: teamId → null value", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "teamId": null - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.92977+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-717311a7", - "title": "PUT /api/admin/services/{serviceId}/team - mutation: teamId empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.teamId", - "rationale": "field \"teamId\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: teamId → empty string", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "teamId": "" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.929771+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-cea11786", - "title": "PUT /api/admin/services/{serviceId}/team - mutation: teamId integer instead of string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.teamId", - "rationale": "field \"teamId\" mutated with integer instead of string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: teamId → integer instead of string", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "teamId": 12345 - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.929773+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-452218de", - "title": "PUT /api/admin/services/{serviceId}/team - mutation: teamId oversized string (300 chars)", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.teamId", - "rationale": "field \"teamId\" mutated with oversized string (300 chars); API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: teamId → oversized string (300 chars)", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "teamId": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.929774+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-16d39238", - "title": "PUT /api/admin/services/{serviceId}/team - wrong content-type (text/plain)", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody", - "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", - "scenario": "WRONG_CONTENT_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "wrong content-type (text/plain)", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "text/plain" - }, - "body": { - "teamId": "bc1c5a2f-34be-4a46-bc1a-a3abfe061eb1" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 415 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.929959+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-87eccc15", - "title": "PUT /api/admin/services/{serviceId}/team - [type_coercion] teamId wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.properties.teamId", - "rationale": "field \"teamId\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] teamId wrong_type_integer", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "teamId": 123 - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.930009+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5b55ebea", - "title": "PUT /api/admin/services/{serviceId}/team - [type_coercion] teamId wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.properties.teamId", - "rationale": "field \"teamId\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] teamId wrong_type_boolean", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "teamId": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.930011+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-00caba6f", - "title": "PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.properties.teamId", - "rationale": "field \"teamId\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] teamId control_char", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "teamId": "hello\u0000world" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.930097+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1c0a1d4a", - "title": "PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.properties.teamId", - "rationale": "field \"teamId\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] teamId zero_width", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "teamId": "​hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.930099+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e30f1b9e", - "title": "PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.properties.teamId", - "rationale": "field \"teamId\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] teamId bidi_override", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "teamId": "‮hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.930101+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5dc313b9", - "title": "PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.properties.teamId", - "rationale": "field \"teamId\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] teamId overlong", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "teamId": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.930103+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c1fa3472", - "title": "PUT /api/admin/services/{serviceId}/team - [unicode_fuzzing] teamId zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.properties.teamId", - "rationale": "field \"teamId\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] teamId zalgo", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "teamId": "z̀́̂̃̄̅̆̇a" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.930104+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c8fb1c8e", - "title": "PUT /api/admin/services/{serviceId}/team - [mass_assignment] privilege probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody", - "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_PRIVILEGE" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] privilege probe", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "admin": true, - "isAdmin": true, - "is_admin": true, - "role": "__probe__", - "teamId": "205575fc-05ed-461e-8bb1-47206ee3fe2a" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.930333+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6072976c", - "title": "PUT /api/admin/services/{serviceId}/team - [mass_assignment] status probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody", - "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_STATUS" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] status probe", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "approved": true, - "banned": false, - "disabled": false, - "teamId": "205575fc-05ed-461e-8bb1-47206ee3fe2a", - "verified": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.930334+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-297a0e33", - "title": "PUT /api/admin/services/{serviceId}/team - [mass_assignment] financial probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody", - "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_FINANCIAL" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] financial probe", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "balance": 1, - "credits": 1, - "discount": 0, - "price": 1, - "teamId": "205575fc-05ed-461e-8bb1-47206ee3fe2a" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.930336+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c9fe2f6f", - "title": "PUT /api/admin/services/{serviceId}/team - [mass_assignment] identity probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody", - "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_IDENTITY" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] identity probe", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "createdBy": "__probe__", - "ownerId": "__probe__", - "teamId": "205575fc-05ed-461e-8bb1-47206ee3fe2a", - "userId": "__probe__", - "user_id": "__probe__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.93034+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f06bfa27", - "title": "PUT /api/admin/services/{serviceId}/team - [semantic_annotation] nullable field \"teamId\" accepts null", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "semantic_annotation", - "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.teamId", - "rationale": "field \"teamId\" is nullable; server MUST accept null value", - "scenario": "NULLABLE_ACCEPTANCE" - }, - "steps": [ - { - "id": "step-main", - "title": "[semantic_annotation] nullable field \"teamId\" accepts null", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "teamId": null - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 200 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.930513+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d24b98db", - "title": "PUT /api/admin/services/{serviceId}/team - [required_omission] teamId absent", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "required_omission", - "spec_path": "PUT /api/admin/services/{serviceId}/team requestBody.teamId", - "rationale": "required field \"teamId\" omitted entirely (not null) — server must reject with 4xx", - "scenario": "REQUIRED_OMISSION" - }, - "steps": [ - { - "id": "step-main", - "title": "[required_omission] teamId absent", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": {}, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.930559+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e7fb82c9", - "title": "GET /api/admin/users - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "GET /api/admin/users", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "GET", - "path": "/api/admin/users", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.users", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.930674+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-aaffe36c", - "title": "[OWASP-API2] GET /api/admin/users — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/admin/users", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "GET", - "path": "/api/admin/users", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.930737+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e3da0de9", - "title": "POST /api/upload - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Upload" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /api/upload", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "my", - "commitSha": "where", - "service": "Asian", - "specContent": "soon" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.endpointCount", - "operator": "exists" - }, - { - "target": "body.service", - "operator": "exists" - }, - { - "target": "body.unchanged", - "operator": "exists" - }, - { - "target": "body.warnings", - "operator": "exists" - }, - { - "target": "body.wasConverted", - "operator": "exists" - }, - { - "target": "body.branch", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.930877+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-89850cfa", - "title": "POST /api/upload - missing required field \"service\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Upload" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /api/upload requestBody.properties.service", - "rationale": "invalid equivalence class: required field \"service\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"service\"", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "occasionally", - "commitSha": "lastly", - "specContent": "eat" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.930884+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d756c10c", - "title": "POST /api/upload - missing required field \"branch\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Upload" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /api/upload requestBody.properties.branch", - "rationale": "invalid equivalence class: required field \"branch\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"branch\"", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "commitSha": "news", - "service": "seldom", - "specContent": "who" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.930887+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1de0eefc", - "title": "POST /api/upload - missing required field \"specContent\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Upload" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "POST /api/upload requestBody.properties.specContent", - "rationale": "invalid equivalence class: required field \"specContent\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"specContent\"", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "can", - "commitSha": "why", - "service": "forest" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.930891+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-fa5f2879", - "title": "POST /api/upload - service at min_valid boundary", - "kind": "single", - "priority": "P1", - "tags": [ - "Upload" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/upload requestBody.properties.service", - "rationale": "boundary value analysis: service at min_valid", - "scenario": "STRING_MIN_LENGTH" - }, - "steps": [ - { - "id": "step-main", - "title": "service at min_valid boundary", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "annoying", - "commitSha": "horde", - "service": "v", - "specContent": "early" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.931072+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c9639729", - "title": "POST /api/upload - service at min_minus_one_invalid boundary", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/upload requestBody.properties.service", - "rationale": "boundary value analysis: service at min_minus_one_invalid", - "scenario": "STRING_BELOW_MIN" - }, - "steps": [ - { - "id": "step-main", - "title": "service at min_minus_one_invalid boundary", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "annoying", - "commitSha": "horde", - "service": "P", - "specContent": "early" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.931074+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3cd9de74", - "title": "POST /api/upload - service at max_valid boundary", - "kind": "single", - "priority": "P1", - "tags": [ - "Upload" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/upload requestBody.properties.service", - "rationale": "boundary value analysis: service at max_valid", - "scenario": "STRING_MAX_LENGTH" - }, - "steps": [ - { - "id": "step-main", - "title": "service at max_valid boundary", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "annoying", - "commitSha": "horde", - "service": "atLOmtVVmlQhFvFrwuMTJjhgqzDQgMAKdxkeUnYswKYRxCFECDdRtuhENDYOeachFgpnTjKElKhbRGMNBMqtQcJeLmJEdXosWDnsTCROKgowmZMFmjZPjXeSVkrLtqyrTdhcTIoNWdfwRXnmvZQoROrQlafSbnQScDRKBvbCIsqPEGzseScyClXaqHCuhtwbNgwbAjmxZkPvBMGOxVbdVVDWFWdnUugVnZaDTXdkaRzAOYonKbCYZPlwlDZDKdT", - "specContent": "early" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.931083+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ad5debd5", - "title": "POST /api/upload - service at max_plus_one_invalid boundary", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/upload requestBody.properties.service", - "rationale": "boundary value analysis: service at max_plus_one_invalid", - "scenario": "STRING_ABOVE_MAX" - }, - "steps": [ - { - "id": "step-main", - "title": "service at max_plus_one_invalid boundary", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "annoying", - "commitSha": "horde", - "service": "UqQKQdxIBaEEFIOlbucPEjkejpJhtGCnYytkTfHBnTHmoeamHxyFTtNkqceSxPhYjEZfVjxnkUrCXnzCRdtVbcomgJaqcHidTZbQHOJgFusDCcCXqQuHRTajulzyqxxOFgJZTIrWbrgvHDgjlzyuuBztsMwepFaVmllpLTRwhONiNNZZDMtJFSySHEyRBmGBvFwEkoyGZJSFbcrJaJVmftRoXuHFuUwcKLaJFIIGOYYgsNiAMNTBUcmdjtEEKcrT", - "specContent": "early" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.93109+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-edc8ded2", - "title": "POST /api/upload - specContent at min_valid boundary", - "kind": "single", - "priority": "P1", - "tags": [ - "Upload" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/upload requestBody.properties.specContent", - "rationale": "boundary value analysis: specContent at min_valid", - "scenario": "STRING_MIN_LENGTH" - }, - "steps": [ - { - "id": "step-main", - "title": "specContent at min_valid boundary", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "annoying", - "commitSha": "horde", - "service": "patrol", - "specContent": "s" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.931092+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b6f8003e", - "title": "POST /api/upload - specContent at min_minus_one_invalid boundary", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/upload requestBody.properties.specContent", - "rationale": "boundary value analysis: specContent at min_minus_one_invalid", - "scenario": "STRING_BELOW_MIN" - }, - "steps": [ - { - "id": "step-main", - "title": "specContent at min_minus_one_invalid boundary", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "annoying", - "commitSha": "horde", - "service": "patrol", - "specContent": "E" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.931095+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-201ba23b", - "title": "POST /api/upload - specContent at max_valid boundary", - "kind": "single", - "priority": "P1", - "tags": [ - "Upload" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/upload requestBody.properties.specContent", - "rationale": "boundary value analysis: specContent at max_valid", - "scenario": "STRING_MAX_LENGTH" - }, - "steps": [ - { - "id": "step-main", - "title": "specContent at max_valid boundary", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "annoying", - "commitSha": "horde", - "service": "patrol", - "specContent": "MvxueBBOuEUznvCnujHEfhfJEmIkMiFxMUaMDQYopjbpdETOJXbhaSibxhItFKowWSgvVTsEKoRBvRboGZCrpNFYbErOCedxMcVAnLzDekWtkEvgLpSZAGaDLsFRvNWihavpvGqXfpluZjqXgXkvQZEpaaHgrFeEHQhhHsZqkGppwxBdpFmjShygsygoqyopydhyLxSwTwouvqLXCFkgNFkmEiZKFOzPodlBbQdZyQXKtqOjjyxMqTwcyXFgxoI" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.931102+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-dbbfdc22", - "title": "POST /api/upload - specContent at max_plus_one_invalid boundary", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/upload requestBody.properties.specContent", - "rationale": "boundary value analysis: specContent at max_plus_one_invalid", - "scenario": "STRING_ABOVE_MAX" - }, - "steps": [ - { - "id": "step-main", - "title": "specContent at max_plus_one_invalid boundary", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "annoying", - "commitSha": "horde", - "service": "patrol", - "specContent": "XYmkqdAEnhShAWMWevPjaEMcXFnlEMIZdgvjHxCMmpYIjgEHzJtlzMbGailVdFqZrzsWsGjpkSIhqCvAYsNhMiEWeEQWONGHrvWYvfPFzZHeBPoEohTATwAWyNcNwDNUwxVeqZxdAsktxHReoFPVnXfhBUWjzySqMmVghKlODAqkgFPTiJazKylKgHzgmDXbLnPQAKRyAscyAKlFZnpEkpnjoXxDbJnVmagvmQfbszLtHuyUTPLDrWNwJGJvuHBn" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.931109+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4ca9c46c", - "title": "POST /api/upload - branch at min_valid boundary", - "kind": "single", - "priority": "P1", - "tags": [ - "Upload" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/upload requestBody.properties.branch", - "rationale": "boundary value analysis: branch at min_valid", - "scenario": "STRING_MIN_LENGTH" - }, - "steps": [ - { - "id": "step-main", - "title": "branch at min_valid boundary", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "b", - "commitSha": "horde", - "service": "patrol", - "specContent": "early" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.931111+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-fa914b29", - "title": "POST /api/upload - branch at min_minus_one_invalid boundary", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/upload requestBody.properties.branch", - "rationale": "boundary value analysis: branch at min_minus_one_invalid", - "scenario": "STRING_BELOW_MIN" - }, - "steps": [ - { - "id": "step-main", - "title": "branch at min_minus_one_invalid boundary", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "x", - "commitSha": "horde", - "service": "patrol", - "specContent": "early" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.931115+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-97d88ce9", - "title": "POST /api/upload - branch at max_valid boundary", - "kind": "single", - "priority": "P1", - "tags": [ - "Upload" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/upload requestBody.properties.branch", - "rationale": "boundary value analysis: branch at max_valid", - "scenario": "STRING_MAX_LENGTH" - }, - "steps": [ - { - "id": "step-main", - "title": "branch at max_valid boundary", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "shlwKqFxRFaVTdGNnBXhsNxUFKQKzOqqCpWDSXqaghfbdFJIOYfkDfFCtbwSekckstHPRyDaMVWZVWRBkbIgtUJDXhFeMmsQbiKempTLkISShAcAmWyGwOABgtbYCVEFRMDgKJWLKPmhAtLhMCfQaicCaLcxzIlibqzCyRCDxwtHNNlvPLxMHtmKcmYUtqMBHkdEiCZvhHNvCBGgJjhsNpbEGSpHxdHKXjeFulMWOPsstdqgeeJDWdLgyWSEFNF", - "commitSha": "horde", - "service": "patrol", - "specContent": "early" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.931123+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-62157365", - "title": "POST /api/upload - branch at max_plus_one_invalid boundary", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "boundary_value", - "spec_path": "POST /api/upload requestBody.properties.branch", - "rationale": "boundary value analysis: branch at max_plus_one_invalid", - "scenario": "STRING_ABOVE_MAX" - }, - "steps": [ - { - "id": "step-main", - "title": "branch at max_plus_one_invalid boundary", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "ILYUfOPfVxuZMfnbVgKKBKcmaHThDumvYBgtnVGhjnPVGeBmGSnwjXFjeojgBxBSehvkPJScHCBTFcjyIabzfzFvTWtmmGsJXlmNIlpLkzqrlyuqKvGoAAOUUwFEBGeoceVrjAMgTmCbeUmYnHVgBpOXAuFUnLPQYGspPdbHIuiUDYqbBJXQtGKAcDLSaGJJLeGIsLZXfWSCbcUflmCylZeRTVGmuNyUFZmpAoeWuylCdFZLpbneeLqzpzLaIKmE", - "commitSha": "horde", - "service": "patrol", - "specContent": "early" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.931129+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-dd638159", - "title": "POST /api/upload - idempotent: second call must be safe", - "kind": "chain", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "idempotency", - "spec_path": "POST /api/upload", - "rationale": "POST is a write operation; test that repeat calls are safe" - }, - "steps": [ - { - "id": "step-setup", - "title": "POST /api/upload — first call", - "type": "setup", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "relieved", - "commitSha": "frequently", - "service": "inside", - "specContent": "east" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - }, - { - "id": "step-test", - "title": "POST /api/upload — identical second call must be safe", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "relieved", - "commitSha": "frequently", - "service": "inside", - "specContent": "east" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "labels": { - "type": "idempotency" - }, - "generated_at": "2026-05-06T21:30:41.931663+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4c9fd28e", - "title": "[OWASP-API2] POST /api/upload — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/upload", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "POST", - "path": "/api/upload", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.931706+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-bcf8922c", - "title": "[OWASP-API6] POST /api/upload — mass assignment", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api6-mass-assignment" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/upload", - "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" - }, - "steps": [ - { - "id": "step-1", - "title": "inject read-only fields in body", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "second", - "commitSha": "he", - "createdAt": "2000-01-01T00:00:00Z", - "id": 99999, - "service": "his", - "specContent": "of", - "updatedAt": "2000-01-01T00:00:00Z" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 201 - }, - { - "target": "jsonpath $.id", - "operator": "ne", - "expected": 99999 - }, - { - "target": "jsonpath $.createdAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - }, - { - "target": "jsonpath $.updatedAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.931711+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-81a2a747", - "title": "[OWASP-API7] POST /api/upload — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/upload", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "\"\u003e\u003cscript\u003ealert(1)\u003c/script\u003e" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.931712+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b528a6e6", - "title": "[OWASP-API7] POST /api/upload — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/upload", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "' OR 1=1--" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.931714+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-553f4f51", - "title": "[OWASP-API7] POST /api/upload — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "POST /api/upload", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "../../../etc/passwd" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.931715+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8f85caae", - "title": "POST /api/upload - missing required field \"service\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Upload" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /api/upload requestBody.properties.service", - "rationale": "isolated failure: only \"service\" is absent; all other fields valid", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"service\"", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "recline", - "commitSha": "pack", - "specContent": "now" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.931938+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-33947120", - "title": "POST /api/upload - missing required field \"branch\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Upload" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /api/upload requestBody.properties.branch", - "rationale": "isolated failure: only \"branch\" is absent; all other fields valid", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"branch\"", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "commitSha": "pack", - "service": "ears", - "specContent": "now" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.93194+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-fccdadb2", - "title": "POST /api/upload - missing required field \"specContent\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Upload" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /api/upload requestBody.properties.specContent", - "rationale": "isolated failure: only \"specContent\" is absent; all other fields valid", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"specContent\"", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "recline", - "commitSha": "pack", - "service": "ears" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.931942+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-86ff6bd8", - "title": "POST /api/upload - invalid specContent: empty string violates minLength 1", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /api/upload requestBody.properties.specContent", - "rationale": "isolated failure: only \"specContent\" is invalid (empty string violates minLength 1); all other fields valid", - "scenario": "STRING_BELOW_MIN" - }, - "steps": [ - { - "id": "step-main", - "title": "invalid specContent: empty string violates minLength 1", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "recline", - "commitSha": "pack", - "service": "ears", - "specContent": "" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.931944+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5eb7446c", - "title": "POST /api/upload - invalid branch: empty string violates minLength 1", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /api/upload requestBody.properties.branch", - "rationale": "isolated failure: only \"branch\" is invalid (empty string violates minLength 1); all other fields valid", - "scenario": "STRING_BELOW_MIN" - }, - "steps": [ - { - "id": "step-main", - "title": "invalid branch: empty string violates minLength 1", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "", - "commitSha": "pack", - "service": "ears", - "specContent": "now" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.931945+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8389dd21", - "title": "POST /api/upload - invalid service: empty string violates minLength 1", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "POST /api/upload requestBody.properties.service", - "rationale": "isolated failure: only \"service\" is invalid (empty string violates minLength 1); all other fields valid", - "scenario": "STRING_BELOW_MIN" - }, - "steps": [ - { - "id": "step-main", - "title": "invalid service: empty string violates minLength 1", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "recline", - "commitSha": "pack", - "service": "", - "specContent": "now" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.931947+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-72938c30", - "title": "POST /api/upload - [schema_violation] service_missing_required", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /api/upload requestBody.properties.service", - "rationale": "required field \"service\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] service_missing_required", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "to", - "commitSha": "Brazilian", - "specContent": "tonight" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.932226+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-381d4381", - "title": "POST /api/upload - [schema_violation] branch_missing_required", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /api/upload requestBody.properties.branch", - "rationale": "required field \"branch\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] branch_missing_required", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "commitSha": "Brazilian", - "service": "intimidate", - "specContent": "tonight" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.932227+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-555257e2", - "title": "POST /api/upload - [schema_violation] specContent_missing_required", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /api/upload requestBody.properties.specContent", - "rationale": "required field \"specContent\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] specContent_missing_required", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "to", - "commitSha": "Brazilian", - "service": "intimidate" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.932228+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-40be94ec", - "title": "POST /api/upload - [schema_violation] service_too_short", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /api/upload requestBody.properties.service", - "rationale": "service is empty, violates minLength 1" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] service_too_short", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "to", - "commitSha": "Brazilian", - "service": "", - "specContent": "tonight" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.93223+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-af512611", - "title": "POST /api/upload - [schema_violation] specContent_too_short", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /api/upload requestBody.properties.specContent", - "rationale": "specContent is empty, violates minLength 1" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] specContent_too_short", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "to", - "commitSha": "Brazilian", - "service": "intimidate", - "specContent": "" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.932231+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-76d8b912", - "title": "POST /api/upload - [schema_violation] branch_too_short", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "schema_violation", - "spec_path": "POST /api/upload requestBody.properties.branch", - "rationale": "branch is empty, violates minLength 1" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] branch_too_short", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "", - "commitSha": "Brazilian", - "service": "intimidate", - "specContent": "tonight" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.932233+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-9f510ed7", - "title": "POST /api/upload - mutation: branch null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/upload requestBody.branch", - "rationale": "field \"branch\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: branch → null value", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": null, - "commitSha": "heavily", - "service": "sufficient", - "specContent": "ours" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.932492+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-cac690c1", - "title": "POST /api/upload - mutation: branch empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/upload requestBody.branch", - "rationale": "field \"branch\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: branch → empty string", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "", - "commitSha": "heavily", - "service": "sufficient", - "specContent": "ours" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.932494+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-416a96c1", - "title": "POST /api/upload - mutation: branch integer instead of string", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/upload requestBody.branch", - "rationale": "field \"branch\" mutated with integer instead of string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: branch → integer instead of string", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": 12345, - "commitSha": "heavily", - "service": "sufficient", - "specContent": "ours" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.932495+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-75d60dab", - "title": "POST /api/upload - mutation: branch oversized string (300 chars)", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/upload requestBody.branch", - "rationale": "field \"branch\" mutated with oversized string (300 chars); API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: branch → oversized string (300 chars)", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "commitSha": "heavily", - "service": "sufficient", - "specContent": "ours" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.932498+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-0c1c92bd", - "title": "POST /api/upload - mutation: commitSha null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/upload requestBody.commitSha", - "rationale": "field \"commitSha\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: commitSha → null value", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "instance", - "commitSha": null, - "service": "sufficient", - "specContent": "ours" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.932504+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f30e852c", - "title": "POST /api/upload - mutation: commitSha empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/upload requestBody.commitSha", - "rationale": "field \"commitSha\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: commitSha → empty string", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "instance", - "commitSha": "", - "service": "sufficient", - "specContent": "ours" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.932506+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b1212f34", - "title": "POST /api/upload - mutation: commitSha integer instead of string", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/upload requestBody.commitSha", - "rationale": "field \"commitSha\" mutated with integer instead of string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: commitSha → integer instead of string", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "instance", - "commitSha": 12345, - "service": "sufficient", - "specContent": "ours" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.932508+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-fdaf954a", - "title": "POST /api/upload - mutation: commitSha oversized string (300 chars)", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/upload requestBody.commitSha", - "rationale": "field \"commitSha\" mutated with oversized string (300 chars); API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: commitSha → oversized string (300 chars)", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "instance", - "commitSha": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "service": "sufficient", - "specContent": "ours" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.932509+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7805eead", - "title": "POST /api/upload - mutation: service null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/upload requestBody.service", - "rationale": "field \"service\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: service → null value", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "instance", - "commitSha": "heavily", - "service": null, - "specContent": "ours" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.932511+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6f0a4261", - "title": "POST /api/upload - mutation: service empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "mutation", - "spec_path": "POST /api/upload requestBody.service", - "rationale": "field \"service\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: service → empty string", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "instance", - "commitSha": "heavily", - "service": "", - "specContent": "ours" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.932512+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-fef2ed50", - "title": "POST /api/upload - null injection: specContent", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/upload requestBody.properties.specContent", - "rationale": "field \"specContent\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: specContent", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "rather", - "commitSha": "troop", - "service": "we", - "specContent": null - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.932957+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5151a7d3", - "title": "POST /api/upload - null injection: branch", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/upload requestBody.properties.branch", - "rationale": "field \"branch\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: branch", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": null, - "commitSha": "troop", - "service": "we", - "specContent": "usually" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.932959+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e9eaa8fd", - "title": "POST /api/upload - null injection: commitSha", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/upload requestBody.properties.commitSha", - "rationale": "field \"commitSha\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: commitSha", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "rather", - "commitSha": null, - "service": "we", - "specContent": "usually" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.932961+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b8cf0920", - "title": "POST /api/upload - null injection: service", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/upload requestBody.properties.service", - "rationale": "field \"service\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: service", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "rather", - "commitSha": "troop", - "service": null, - "specContent": "usually" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.932963+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-863dd501", - "title": "POST /api/upload - wrong content-type (text/plain)", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "POST /api/upload requestBody", - "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", - "scenario": "WRONG_CONTENT_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "wrong content-type (text/plain)", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "text/plain" - }, - "body": { - "branch": "rather", - "commitSha": "troop", - "service": "we", - "specContent": "usually" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 415 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.932964+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6a08feec", - "title": "POST /api/upload - [type_coercion] branch wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/upload requestBody.properties.branch", - "rationale": "field \"branch\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] branch wrong_type_integer", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": 123, - "commitSha": "throw", - "service": "the", - "specContent": "you" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933184+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e00401a8", - "title": "POST /api/upload - [type_coercion] branch wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/upload requestBody.properties.branch", - "rationale": "field \"branch\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] branch wrong_type_boolean", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": true, - "commitSha": "throw", - "service": "the", - "specContent": "you" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933186+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b806224f", - "title": "POST /api/upload - [type_coercion] commitSha wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/upload requestBody.properties.commitSha", - "rationale": "field \"commitSha\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] commitSha wrong_type_integer", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "point", - "commitSha": 123, - "service": "the", - "specContent": "you" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933187+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-16cf9e5b", - "title": "POST /api/upload - [type_coercion] commitSha wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/upload requestBody.properties.commitSha", - "rationale": "field \"commitSha\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] commitSha wrong_type_boolean", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "point", - "commitSha": true, - "service": "the", - "specContent": "you" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933189+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-07462c7f", - "title": "POST /api/upload - [type_coercion] service wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/upload requestBody.properties.service", - "rationale": "field \"service\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] service wrong_type_integer", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "point", - "commitSha": "throw", - "service": 123, - "specContent": "you" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.93319+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-240bdc53", - "title": "POST /api/upload - [type_coercion] service wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/upload requestBody.properties.service", - "rationale": "field \"service\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] service wrong_type_boolean", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "point", - "commitSha": "throw", - "service": true, - "specContent": "you" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933192+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-bbde20a6", - "title": "POST /api/upload - [type_coercion] specContent wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/upload requestBody.properties.specContent", - "rationale": "field \"specContent\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] specContent wrong_type_integer", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "point", - "commitSha": "throw", - "service": "the", - "specContent": 123 - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933194+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4a28e8ae", - "title": "POST /api/upload - [type_coercion] specContent wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "type_coercion", - "spec_path": "POST /api/upload requestBody.properties.specContent", - "rationale": "field \"specContent\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] specContent wrong_type_boolean", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "point", - "commitSha": "throw", - "service": "the", - "specContent": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933195+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-eb8a46bc", - "title": "POST /api/upload - [unicode_fuzzing] branch control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Upload" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/upload requestBody.properties.branch", - "rationale": "field \"branch\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] branch control_char", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "hello\u0000world", - "commitSha": "herself", - "service": "consequently", - "specContent": "neither" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933552+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d4d96d5e", - "title": "POST /api/upload - [unicode_fuzzing] branch zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Upload" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/upload requestBody.properties.branch", - "rationale": "field \"branch\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] branch zero_width", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "​hello", - "commitSha": "herself", - "service": "consequently", - "specContent": "neither" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933554+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-09b46ba6", - "title": "POST /api/upload - [unicode_fuzzing] branch bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Upload" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/upload requestBody.properties.branch", - "rationale": "field \"branch\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] branch bidi_override", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "‮hello", - "commitSha": "herself", - "service": "consequently", - "specContent": "neither" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933556+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8ecf3f52", - "title": "POST /api/upload - [unicode_fuzzing] branch overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Upload" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/upload requestBody.properties.branch", - "rationale": "field \"branch\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] branch overlong", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "commitSha": "herself", - "service": "consequently", - "specContent": "neither" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933557+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3c16d4b3", - "title": "POST /api/upload - [unicode_fuzzing] branch zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Upload" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/upload requestBody.properties.branch", - "rationale": "field \"branch\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] branch zalgo", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "z̀́̂̃̄̅̆̇a", - "commitSha": "herself", - "service": "consequently", - "specContent": "neither" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933559+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1e3b28af", - "title": "POST /api/upload - [unicode_fuzzing] commitSha control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Upload" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/upload requestBody.properties.commitSha", - "rationale": "field \"commitSha\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] commitSha control_char", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "honestly", - "commitSha": "hello\u0000world", - "service": "consequently", - "specContent": "neither" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933566+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e4c96b76", - "title": "POST /api/upload - [unicode_fuzzing] commitSha zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Upload" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/upload requestBody.properties.commitSha", - "rationale": "field \"commitSha\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] commitSha zero_width", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "honestly", - "commitSha": "​hello", - "service": "consequently", - "specContent": "neither" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933568+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-471fcaef", - "title": "POST /api/upload - [unicode_fuzzing] commitSha bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Upload" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/upload requestBody.properties.commitSha", - "rationale": "field \"commitSha\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] commitSha bidi_override", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "honestly", - "commitSha": "‮hello", - "service": "consequently", - "specContent": "neither" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.93357+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d3d69da1", - "title": "POST /api/upload - [unicode_fuzzing] commitSha overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Upload" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/upload requestBody.properties.commitSha", - "rationale": "field \"commitSha\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] commitSha overlong", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "honestly", - "commitSha": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "service": "consequently", - "specContent": "neither" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933572+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f298d13c", - "title": "POST /api/upload - [unicode_fuzzing] commitSha zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Upload" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/upload requestBody.properties.commitSha", - "rationale": "field \"commitSha\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] commitSha zalgo", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "honestly", - "commitSha": "z̀́̂̃̄̅̆̇a", - "service": "consequently", - "specContent": "neither" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933574+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-76fd376c", - "title": "POST /api/upload - [unicode_fuzzing] service control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Upload" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/upload requestBody.properties.service", - "rationale": "field \"service\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] service control_char", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "honestly", - "commitSha": "herself", - "service": "hello\u0000world", - "specContent": "neither" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933577+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f8f99bf7", - "title": "POST /api/upload - [unicode_fuzzing] service zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Upload" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/upload requestBody.properties.service", - "rationale": "field \"service\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] service zero_width", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "honestly", - "commitSha": "herself", - "service": "​hello", - "specContent": "neither" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933578+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-71d03103", - "title": "POST /api/upload - [unicode_fuzzing] service bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Upload" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/upload requestBody.properties.service", - "rationale": "field \"service\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] service bidi_override", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "honestly", - "commitSha": "herself", - "service": "‮hello", - "specContent": "neither" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.93358+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4e0cc0d2", - "title": "POST /api/upload - [unicode_fuzzing] service overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Upload" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/upload requestBody.properties.service", - "rationale": "field \"service\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] service overlong", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "honestly", - "commitSha": "herself", - "service": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "specContent": "neither" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933582+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7d8cc30e", - "title": "POST /api/upload - [unicode_fuzzing] service zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Upload" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/upload requestBody.properties.service", - "rationale": "field \"service\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] service zalgo", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "honestly", - "commitSha": "herself", - "service": "z̀́̂̃̄̅̆̇a", - "specContent": "neither" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933583+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7ff8ca85", - "title": "POST /api/upload - [unicode_fuzzing] specContent control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Upload" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/upload requestBody.properties.specContent", - "rationale": "field \"specContent\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] specContent control_char", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "honestly", - "commitSha": "herself", - "service": "consequently", - "specContent": "hello\u0000world" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933585+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7ac120c3", - "title": "POST /api/upload - [unicode_fuzzing] specContent zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Upload" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/upload requestBody.properties.specContent", - "rationale": "field \"specContent\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] specContent zero_width", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "honestly", - "commitSha": "herself", - "service": "consequently", - "specContent": "​hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933587+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-131ad5f4", - "title": "POST /api/upload - [unicode_fuzzing] specContent bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Upload" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/upload requestBody.properties.specContent", - "rationale": "field \"specContent\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] specContent bidi_override", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "honestly", - "commitSha": "herself", - "service": "consequently", - "specContent": "‮hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933588+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-40f1423f", - "title": "POST /api/upload - [unicode_fuzzing] specContent overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Upload" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/upload requestBody.properties.specContent", - "rationale": "field \"specContent\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] specContent overlong", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "honestly", - "commitSha": "herself", - "service": "consequently", - "specContent": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.93359+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6b2db722", - "title": "POST /api/upload - [unicode_fuzzing] specContent zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Upload" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "POST /api/upload requestBody.properties.specContent", - "rationale": "field \"specContent\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] specContent zalgo", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "honestly", - "commitSha": "herself", - "service": "consequently", - "specContent": "z̀́̂̃̄̅̆̇a" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.933592+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-eb8249c9", - "title": "POST /api/upload - [mass_assignment] privilege probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/upload requestBody", - "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_PRIVILEGE" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] privilege probe", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "admin": true, - "branch": "oops", - "commitSha": "mustering", - "isAdmin": true, - "is_admin": true, - "role": "__probe__", - "service": "I", - "specContent": "cut" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.934495+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-0310fa1a", - "title": "POST /api/upload - [mass_assignment] status probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/upload requestBody", - "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_STATUS" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] status probe", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "approved": true, - "banned": false, - "branch": "oops", - "commitSha": "mustering", - "disabled": false, - "service": "I", - "specContent": "cut", - "verified": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.934497+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-9794cdb0", - "title": "POST /api/upload - [mass_assignment] financial probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/upload requestBody", - "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_FINANCIAL" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] financial probe", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "balance": 1, - "branch": "oops", - "commitSha": "mustering", - "credits": 1, - "discount": 0, - "price": 1, - "service": "I", - "specContent": "cut" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.934498+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-398f4294", - "title": "POST /api/upload - [mass_assignment] identity probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "POST /api/upload requestBody", - "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_IDENTITY" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] identity probe", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "oops", - "commitSha": "mustering", - "createdBy": "__probe__", - "ownerId": "__probe__", - "service": "I", - "specContent": "cut", - "userId": "__probe__", - "user_id": "__probe__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.9345+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b8ed4386", - "title": "POST /api/upload - [field_boundary] branch valid_min", - "kind": "single", - "priority": "P1", - "tags": [ - "Upload" - ], - "source": { - "technique": "field_boundary", - "spec_path": "POST /api/upload requestBody.branch", - "rationale": "field \"branch\" boundary test: valid_min", - "scenario": "FIELD_BOUNDARY_VALID" - }, - "steps": [ - { - "id": "step-main", - "title": "[field_boundary] branch valid_min", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "a", - "commitSha": "girl", - "service": "those", - "specContent": "many" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 200 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.934674+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e5764a68", - "title": "POST /api/upload - [field_boundary] branch invalid_below_min", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "field_boundary", - "spec_path": "POST /api/upload requestBody.branch", - "rationale": "field \"branch\" boundary test: invalid_below_min", - "scenario": "FIELD_BOUNDARY_INVALID" - }, - "steps": [ - { - "id": "step-main", - "title": "[field_boundary] branch invalid_below_min", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "", - "commitSha": "about", - "service": "scold", - "specContent": "muster" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.934678+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-db5c5368", - "title": "POST /api/upload - [field_boundary] service valid_min", - "kind": "single", - "priority": "P1", - "tags": [ - "Upload" - ], - "source": { - "technique": "field_boundary", - "spec_path": "POST /api/upload requestBody.service", - "rationale": "field \"service\" boundary test: valid_min", - "scenario": "FIELD_BOUNDARY_VALID" - }, - "steps": [ - { - "id": "step-main", - "title": "[field_boundary] service valid_min", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "it", - "commitSha": "why", - "service": "a", - "specContent": "all" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 200 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.934682+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a957f4b8", - "title": "POST /api/upload - [field_boundary] service invalid_below_min", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "field_boundary", - "spec_path": "POST /api/upload requestBody.service", - "rationale": "field \"service\" boundary test: invalid_below_min", - "scenario": "FIELD_BOUNDARY_INVALID" - }, - "steps": [ - { - "id": "step-main", - "title": "[field_boundary] service invalid_below_min", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "next", - "commitSha": "none", - "service": "", - "specContent": "through" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.934685+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-82713518", - "title": "POST /api/upload - [field_boundary] specContent valid_min", - "kind": "single", - "priority": "P1", - "tags": [ - "Upload" - ], - "source": { - "technique": "field_boundary", - "spec_path": "POST /api/upload requestBody.specContent", - "rationale": "field \"specContent\" boundary test: valid_min", - "scenario": "FIELD_BOUNDARY_VALID" - }, - "steps": [ - { - "id": "step-main", - "title": "[field_boundary] specContent valid_min", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "drink", - "commitSha": "his", - "service": "few", - "specContent": "a" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 200 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.934691+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ac1b6e26", - "title": "POST /api/upload - [field_boundary] specContent invalid_below_min", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "field_boundary", - "spec_path": "POST /api/upload requestBody.specContent", - "rationale": "field \"specContent\" boundary test: invalid_below_min", - "scenario": "FIELD_BOUNDARY_INVALID" - }, - "steps": [ - { - "id": "step-main", - "title": "[field_boundary] specContent invalid_below_min", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "whom", - "commitSha": "to", - "service": "constantly", - "specContent": "" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.934695+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-893f33e4", - "title": "POST /api/upload - [required_omission] branch absent", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "required_omission", - "spec_path": "POST /api/upload requestBody.branch", - "rationale": "required field \"branch\" omitted entirely (not null) — server must reject with 4xx", - "scenario": "REQUIRED_OMISSION" - }, - "steps": [ - { - "id": "step-main", - "title": "[required_omission] branch absent", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "commitSha": "where", - "service": "though", - "specContent": "wisp" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.934942+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f4726c9d", - "title": "POST /api/upload - [required_omission] service absent", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "required_omission", - "spec_path": "POST /api/upload requestBody.service", - "rationale": "required field \"service\" omitted entirely (not null) — server must reject with 4xx", - "scenario": "REQUIRED_OMISSION" - }, - "steps": [ - { - "id": "step-main", - "title": "[required_omission] service absent", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "whenever", - "commitSha": "himself", - "specContent": "did" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.934947+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-196e600f", - "title": "POST /api/upload - [required_omission] specContent absent", - "kind": "single", - "priority": "P2", - "tags": [ - "Upload" - ], - "source": { - "technique": "required_omission", - "spec_path": "POST /api/upload requestBody.specContent", - "rationale": "required field \"specContent\" omitted entirely (not null) — server must reject with 4xx", - "scenario": "REQUIRED_OMISSION" - }, - "steps": [ - { - "id": "step-main", - "title": "[required_omission] specContent absent", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "now", - "commitSha": "occasionally", - "service": "might" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.934951+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8384ae85", - "title": "DELETE /api/admin/teams/{id}/members/{userId} - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "DELETE /api/admin/teams/{id}/members/{userId}", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "DELETE", - "path": "/api/admin/teams/{id}/members/{userId}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.ok", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.935163+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e8a5f757", - "title": "DELETE /api/admin/teams/{id}/members/{userId} - idempotent: second call must be safe", - "kind": "chain", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "idempotency", - "spec_path": "DELETE /api/admin/teams/{id}/members/{userId}", - "rationale": "DELETE is a write operation; test that repeat calls are safe" - }, - "steps": [ - { - "id": "step-setup", - "title": "DELETE /api/admin/teams/{id}/members/{userId} — first call", - "type": "setup", - "method": "DELETE", - "path": "/api/admin/teams/{id}/members/{userId}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - }, - { - "id": "step-test", - "title": "DELETE /api/admin/teams/{id}/members/{userId} — identical second call must be safe", - "type": "test", - "method": "DELETE", - "path": "/api/admin/teams/{id}/members/{userId}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "labels": { - "type": "idempotency" - }, - "generated_at": "2026-05-06T21:30:41.935217+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-042e8f38", - "title": "[OWASP-API1] DELETE /api/admin/teams/{id}/members/{userId} — BOLA unauthorized access", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api1-bola" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/teams/{id}/members/{userId}", - "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access other user's resource", - "type": "test", - "method": "DELETE", - "path": "/api/admin/teams/{{other_resource_id}}/members/{userId}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.935267+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-46113a78", - "title": "[OWASP-API2] DELETE /api/admin/teams/{id}/members/{userId} — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/teams/{id}/members/{userId}", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "DELETE", - "path": "/api/admin/teams/{id}/members/{userId}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.935268+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a4c3899a", - "title": "[OWASP-API7] DELETE /api/admin/teams/{id}/members/{userId} — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/teams/{id}/members/{userId}", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "DELETE", - "path": "/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/members/{userId}", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.935271+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-0cf3a030", - "title": "[OWASP-API7] DELETE /api/admin/teams/{id}/members/{userId} — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/teams/{id}/members/{userId}", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "DELETE", - "path": "/api/admin/teams/%27%20OR%201=1--/members/{userId}", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.935273+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-511147be", - "title": "[OWASP-API7] DELETE /api/admin/teams/{id}/members/{userId} — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/teams/{id}/members/{userId}", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "DELETE", - "path": "/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/members/{userId}", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.935275+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4661322e", - "title": "DELETE /api/admin/teams/{id}/members/{userId} - missing required param \"id\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "DELETE /api/admin/teams/{id}/members/{userId} parameters.id", - "rationale": "isolated failure: required param \"id\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"id\"", - "type": "test", - "method": "DELETE", - "path": "/api/admin/teams/1/members/1", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.935489+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-636a79c8", - "title": "DELETE /api/admin/teams/{id}/members/{userId} - missing required param \"userId\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "DELETE /api/admin/teams/{id}/members/{userId} parameters.userId", - "rationale": "isolated failure: required param \"userId\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"userId\"", - "type": "test", - "method": "DELETE", - "path": "/api/admin/teams/1/members/1", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.935492+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c4642225", - "title": "DELETE /api/admin/teams/{id}/members/{userId} - IDOR id=99999 (alt_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "DELETE /api/admin/teams/{id}/members/{userId} parameters.id", - "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=99999 (alt_id)", - "type": "test", - "method": "DELETE", - "path": "/api/admin/teams/99999/members/1", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.935579+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-eb538efa", - "title": "DELETE /api/admin/teams/{id}/members/{userId} - IDOR id=0 (zero_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "DELETE /api/admin/teams/{id}/members/{userId} parameters.id", - "rationale": "IDOR probe: substituting id=0 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=0 (zero_id)", - "type": "test", - "method": "DELETE", - "path": "/api/admin/teams/0/members/1", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.935581+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b950209e", - "title": "PUT /api/admin/teams/{id}/members/{userId} - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId}", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "member" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.ok", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.935774+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-02cdac38", - "title": "PUT /api/admin/teams/{id}/members/{userId} - missing required field \"role\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", - "rationale": "invalid equivalence class: required field \"role\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"role\"", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": {}, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.935779+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7fb55548", - "title": "PUT /api/admin/teams/{id}/members/{userId} - idempotent: second call must be safe", - "kind": "chain", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "idempotency", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId}", - "rationale": "PUT is a write operation; test that repeat calls are safe" - }, - "steps": [ - { - "id": "step-setup", - "title": "PUT /api/admin/teams/{id}/members/{userId} — first call", - "type": "setup", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "owner" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - }, - { - "id": "step-test", - "title": "PUT /api/admin/teams/{id}/members/{userId} — identical second call must be safe", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "owner" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "labels": { - "type": "idempotency" - }, - "generated_at": "2026-05-06T21:30:41.935883+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-37084d5c", - "title": "[OWASP-API1] PUT /api/admin/teams/{id}/members/{userId} — BOLA unauthorized access", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api1-bola" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId}", - "rationale": "Path contains an ID parameter; verify object-level authorization: accessing another user's resource with a valid token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access other user's resource", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{{other_resource_id}}/members/{userId}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.935928+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-19b34217", - "title": "[OWASP-API2] PUT /api/admin/teams/{id}/members/{userId} — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId}", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.935929+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4c06b345", - "title": "[OWASP-API3] PUT /api/admin/teams/{id}/members/{userId} — BOPLA property-level access", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api3-bopla" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId}", - "rationale": "PATCH/PUT with injected privileged fields; those fields must not be modified or reflected in the response" - }, - "steps": [ - { - "id": "step-1", - "title": "inject privileged fields in body", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "is_admin": true, - "role": "admin" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "jsonpath $.is_admin", - "operator": "ne", - "expected": true - }, - { - "target": "jsonpath $.role", - "operator": "ne", - "expected": "admin" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.935932+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ffe14e02", - "title": "[OWASP-API6] PUT /api/admin/teams/{id}/members/{userId} — mass assignment", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api6-mass-assignment" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId}", - "rationale": "Inject read-only fields id/createdAt/updatedAt; the response must not accept or reflect the injected values" - }, - "steps": [ - { - "id": "step-1", - "title": "inject read-only fields in body", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "createdAt": "2000-01-01T00:00:00Z", - "id": 99999, - "role": "member", - "updatedAt": "2000-01-01T00:00:00Z" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "jsonpath $.id", - "operator": "ne", - "expected": 99999 - }, - { - "target": "jsonpath $.createdAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - }, - { - "target": "jsonpath $.updatedAt", - "operator": "ne", - "expected": "2000-01-01T00:00:00Z" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.935935+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d065e277", - "title": "[OWASP-API7] PUT /api/admin/teams/{id}/members/{userId} — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId}", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E/members/{userId}", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.935936+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-16482ca3", - "title": "[OWASP-API7] PUT /api/admin/teams/{id}/members/{userId} — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId}", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/%27%20OR%201=1--/members/{userId}", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.935938+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-df6e5f44", - "title": "[OWASP-API7] PUT /api/admin/teams/{id}/members/{userId} — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId}", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/..%2F..%2F..%2Fetc%2Fpasswd/members/{userId}", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.93594+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7f67bdd2", - "title": "PUT /api/admin/teams/{id}/members/{userId} - missing required field \"role\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", - "rationale": "isolated failure: only \"role\" is absent; all other fields valid", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required field \"role\"", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": {}, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.936246+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1385a015", - "title": "PUT /api/admin/teams/{id}/members/{userId} - invalid role: value not in enum", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", - "rationale": "isolated failure: only \"role\" is invalid (value not in enum); all other fields valid", - "scenario": "ENUM_INVALID" - }, - "steps": [ - { - "id": "step-main", - "title": "invalid role: value not in enum", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "__invalid_enum__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.936248+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c90499c8", - "title": "PUT /api/admin/teams/{id}/members/{userId} - missing required param \"id\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} parameters.id", - "rationale": "isolated failure: required param \"id\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"id\"", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/1/members/1", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.93625+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a0b457a0", - "title": "PUT /api/admin/teams/{id}/members/{userId} - missing required param \"userId\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} parameters.userId", - "rationale": "isolated failure: required param \"userId\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"userId\"", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/1/members/1", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.936253+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e51f7c6d", - "title": "PUT /api/admin/teams/{id}/members/{userId} - [schema_violation] role_missing_required", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "schema_violation", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", - "rationale": "required field \"role\" is absent" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] role_missing_required", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": {}, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.936433+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-128b22a3", - "title": "PUT /api/admin/teams/{id}/members/{userId} - [schema_violation] role_invalid_enum", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "schema_violation", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", - "rationale": "role=\"__invalid__\" is not in enum [owner member]" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] role_invalid_enum", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "__invalid__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.936435+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8380cf38", - "title": "PUT /api/admin/teams/{id}/members/{userId} - mutation: role null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.role", - "rationale": "field \"role\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: role → null value", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": null - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.936516+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-9334c130", - "title": "PUT /api/admin/teams/{id}/members/{userId} - mutation: role empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.role", - "rationale": "field \"role\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: role → empty string", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.936518+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c930d5b2", - "title": "PUT /api/admin/teams/{id}/members/{userId} - mutation: role integer instead of string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.role", - "rationale": "field \"role\" mutated with integer instead of string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: role → integer instead of string", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": 12345 - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.936519+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c4c6cb7f", - "title": "PUT /api/admin/teams/{id}/members/{userId} - mutation: role oversized string (300 chars)", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.role", - "rationale": "field \"role\" mutated with oversized string (300 chars); API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: role → oversized string (300 chars)", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.936521+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-92d17333", - "title": "PUT /api/admin/teams/{id}/members/{userId} - null injection: role", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", - "rationale": "field \"role\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: role", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": null - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.936694+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-55f30d0f", - "title": "PUT /api/admin/teams/{id}/members/{userId} - wrong content-type (text/plain)", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody", - "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", - "scenario": "WRONG_CONTENT_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "wrong content-type (text/plain)", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "text/plain" - }, - "body": { - "role": "member" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 415 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.936699+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-23b49146", - "title": "PUT /api/admin/teams/{id}/members/{userId} - [type_coercion] role wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", - "rationale": "field \"role\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] role wrong_type_integer", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": 123 - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.936788+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c33ffd8f", - "title": "PUT /api/admin/teams/{id}/members/{userId} - [type_coercion] role wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", - "rationale": "field \"role\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] role wrong_type_boolean", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.936791+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a8d734a8", - "title": "PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", - "rationale": "field \"role\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] role control_char", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "hello\u0000world" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.936874+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2815807e", - "title": "PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", - "rationale": "field \"role\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] role zero_width", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "​hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.936876+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-0b0faf09", - "title": "PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", - "rationale": "field \"role\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] role bidi_override", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "‮hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.936878+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1e651ae0", - "title": "PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", - "rationale": "field \"role\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] role overlong", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.936879+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f7cf562e", - "title": "PUT /api/admin/teams/{id}/members/{userId} - [unicode_fuzzing] role zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.properties.role", - "rationale": "field \"role\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] role zalgo", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "z̀́̂̃̄̅̆̇a" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.936881+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-830ae193", - "title": "PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] privilege probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody", - "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_PRIVILEGE" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] privilege probe", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "admin": true, - "isAdmin": true, - "is_admin": true, - "role": "__probe__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.937097+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-08a1d397", - "title": "PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] status probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody", - "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_STATUS" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] status probe", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "approved": true, - "banned": false, - "disabled": false, - "role": "member", - "verified": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.937098+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e346a0c6", - "title": "PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] financial probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody", - "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_FINANCIAL" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] financial probe", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "balance": 1, - "credits": 1, - "discount": 0, - "price": 1, - "role": "member" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.9371+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c5b345ac", - "title": "PUT /api/admin/teams/{id}/members/{userId} - [mass_assignment] identity probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody", - "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_IDENTITY" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] identity probe", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "createdBy": "__probe__", - "ownerId": "__probe__", - "role": "member", - "userId": "__probe__", - "user_id": "__probe__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.937101+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5ee92e8d", - "title": "PUT /api/admin/teams/{id}/members/{userId} - IDOR id=99999 (alt_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} parameters.id", - "rationale": "IDOR probe: substituting id=99999 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=99999 (alt_id)", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/99999/members/1", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.937459+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3ecaa43f", - "title": "PUT /api/admin/teams/{id}/members/{userId} - IDOR id=0 (zero_id)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} parameters.id", - "rationale": "IDOR probe: substituting id=0 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=0 (zero_id)", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/0/members/1", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.937465+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b8039024", - "title": "PUT /api/admin/teams/{id}/members/{userId} - [required_omission] role absent", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "required_omission", - "spec_path": "PUT /api/admin/teams/{id}/members/{userId} requestBody.role", - "rationale": "required field \"role\" omitted entirely (not null) — server must reject with 4xx", - "scenario": "REQUIRED_OMISSION" - }, - "steps": [ - { - "id": "step-main", - "title": "[required_omission] role absent", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Content-Type": "application/json" - }, - "body": {}, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.937606+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f50edea5", - "title": "DELETE /api/admin/webhooks/:id - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "DELETE /api/admin/webhooks/:id", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "DELETE", - "path": "/api/admin/webhooks/:id", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 204 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.937922+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-854a404a", - "title": "DELETE /api/admin/webhooks/:id - idempotent: second call must be safe", - "kind": "chain", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "idempotency", - "spec_path": "DELETE /api/admin/webhooks/:id", - "rationale": "DELETE is a write operation; test that repeat calls are safe" - }, - "steps": [ - { - "id": "step-setup", - "title": "DELETE /api/admin/webhooks/:id — first call", - "type": "setup", - "method": "DELETE", - "path": "/api/admin/webhooks/:id", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 204 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - }, - { - "id": "step-test", - "title": "DELETE /api/admin/webhooks/:id — identical second call must be safe", - "type": "test", - "method": "DELETE", - "path": "/api/admin/webhooks/:id", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 204 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "labels": { - "type": "idempotency" - }, - "generated_at": "2026-05-06T21:30:41.937995+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-23cf0c86", - "title": "[OWASP-API2] DELETE /api/admin/webhooks/:id — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/webhooks/:id", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "DELETE", - "path": "/api/admin/webhooks/:id", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938038+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-06da467b", - "title": "[OWASP-API7] DELETE /api/admin/webhooks/:id — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/webhooks/:id", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "DELETE", - "path": "/api/admin/webhooks/:id", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938041+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7e499729", - "title": "[OWASP-API7] DELETE /api/admin/webhooks/:id — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/webhooks/:id", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "DELETE", - "path": "/api/admin/webhooks/:id", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938042+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-bdc77229", - "title": "[OWASP-API7] DELETE /api/admin/webhooks/:id — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "DELETE /api/admin/webhooks/:id", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "DELETE", - "path": "/api/admin/webhooks/:id", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938044+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-25ba00ae", - "title": "DELETE /api/admin/webhooks/:id - missing required param \"id\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "DELETE /api/admin/webhooks/:id parameters.id", - "rationale": "isolated failure: required param \"id\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"id\"", - "type": "test", - "method": "DELETE", - "path": "/api/admin/webhooks/:id", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938222+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-101b67d9", - "title": "DELETE /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "DELETE /api/admin/webhooks/:id parameters.id", - "rationale": "IDOR probe: substituting id=00000000-0000-0000-0000-000000000001 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid)", - "type": "test", - "method": "DELETE", - "path": "/api/admin/webhooks/:id", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938266+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2c9e3616", - "title": "DELETE /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "DELETE /api/admin/webhooks/:id parameters.id", - "rationale": "IDOR probe: substituting id=00000000-0000-0000-0000-000000000000 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid)", - "type": "test", - "method": "DELETE", - "path": "/api/admin/webhooks/:id", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938267+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-415f32a9", - "title": "PATCH /api/admin/webhooks/:id - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "PATCH /api/admin/webhooks/:id", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "none" - ], - "isActive": true, - "name": "Dolly Richards", - "url": "http://www.futuredeliver.org/dynamic" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.createdAt", - "operator": "exists" - }, - { - "target": "body.providerType", - "operator": "exists" - }, - { - "target": "body.createdBy", - "operator": "exists" - }, - { - "target": "body.url", - "operator": "exists" - }, - { - "target": "body.name", - "operator": "exists" - }, - { - "target": "body.teamId", - "operator": "exists" - }, - { - "target": "body.id", - "operator": "exists" - }, - { - "target": "body.events", - "operator": "exists" - }, - { - "target": "body.isActive", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938438+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3a1afdb6", - "title": "[OWASP-API2] PATCH /api/admin/webhooks/:id — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PATCH /api/admin/webhooks/:id", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938493+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d7a97bb7", - "title": "[OWASP-API3] PATCH /api/admin/webhooks/:id — BOPLA property-level access", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api3-bopla" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PATCH /api/admin/webhooks/:id", - "rationale": "PATCH/PUT with injected privileged fields; those fields must not be modified or reflected in the response" - }, - "steps": [ - { - "id": "step-1", - "title": "inject privileged fields in body", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "leap" - ], - "isActive": true, - "is_admin": true, - "name": "Lacy Mccarthy", - "role": "admin", - "url": "http://www.mainrobust.net/user-centric/empower" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "jsonpath $.is_admin", - "operator": "ne", - "expected": true - }, - { - "target": "jsonpath $.role", - "operator": "ne", - "expected": "admin" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938498+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e86a894c", - "title": "[OWASP-API7] PATCH /api/admin/webhooks/:id — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PATCH /api/admin/webhooks/:id", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.9385+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e249a62c", - "title": "[OWASP-API7] PATCH /api/admin/webhooks/:id — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PATCH /api/admin/webhooks/:id", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938501+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b84f711a", - "title": "[OWASP-API7] PATCH /api/admin/webhooks/:id — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PATCH /api/admin/webhooks/:id", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938503+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-432c0bdd", - "title": "[OWASP-API10] PATCH /api/admin/webhooks/:id — SSRF", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api10-ssrf" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "PATCH /api/admin/webhooks/:id", - "rationale": "Inject internal URL http://127.0.0.1; server must validate and reject (400)" - }, - "steps": [ - { - "id": "step-1", - "title": "inject internal URL for SSRF", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "url": "http://127.0.0.1" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938505+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-fbeea8b1", - "title": "PATCH /api/admin/webhooks/:id - invalid isActive: wrong type (string for boolean)", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.isActive", - "rationale": "isolated failure: only \"isActive\" is invalid (wrong type (string for boolean)); all other fields valid", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "invalid isActive: wrong type (string for boolean)", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "regularly" - ], - "isActive": "not_a_boolean", - "name": "Halle Lewis", - "url": "http://www.technicalschemas.com/web-enabled" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938766+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8a80112e", - "title": "PATCH /api/admin/webhooks/:id - missing required param \"id\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "PATCH /api/admin/webhooks/:id parameters.id", - "rationale": "isolated failure: required param \"id\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"id\"", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938768+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a0047765", - "title": "PATCH /api/admin/webhooks/:id - [schema_violation] isActive_wrong_type", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "schema_violation", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.isActive", - "rationale": "isActive is boolean but received a string" - }, - "steps": [ - { - "id": "step-main", - "title": "[schema_violation] isActive_wrong_type", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "whatever" - ], - "isActive": "not_a_boolean", - "name": "Alexander Gordon", - "url": "https://www.grouptechnologies.net/deliverables/web-enabled/generate/e-enable" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.93885+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2d09c873", - "title": "PATCH /api/admin/webhooks/:id - mutation: events null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.events", - "rationale": "field \"events\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: events → null value", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": null, - "isActive": false, - "name": "Kristin Burton", - "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.93889+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-9439ce9e", - "title": "PATCH /api/admin/webhooks/:id - mutation: events string instead of array", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.events", - "rationale": "field \"events\" mutated with string instead of array; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: events → string instead of array", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": "not-an-array", - "isActive": false, - "name": "Kristin Burton", - "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938892+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-309789e7", - "title": "PATCH /api/admin/webhooks/:id - mutation: events object instead of array", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.events", - "rationale": "field \"events\" mutated with object instead of array; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: events → object instead of array", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": {}, - "isActive": false, - "name": "Kristin Burton", - "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938894+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c42eb537", - "title": "PATCH /api/admin/webhooks/:id - mutation: isActive null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.isActive", - "rationale": "field \"isActive\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: isActive → null value", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "might" - ], - "isActive": null, - "name": "Kristin Burton", - "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938896+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-be6cb74f", - "title": "PATCH /api/admin/webhooks/:id - mutation: isActive string instead of boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.isActive", - "rationale": "field \"isActive\" mutated with string instead of boolean; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: isActive → string instead of boolean", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "might" - ], - "isActive": "yes", - "name": "Kristin Burton", - "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938897+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-161755de", - "title": "PATCH /api/admin/webhooks/:id - mutation: isActive integer instead of boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.isActive", - "rationale": "field \"isActive\" mutated with integer instead of boolean; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: isActive → integer instead of boolean", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "might" - ], - "isActive": 1, - "name": "Kristin Burton", - "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938899+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-07005fc1", - "title": "PATCH /api/admin/webhooks/:id - mutation: name null value", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.name", - "rationale": "field \"name\" mutated with null value; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: name → null value", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "might" - ], - "isActive": false, - "name": null, - "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938901+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-48b3b8ee", - "title": "PATCH /api/admin/webhooks/:id - mutation: name empty string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.name", - "rationale": "field \"name\" mutated with empty string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: name → empty string", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "might" - ], - "isActive": false, - "name": "", - "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938903+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ec8ffbaa", - "title": "PATCH /api/admin/webhooks/:id - mutation: name integer instead of string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.name", - "rationale": "field \"name\" mutated with integer instead of string; API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: name → integer instead of string", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "might" - ], - "isActive": false, - "name": 12345, - "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938904+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-bc9e284b", - "title": "PATCH /api/admin/webhooks/:id - mutation: name oversized string (300 chars)", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mutation", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.name", - "rationale": "field \"name\" mutated with oversized string (300 chars); API must reject with 4xx" - }, - "steps": [ - { - "id": "step-main", - "title": "mutation: name → oversized string (300 chars)", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "might" - ], - "isActive": false, - "name": "aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", - "url": "http://www.financialpartnerships.org/metrics/cross-platform/platforms/viral" - }, - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.938906+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6597f138", - "title": "PATCH /api/admin/webhooks/:id - null injection: url", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.url", - "rationale": "field \"url\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: url", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "aloof" - ], - "isActive": true, - "name": "Opal Deckow", - "url": null - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.939344+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e5f0413f", - "title": "PATCH /api/admin/webhooks/:id - null injection: events", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.events", - "rationale": "field \"events\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: events", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": null, - "isActive": true, - "name": "Opal Deckow", - "url": "http://www.dynamicmarkets.net/vertical" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.939345+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f681cd0b", - "title": "PATCH /api/admin/webhooks/:id - null injection: isActive", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.isActive", - "rationale": "field \"isActive\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: isActive", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "aloof" - ], - "isActive": null, - "name": "Opal Deckow", - "url": "http://www.dynamicmarkets.net/vertical" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.939347+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-abff0001", - "title": "PATCH /api/admin/webhooks/:id - null injection: name", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.name", - "rationale": "field \"name\" is non-nullable but receives null — server must reject with 422", - "scenario": "NULL_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "null injection: name", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "aloof" - ], - "isActive": true, - "name": null, - "url": "http://www.dynamicmarkets.net/vertical" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.939349+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-94225ad6", - "title": "PATCH /api/admin/webhooks/:id - wrong content-type (text/plain)", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "constraint_mutation", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody", - "rationale": "valid JSON body sent with Content-Type: text/plain — server must return 415 Unsupported Media Type", - "scenario": "WRONG_CONTENT_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "wrong content-type (text/plain)", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "text/plain" - }, - "body": { - "events": [ - "aloof" - ], - "isActive": true, - "name": "Opal Deckow", - "url": "http://www.dynamicmarkets.net/vertical" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 415 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.93935+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ce35cd41", - "title": "PATCH /api/admin/webhooks/:id - [type_coercion] events wrong_type_string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.events", - "rationale": "field \"events\" is array but receives wrong_type_string — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] events wrong_type_string", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": "not_an_array", - "isActive": false, - "name": "Emile Jones", - "url": "https://www.financeoptimize.com/transform/cross-media/technologies" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.939555+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-db8dd398", - "title": "PATCH /api/admin/webhooks/:id - [type_coercion] isActive wrong_type_string", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.isActive", - "rationale": "field \"isActive\" is boolean but receives wrong_type_string — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] isActive wrong_type_string", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "some" - ], - "isActive": "not_a_boolean", - "name": "Emile Jones", - "url": "https://www.financeoptimize.com/transform/cross-media/technologies" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.939556+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4c590e85", - "title": "PATCH /api/admin/webhooks/:id - [type_coercion] isActive wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.isActive", - "rationale": "field \"isActive\" is boolean but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] isActive wrong_type_integer", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "some" - ], - "isActive": 1, - "name": "Emile Jones", - "url": "https://www.financeoptimize.com/transform/cross-media/technologies" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.939558+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-849247d2", - "title": "PATCH /api/admin/webhooks/:id - [type_coercion] name wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.name", - "rationale": "field \"name\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] name wrong_type_integer", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "some" - ], - "isActive": false, - "name": 123, - "url": "https://www.financeoptimize.com/transform/cross-media/technologies" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.93956+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e2d843b1", - "title": "PATCH /api/admin/webhooks/:id - [type_coercion] name wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.name", - "rationale": "field \"name\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] name wrong_type_boolean", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "some" - ], - "isActive": false, - "name": true, - "url": "https://www.financeoptimize.com/transform/cross-media/technologies" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.939562+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5b388493", - "title": "PATCH /api/admin/webhooks/:id - [type_coercion] url wrong_type_integer", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.url", - "rationale": "field \"url\" is string but receives wrong_type_integer — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] url wrong_type_integer", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "some" - ], - "isActive": false, - "name": "Emile Jones", - "url": 123 - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.939564+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d9bfd2d8", - "title": "PATCH /api/admin/webhooks/:id - [type_coercion] url wrong_type_boolean", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "type_coercion", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.url", - "rationale": "field \"url\" is string but receives wrong_type_boolean — server must reject with 422", - "scenario": "WRONG_TYPE" - }, - "steps": [ - { - "id": "step-main", - "title": "[type_coercion] url wrong_type_boolean", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "some" - ], - "isActive": false, - "name": "Emile Jones", - "url": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.939565+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-9fed73af", - "title": "PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.name", - "rationale": "field \"name\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] name control_char", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "that" - ], - "isActive": true, - "name": "hello\u0000world", - "url": "https://www.productdrive.io/grow/world-class" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.939859+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6bdb26ba", - "title": "PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.name", - "rationale": "field \"name\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] name zero_width", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "that" - ], - "isActive": true, - "name": "​hello", - "url": "https://www.productdrive.io/grow/world-class" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.939861+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-61073126", - "title": "PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.name", - "rationale": "field \"name\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] name bidi_override", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "that" - ], - "isActive": true, - "name": "‮hello", - "url": "https://www.productdrive.io/grow/world-class" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.939863+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ff322daa", - "title": "PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.name", - "rationale": "field \"name\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] name overlong", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "that" - ], - "isActive": true, - "name": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", - "url": "https://www.productdrive.io/grow/world-class" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.939864+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a31d1299", - "title": "PATCH /api/admin/webhooks/:id - [unicode_fuzzing] name zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.name", - "rationale": "field \"name\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] name zalgo", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "that" - ], - "isActive": true, - "name": "z̀́̂̃̄̅̆̇a", - "url": "https://www.productdrive.io/grow/world-class" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.939866+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ed68863e", - "title": "PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url control_char", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.url", - "rationale": "field \"url\" receives unicode mutation \"control_char\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] url control_char", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "that" - ], - "isActive": true, - "name": "Nicole Heller", - "url": "hello\u0000world" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.939869+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-61e8a563", - "title": "PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url zero_width", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.url", - "rationale": "field \"url\" receives unicode mutation \"zero_width\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] url zero_width", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "that" - ], - "isActive": true, - "name": "Nicole Heller", - "url": "​hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.939871+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-36430217", - "title": "PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url bidi_override", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.url", - "rationale": "field \"url\" receives unicode mutation \"bidi_override\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] url bidi_override", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "that" - ], - "isActive": true, - "name": "Nicole Heller", - "url": "‮hello" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.939872+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d7318097", - "title": "PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url overlong", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.url", - "rationale": "field \"url\" receives unicode mutation \"overlong\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] url overlong", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "that" - ], - "isActive": true, - "name": "Nicole Heller", - "url": "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.939874+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-0a72a45e", - "title": "PATCH /api/admin/webhooks/:id - [unicode_fuzzing] url zalgo", - "kind": "single", - "priority": "P3", - "tags": [ - "Admin" - ], - "source": { - "technique": "unicode_fuzzing", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody.properties.url", - "rationale": "field \"url\" receives unicode mutation \"zalgo\" — server must sanitize/reject with 400", - "scenario": "UNICODE_INJECTION" - }, - "steps": [ - { - "id": "step-main", - "title": "[unicode_fuzzing] url zalgo", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "that" - ], - "isActive": true, - "name": "Nicole Heller", - "url": "z̀́̂̃̄̅̆̇a" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.939878+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d0ddffec", - "title": "PATCH /api/admin/webhooks/:id - [mass_assignment] privilege probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody", - "rationale": "inject privilege probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_PRIVILEGE" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] privilege probe", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "admin": true, - "events": [ - "of" - ], - "isActive": false, - "isAdmin": true, - "is_admin": true, - "name": "Nathaniel Yang", - "role": "__probe__", - "url": "https://www.forwardinteractive.com/architect/reintermediate/user-centric" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.940302+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-16deab72", - "title": "PATCH /api/admin/webhooks/:id - [mass_assignment] status probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody", - "rationale": "inject status probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_STATUS" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] status probe", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "approved": true, - "banned": false, - "disabled": false, - "events": [ - "of" - ], - "isActive": false, - "name": "Nathaniel Yang", - "url": "https://www.forwardinteractive.com/architect/reintermediate/user-centric", - "verified": true - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.940303+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ed85e04f", - "title": "PATCH /api/admin/webhooks/:id - [mass_assignment] financial probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody", - "rationale": "inject financial probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_FINANCIAL" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] financial probe", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "balance": 1, - "credits": 1, - "discount": 0, - "events": [ - "of" - ], - "isActive": false, - "name": "Nathaniel Yang", - "price": 1, - "url": "https://www.forwardinteractive.com/architect/reintermediate/user-centric" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.940304+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1274d148", - "title": "PATCH /api/admin/webhooks/:id - [mass_assignment] identity probe", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "mass_assignment", - "spec_path": "PATCH /api/admin/webhooks/:id requestBody", - "rationale": "inject identity probe fields not declared in schema to detect mass assignment vulnerability", - "scenario": "MASS_ASSIGNMENT_IDENTITY" - }, - "steps": [ - { - "id": "step-main", - "title": "[mass_assignment] identity probe", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "createdBy": "__probe__", - "events": [ - "of" - ], - "isActive": false, - "name": "Nathaniel Yang", - "ownerId": "__probe__", - "url": "https://www.forwardinteractive.com/architect/reintermediate/user-centric", - "userId": "__probe__", - "user_id": "__probe__" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.940306+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e5555fc8", - "title": "PATCH /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "PATCH /api/admin/webhooks/:id parameters.id", - "rationale": "IDOR probe: substituting id=00000000-0000-0000-0000-000000000001 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=00000000-0000-0000-0000-000000000001 (alt_uuid)", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.940477+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-93edf6a3", - "title": "PATCH /api/admin/webhooks/:id - IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid)", - "kind": "single", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "idor", - "spec_path": "PATCH /api/admin/webhooks/:id parameters.id", - "rationale": "IDOR probe: substituting id=00000000-0000-0000-0000-000000000000 to test authorization boundary", - "scenario": "IDOR_PARAM" - }, - "steps": [ - { - "id": "step-main", - "title": "IDOR id=00000000-0000-0000-0000-000000000000 (nil_uuid)", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "assertions": [ - { - "target": "status_code", - "operator": "gte", - "expected": 400 - }, - { - "target": "status_code", - "operator": "lt", - "expected": 500 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.940479+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-04940e9f", - "title": "GET /api/admin/audit-logs - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Admin" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "GET /api/admin/audit-logs", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "GET", - "path": "/api/admin/audit-logs", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.total", - "operator": "exists" - }, - { - "target": "body.logs", - "operator": "exists" - }, - { - "target": "body.page", - "operator": "exists" - }, - { - "target": "body.pageSize", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.940645+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-80f9a912", - "title": "GET /api/admin/audit-logs - classification tree row 1: [action=login]", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "classification_tree", - "spec_path": "GET /api/admin/audit-logs parameters", - "rationale": "ECT row 1 — each-choice coverage: [action=login]" - }, - "steps": [ - { - "id": "step-main", - "title": "classification tree row 1: [action=login]", - "type": "test", - "method": "GET", - "path": "/api/admin/audit-logs?action=login", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.940699+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ee7cf268", - "title": "GET /api/admin/audit-logs - classification tree row 2: [action=spec_uploaded]", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "classification_tree", - "spec_path": "GET /api/admin/audit-logs parameters", - "rationale": "ECT row 2 — each-choice coverage: [action=spec_uploaded]" - }, - "steps": [ - { - "id": "step-main", - "title": "classification tree row 2: [action=spec_uploaded]", - "type": "test", - "method": "GET", - "path": "/api/admin/audit-logs?action=spec_uploaded", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.940702+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-df4697d4", - "title": "GET /api/admin/audit-logs - classification tree row 3: [action=spec_updated]", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "classification_tree", - "spec_path": "GET /api/admin/audit-logs parameters", - "rationale": "ECT row 3 — each-choice coverage: [action=spec_updated]" - }, - "steps": [ - { - "id": "step-main", - "title": "classification tree row 3: [action=spec_updated]", - "type": "test", - "method": "GET", - "path": "/api/admin/audit-logs?action=spec_updated", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.940704+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ba4c28cb", - "title": "GET /api/admin/audit-logs - classification tree row 4: [action=service_deleted]", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "classification_tree", - "spec_path": "GET /api/admin/audit-logs parameters", - "rationale": "ECT row 4 — each-choice coverage: [action=service_deleted]" - }, - "steps": [ - { - "id": "step-main", - "title": "classification tree row 4: [action=service_deleted]", - "type": "test", - "method": "GET", - "path": "/api/admin/audit-logs?action=service_deleted", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.940705+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2874616a", - "title": "GET /api/admin/audit-logs - classification tree row 5: [action=grant_created]", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "classification_tree", - "spec_path": "GET /api/admin/audit-logs parameters", - "rationale": "ECT row 5 — each-choice coverage: [action=grant_created]" - }, - "steps": [ - { - "id": "step-main", - "title": "classification tree row 5: [action=grant_created]", - "type": "test", - "method": "GET", - "path": "/api/admin/audit-logs?action=grant_created", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.940707+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4511e41f", - "title": "GET /api/admin/audit-logs - classification tree row 6: [action=grant_revoked]", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "classification_tree", - "spec_path": "GET /api/admin/audit-logs parameters", - "rationale": "ECT row 6 — each-choice coverage: [action=grant_revoked]" - }, - "steps": [ - { - "id": "step-main", - "title": "classification tree row 6: [action=grant_revoked]", - "type": "test", - "method": "GET", - "path": "/api/admin/audit-logs?action=grant_revoked", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.940709+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e290ff04", - "title": "GET /api/admin/audit-logs - classification tree row 7: [action=token_created]", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "classification_tree", - "spec_path": "GET /api/admin/audit-logs parameters", - "rationale": "ECT row 7 — each-choice coverage: [action=token_created]" - }, - "steps": [ - { - "id": "step-main", - "title": "classification tree row 7: [action=token_created]", - "type": "test", - "method": "GET", - "path": "/api/admin/audit-logs?action=token_created", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.940711+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-5a6e9137", - "title": "GET /api/admin/audit-logs - classification tree row 8: [action=token_revoked]", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "classification_tree", - "spec_path": "GET /api/admin/audit-logs parameters", - "rationale": "ECT row 8 — each-choice coverage: [action=token_revoked]" - }, - "steps": [ - { - "id": "step-main", - "title": "classification tree row 8: [action=token_revoked]", - "type": "test", - "method": "GET", - "path": "/api/admin/audit-logs?action=token_revoked", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.940712+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e92e324e", - "title": "GET /api/admin/audit-logs - classification tree row 9: [action=user_created]", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "classification_tree", - "spec_path": "GET /api/admin/audit-logs parameters", - "rationale": "ECT row 9 — each-choice coverage: [action=user_created]" - }, - "steps": [ - { - "id": "step-main", - "title": "classification tree row 9: [action=user_created]", - "type": "test", - "method": "GET", - "path": "/api/admin/audit-logs?action=user_created", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.940714+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e73ed081", - "title": "GET /api/admin/audit-logs - classification tree row 10: [action=user_disabled]", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "classification_tree", - "spec_path": "GET /api/admin/audit-logs parameters", - "rationale": "ECT row 10 — each-choice coverage: [action=user_disabled]" - }, - "steps": [ - { - "id": "step-main", - "title": "classification tree row 10: [action=user_disabled]", - "type": "test", - "method": "GET", - "path": "/api/admin/audit-logs?action=user_disabled", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.940716+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a820fea5", - "title": "GET /api/admin/audit-logs - classification tree row 11: [action=team_created]", - "kind": "single", - "priority": "P2", - "tags": [ - "Admin" - ], - "source": { - "technique": "classification_tree", - "spec_path": "GET /api/admin/audit-logs parameters", - "rationale": "ECT row 11 — each-choice coverage: [action=team_created]" - }, - "steps": [ - { - "id": "step-main", - "title": "classification tree row 11: [action=team_created]", - "type": "test", - "method": "GET", - "path": "/api/admin/audit-logs?action=team_created", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.940718+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-eb7a16db", - "title": "[OWASP-API2] GET /api/admin/audit-logs — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/admin/audit-logs", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "GET", - "path": "/api/admin/audit-logs", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941174+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-0d70db14", - "title": "[OWASP-API7] GET /api/admin/audit-logs — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/admin/audit-logs", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "GET", - "path": "/api/admin/audit-logs?action=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941177+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-605a4d60", - "title": "[OWASP-API7] GET /api/admin/audit-logs — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/admin/audit-logs", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "GET", - "path": "/api/admin/audit-logs?action=%27+OR+1%3D1--", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941178+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a1c2c8cc", - "title": "[OWASP-API7] GET /api/admin/audit-logs — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/admin/audit-logs", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "GET", - "path": "/api/admin/audit-logs?action=..%2F..%2F..%2Fetc%2Fpasswd", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.94118+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-65fdbcb4", - "title": "GET /api/search - valid request with all required fields", - "kind": "single", - "priority": "P0", - "tags": [ - "Search" - ], - "source": { - "technique": "equivalence_partitioning", - "spec_path": "GET /api/search", - "rationale": "valid equivalence class: all required fields present with correct types" - }, - "steps": [ - { - "id": "step-main", - "title": "valid request with all required fields", - "type": "test", - "method": "GET", - "path": "/api/search", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - }, - { - "target": "body.results", - "operator": "exists" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941425+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6e192176", - "title": "[OWASP-API2] GET /api/search — broken authentication", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api2-broken-auth" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/search", - "rationale": "Endpoint declares a security scheme; removing the Authorization header should return 401" - }, - "steps": [ - { - "id": "step-1", - "title": "request without auth token", - "type": "test", - "method": "GET", - "path": "/api/search", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 401 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941478+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b1a5ce9b", - "title": "[OWASP-API7] GET /api/search — injection (xss)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/search", - "rationale": "Inject xss payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject xss payload", - "type": "test", - "method": "GET", - "path": "/api/search?q=%22%3E%3Cscript%3Ealert%281%29%3C%2Fscript%3E", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.94148+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b0d05c32", - "title": "[OWASP-API7] GET /api/search — injection (sqli)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/search", - "rationale": "Inject sqli payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject sqli payload", - "type": "test", - "method": "GET", - "path": "/api/search?q=%27+OR+1%3D1--", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941481+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-30f18b95", - "title": "[OWASP-API7] GET /api/search — injection (path-traversal)", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api7-injection" - ], - "source": { - "technique": "owasp_api_top10", - "spec_path": "GET /api/search", - "rationale": "Inject path-traversal payload; server must reject and return 400" - }, - "steps": [ - { - "id": "step-1", - "title": "inject path-traversal payload", - "type": "test", - "method": "GET", - "path": "/api/search?q=..%2F..%2F..%2Fetc%2Fpasswd", - "body": null, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941482+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-128363b8", - "title": "GET /api/search - missing required param \"q\"", - "kind": "single", - "priority": "P1", - "tags": [ - "Search" - ], - "source": { - "technique": "isolated_negative", - "spec_path": "GET /api/search parameters.q", - "rationale": "isolated failure: required param \"q\" is absent", - "scenario": "MISSING_REQUIRED" - }, - "steps": [ - { - "id": "step-main", - "title": "missing required param \"q\"", - "type": "test", - "method": "GET", - "path": "/api/search?branch=valid\u0026service=valid", - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 422 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941662+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c88f572b", - "title": "[OWASP-API5] DELETE /api/catalog/:serviceId — function-level authorization missing", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api5-function-level-auth" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "DELETE /api/catalog/:serviceId", - "rationale": "Accessing a privileged endpoint with a regular user token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access privileged endpoint with regular user token", - "type": "test", - "method": "DELETE", - "path": "/api/catalog/:serviceId", - "headers": { - "Authorization": "Bearer {{user_token}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941794+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1f9d5ef0", - "title": "[OWASP-API5] DELETE /api/admin/teams/{id} — function-level authorization missing", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api5-function-level-auth" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "DELETE /api/admin/teams/{id}", - "rationale": "Accessing a privileged endpoint with a regular user token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access privileged endpoint with regular user token", - "type": "test", - "method": "DELETE", - "path": "/api/admin/teams/{id}", - "headers": { - "Authorization": "Bearer {{user_token}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941795+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-06b71a7c", - "title": "[OWASP-API5] PUT /api/admin/teams/{id} — function-level authorization missing", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api5-function-level-auth" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "PUT /api/admin/teams/{id}", - "rationale": "Accessing a privileged endpoint with a regular user token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access privileged endpoint with regular user token", - "type": "test", - "method": "PUT", - "path": "/api/admin/teams/{id}", - "headers": { - "Authorization": "Bearer {{user_token}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941796+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-edc7b8fe", - "title": "[OWASP-API5] GET /api/admin/teams/{id}/services — function-level authorization missing", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api5-function-level-auth" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "GET /api/admin/teams/{id}/services", - "rationale": "Accessing a privileged endpoint with a regular user token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access privileged endpoint with regular user token", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{id}/services", - "headers": { - "Authorization": "Bearer {{user_token}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941797+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4c861285", - "title": "[OWASP-API5] DELETE /api/admin/users/{id} — function-level authorization missing", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api5-function-level-auth" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "DELETE /api/admin/users/{id}", - "rationale": "Accessing a privileged endpoint with a regular user token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access privileged endpoint with regular user token", - "type": "test", - "method": "DELETE", - "path": "/api/admin/users/{id}", - "headers": { - "Authorization": "Bearer {{user_token}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941798+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8f0d7884", - "title": "[OWASP-API5] PUT /api/admin/users/{id} — function-level authorization missing", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api5-function-level-auth" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "PUT /api/admin/users/{id}", - "rationale": "Accessing a privileged endpoint with a regular user token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access privileged endpoint with regular user token", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{id}", - "headers": { - "Authorization": "Bearer {{user_token}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941799+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a9276ccc", - "title": "[OWASP-API5] GET /api/admin/teams — function-level authorization missing", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api5-function-level-auth" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "GET /api/admin/teams", - "rationale": "Accessing a privileged endpoint with a regular user token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access privileged endpoint with regular user token", - "type": "test", - "method": "GET", - "path": "/api/admin/teams", - "headers": { - "Authorization": "Bearer {{user_token}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.9418+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2df9f5ad", - "title": "[OWASP-API5] POST /api/admin/teams — function-level authorization missing", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api5-function-level-auth" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "POST /api/admin/teams", - "rationale": "Accessing a privileged endpoint with a regular user token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access privileged endpoint with regular user token", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Authorization": "Bearer {{user_token}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941801+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8f5433a6", - "title": "[OWASP-API5] GET /api/admin/teams/{id}/grants — function-level authorization missing", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api5-function-level-auth" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "GET /api/admin/teams/{id}/grants", - "rationale": "Accessing a privileged endpoint with a regular user token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access privileged endpoint with regular user token", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Authorization": "Bearer {{user_token}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941802+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4c520692", - "title": "[OWASP-API5] POST /api/admin/teams/{id}/grants — function-level authorization missing", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api5-function-level-auth" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "POST /api/admin/teams/{id}/grants", - "rationale": "Accessing a privileged endpoint with a regular user token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access privileged endpoint with regular user token", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Authorization": "Bearer {{user_token}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941803+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-908d0d93", - "title": "[OWASP-API5] POST /api/admin/webhooks/:id/test — function-level authorization missing", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api5-function-level-auth" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "POST /api/admin/webhooks/:id/test", - "rationale": "Accessing a privileged endpoint with a regular user token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access privileged endpoint with regular user token", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks/:id/test", - "headers": { - "Authorization": "Bearer {{user_token}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941804+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-640109d2", - "title": "[OWASP-API5] DELETE /api/admin/grants/{id} — function-level authorization missing", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api5-function-level-auth" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "DELETE /api/admin/grants/{id}", - "rationale": "Accessing a privileged endpoint with a regular user token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access privileged endpoint with regular user token", - "type": "test", - "method": "DELETE", - "path": "/api/admin/grants/{id}", - "headers": { - "Authorization": "Bearer {{user_token}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941805+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-fbedb9f1", - "title": "[OWASP-API5] DELETE /api/tokens/{id} — function-level authorization missing", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api5-function-level-auth" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "DELETE /api/tokens/{id}", - "rationale": "Accessing a privileged endpoint with a regular user token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access privileged endpoint with regular user token", - "type": "test", - "method": "DELETE", - "path": "/api/tokens/{id}", - "headers": { - "Authorization": "Bearer {{user_token}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941805+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a2ef426c", - "title": "[OWASP-API5] GET /api/admin/webhooks — function-level authorization missing", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api5-function-level-auth" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "GET /api/admin/webhooks", - "rationale": "Accessing a privileged endpoint with a regular user token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access privileged endpoint with regular user token", - "type": "test", - "method": "GET", - "path": "/api/admin/webhooks", - "headers": { - "Authorization": "Bearer {{user_token}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941806+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d8d5bdac", - "title": "[OWASP-API5] POST /api/admin/webhooks — function-level authorization missing", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api5-function-level-auth" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "POST /api/admin/webhooks", - "rationale": "Accessing a privileged endpoint with a regular user token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access privileged endpoint with regular user token", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Authorization": "Bearer {{user_token}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941807+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-544e90d2", - "title": "[OWASP-API5] PUT /api/admin/services/{serviceId}/team — function-level authorization missing", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api5-function-level-auth" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "PUT /api/admin/services/{serviceId}/team", - "rationale": "Accessing a privileged endpoint with a regular user token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access privileged endpoint with regular user token", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Authorization": "Bearer {{user_token}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941808+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3724bb26", - "title": "[OWASP-API5] GET /api/admin/users — function-level authorization missing", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api5-function-level-auth" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "GET /api/admin/users", - "rationale": "Accessing a privileged endpoint with a regular user token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access privileged endpoint with regular user token", - "type": "test", - "method": "GET", - "path": "/api/admin/users", - "headers": { - "Authorization": "Bearer {{user_token}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941809+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-01a13cd8", - "title": "[OWASP-API5] DELETE /api/admin/webhooks/:id — function-level authorization missing", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api5-function-level-auth" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "DELETE /api/admin/webhooks/:id", - "rationale": "Accessing a privileged endpoint with a regular user token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access privileged endpoint with regular user token", - "type": "test", - "method": "DELETE", - "path": "/api/admin/webhooks/:id", - "headers": { - "Authorization": "Bearer {{user_token}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.94181+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6c16dac4", - "title": "[OWASP-API5] PATCH /api/admin/webhooks/:id — function-level authorization missing", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api5-function-level-auth" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "PATCH /api/admin/webhooks/:id", - "rationale": "Accessing a privileged endpoint with a regular user token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access privileged endpoint with regular user token", - "type": "test", - "method": "PATCH", - "path": "/api/admin/webhooks/:id", - "headers": { - "Authorization": "Bearer {{user_token}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941811+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b02abc71", - "title": "[OWASP-API5] GET /api/admin/audit-logs — function-level authorization missing", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api5-function-level-auth" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "GET /api/admin/audit-logs", - "rationale": "Accessing a privileged endpoint with a regular user token should return 403" - }, - "steps": [ - { - "id": "step-1", - "title": "access privileged endpoint with regular user token", - "type": "test", - "method": "GET", - "path": "/api/admin/audit-logs", - "headers": { - "Authorization": "Bearer {{user_token}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 403 - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941812+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e3ff3623", - "title": "[OWASP-API8] OPTIONS /api/catalog — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/catalog", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/catalog", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941814+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-dc211e18", - "title": "[OWASP-API8] OPTIONS /api/catalog/:serviceId — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/catalog/:serviceId", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/catalog/:serviceId", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941815+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6bbc18bd", - "title": "[OWASP-API8] OPTIONS /api/admin/teams/{id} — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/admin/teams/{id}", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/admin/teams/{id}", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941816+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-84a2058d", - "title": "[OWASP-API8] OPTIONS /api/admin/teams/{id}/services — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/admin/teams/{id}/services", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/admin/teams/{id}/services", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941817+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e0b5b44a", - "title": "[OWASP-API8] OPTIONS /api/admin/users/{id} — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/admin/users/{id}", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/admin/users/{id}", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.94182+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ad2f2f8a", - "title": "[OWASP-API8] OPTIONS /api/admin/teams — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/admin/teams", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/admin/teams", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941821+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b009aaa0", - "title": "[OWASP-API8] OPTIONS /api/tokens — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/tokens", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/tokens", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941822+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-86522697", - "title": "[OWASP-API8] OPTIONS /auth/logout — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /auth/logout", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/auth/logout", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941823+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-02ec7afc", - "title": "[OWASP-API8] OPTIONS /api/admin/teams/{id}/members — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/admin/teams/{id}/members", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/admin/teams/{id}/members", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941824+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ecd6daec", - "title": "[OWASP-API8] OPTIONS /api/specs/{service}/{branch}/openapi.json — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/specs/{service}/{branch}/openapi.json", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/specs/{service}/{branch}/openapi.json", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941825+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2f9039a1", - "title": "[OWASP-API8] OPTIONS /auth/register — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /auth/register", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/auth/register", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941826+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8d947b43", - "title": "[OWASP-API8] OPTIONS /api/me — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/me", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/me", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941827+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8b59e761", - "title": "[OWASP-API8] OPTIONS /api/admin/teams/{id}/grants — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/admin/teams/{id}/grants", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941828+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d622eda3", - "title": "[OWASP-API8] OPTIONS /api/specs/:service/versions — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/specs/:service/versions", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/specs/:service/versions", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941828+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-19ddcfe4", - "title": "[OWASP-API8] OPTIONS /api/admin/webhooks/:id/test — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/admin/webhooks/:id/test", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/admin/webhooks/:id/test", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.94183+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ff243297", - "title": "[OWASP-API8] OPTIONS /api/admin/grants/{id} — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/admin/grants/{id}", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/admin/grants/{id}", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941831+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ba604e45", - "title": "[OWASP-API8] OPTIONS /api/tokens/{id} — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/tokens/{id}", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/tokens/{id}", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941831+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3f16f7ab", - "title": "[OWASP-API8] OPTIONS /api/admin/webhooks — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/admin/webhooks", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/admin/webhooks", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941832+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-95a63795", - "title": "[OWASP-API8] OPTIONS /api/diff — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/diff", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/diff", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941834+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-09111fdc", - "title": "[OWASP-API8] OPTIONS /auth/login — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /auth/login", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/auth/login", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941835+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4b672517", - "title": "[OWASP-API8] OPTIONS /api/admin/services/{serviceId}/team — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/admin/services/{serviceId}/team", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/admin/services/{serviceId}/team", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941836+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-d0d06277", - "title": "[OWASP-API8] OPTIONS /api/admin/users — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/admin/users", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/admin/users", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941837+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-65631595", - "title": "[OWASP-API8] OPTIONS /api/upload — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/upload", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/upload", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941838+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-86b21409", - "title": "[OWASP-API8] OPTIONS /api/admin/teams/{id}/members/{userId} — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/admin/teams/{id}/members/{userId}", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/admin/teams/{id}/members/{userId}", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941839+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c34b22b5", - "title": "[OWASP-API8] OPTIONS /api/admin/webhooks/:id — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/admin/webhooks/:id", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/admin/webhooks/:id", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941841+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-744c12cf", - "title": "[OWASP-API8] OPTIONS /api/admin/audit-logs — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/admin/audit-logs", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/admin/audit-logs", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941842+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e799f553", - "title": "[OWASP-API8] OPTIONS /api/search — CORS security configuration", - "kind": "single", - "priority": "P0", - "tags": [ - "security", - "owasp", - "api8-cors" - ], - "source": { - "technique": "owasp_api_top10_spec", - "spec_path": "OPTIONS /api/search", - "rationale": "CORS response header Access-Control-Allow-Origin must not be *" - }, - "steps": [ - { - "id": "step-1", - "title": "OPTIONS preflight request", - "type": "test", - "method": "OPTIONS", - "path": "/api/search", - "headers": { - "Origin": "https://evil.example.com" - }, - "assertions": [ - { - "target": "header Access-Control-Allow-Origin", - "operator": "ne", - "expected": "*" - } - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941843+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4b81d9bb", - "title": "auth chain: GET /api/admin/audit-logs", - "kind": "chain", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "auth_chain", - "spec_path": "GET /api/admin/audit-logs", - "rationale": "authenticate via /api/tokens then call secured endpoint GET /api/admin/audit-logs" - }, - "steps": [ - { - "id": "step-auth", - "title": "authenticate via POST /api/tokens", - "type": "setup", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Jakob Jensen", - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "authToken", - "from": "jsonpath $.token" - } - ] - }, - { - "id": "step-test", - "title": "GET /api/admin/audit-logs with auth token", - "type": "test", - "method": "GET", - "path": "/api/admin/audit-logs", - "headers": { - "Authorization": "Bearer {{authToken}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-auth" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941912+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3977085e", - "title": "auth chain: GET /api/admin/teams", - "kind": "chain", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "auth_chain", - "spec_path": "GET /api/admin/teams", - "rationale": "authenticate via /api/tokens then call secured endpoint GET /api/admin/teams" - }, - "steps": [ - { - "id": "step-auth", - "title": "authenticate via POST /api/tokens", - "type": "setup", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Jakob Jensen", - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "authToken", - "from": "jsonpath $.token" - } - ] - }, - { - "id": "step-test", - "title": "GET /api/admin/teams with auth token", - "type": "test", - "method": "GET", - "path": "/api/admin/teams", - "headers": { - "Authorization": "Bearer {{authToken}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-auth" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941917+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e4ef12fa", - "title": "auth chain: GET /api/admin/users", - "kind": "chain", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "auth_chain", - "spec_path": "GET /api/admin/users", - "rationale": "authenticate via /api/tokens then call secured endpoint GET /api/admin/users" - }, - "steps": [ - { - "id": "step-auth", - "title": "authenticate via POST /api/tokens", - "type": "setup", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Jakob Jensen", - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "authToken", - "from": "jsonpath $.token" - } - ] - }, - { - "id": "step-test", - "title": "GET /api/admin/users with auth token", - "type": "test", - "method": "GET", - "path": "/api/admin/users", - "headers": { - "Authorization": "Bearer {{authToken}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-auth" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941918+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c741d9e1", - "title": "auth chain: GET /api/admin/webhooks", - "kind": "chain", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "auth_chain", - "spec_path": "GET /api/admin/webhooks", - "rationale": "authenticate via /api/tokens then call secured endpoint GET /api/admin/webhooks" - }, - "steps": [ - { - "id": "step-auth", - "title": "authenticate via POST /api/tokens", - "type": "setup", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Jakob Jensen", - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "authToken", - "from": "jsonpath $.token" - } - ] - }, - { - "id": "step-test", - "title": "GET /api/admin/webhooks with auth token", - "type": "test", - "method": "GET", - "path": "/api/admin/webhooks", - "headers": { - "Authorization": "Bearer {{authToken}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-auth" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.94192+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-bde6cda3", - "title": "auth chain: GET /api/catalog", - "kind": "chain", - "priority": "P1", - "tags": [ - "Catalog" - ], - "source": { - "technique": "auth_chain", - "spec_path": "GET /api/catalog", - "rationale": "authenticate via /api/tokens then call secured endpoint GET /api/catalog" - }, - "steps": [ - { - "id": "step-auth", - "title": "authenticate via POST /api/tokens", - "type": "setup", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Jakob Jensen", - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "authToken", - "from": "jsonpath $.token" - } - ] - }, - { - "id": "step-test", - "title": "GET /api/catalog with auth token", - "type": "test", - "method": "GET", - "path": "/api/catalog", - "headers": { - "Authorization": "Bearer {{authToken}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-auth" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941921+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6af54553", - "title": "auth chain: GET /api/diff", - "kind": "chain", - "priority": "P1", - "tags": [ - "Specs" - ], - "source": { - "technique": "auth_chain", - "spec_path": "GET /api/diff", - "rationale": "authenticate via /api/tokens then call secured endpoint GET /api/diff" - }, - "steps": [ - { - "id": "step-auth", - "title": "authenticate via POST /api/tokens", - "type": "setup", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Jakob Jensen", - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "authToken", - "from": "jsonpath $.token" - } - ] - }, - { - "id": "step-test", - "title": "GET /api/diff with auth token", - "type": "test", - "method": "GET", - "path": "/api/diff", - "headers": { - "Authorization": "Bearer {{authToken}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-auth" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941923+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-646f48bb", - "title": "auth chain: GET /api/me", - "kind": "chain", - "priority": "P1", - "tags": [ - "Auth" - ], - "source": { - "technique": "auth_chain", - "spec_path": "GET /api/me", - "rationale": "authenticate via /api/tokens then call secured endpoint GET /api/me" - }, - "steps": [ - { - "id": "step-auth", - "title": "authenticate via POST /api/tokens", - "type": "setup", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Jakob Jensen", - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "authToken", - "from": "jsonpath $.token" - } - ] - }, - { - "id": "step-test", - "title": "GET /api/me with auth token", - "type": "test", - "method": "GET", - "path": "/api/me", - "headers": { - "Authorization": "Bearer {{authToken}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-auth" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941924+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e66b7d53", - "title": "auth chain: GET /api/search", - "kind": "chain", - "priority": "P1", - "tags": [ - "Search" - ], - "source": { - "technique": "auth_chain", - "spec_path": "GET /api/search", - "rationale": "authenticate via /api/tokens then call secured endpoint GET /api/search" - }, - "steps": [ - { - "id": "step-auth", - "title": "authenticate via POST /api/tokens", - "type": "setup", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Jakob Jensen", - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "authToken", - "from": "jsonpath $.token" - } - ] - }, - { - "id": "step-test", - "title": "GET /api/search with auth token", - "type": "test", - "method": "GET", - "path": "/api/search", - "headers": { - "Authorization": "Bearer {{authToken}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-auth" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941925+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-9d529cfb", - "title": "auth chain: GET /api/tokens", - "kind": "chain", - "priority": "P1", - "tags": [ - "MCP Tokens" - ], - "source": { - "technique": "auth_chain", - "spec_path": "GET /api/tokens", - "rationale": "authenticate via /api/tokens then call secured endpoint GET /api/tokens" - }, - "steps": [ - { - "id": "step-auth", - "title": "authenticate via POST /api/tokens", - "type": "setup", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Jakob Jensen", - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "authToken", - "from": "jsonpath $.token" - } - ] - }, - { - "id": "step-test", - "title": "GET /api/tokens with auth token", - "type": "test", - "method": "GET", - "path": "/api/tokens", - "headers": { - "Authorization": "Bearer {{authToken}}" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-auth" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941927+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4c68c418", - "title": "auth chain: POST /api/admin/teams", - "kind": "chain", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "auth_chain", - "spec_path": "POST /api/admin/teams", - "rationale": "authenticate via /api/tokens then call secured endpoint POST /api/admin/teams" - }, - "steps": [ - { - "id": "step-auth", - "title": "authenticate via POST /api/tokens", - "type": "setup", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Jakob Jensen", - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "authToken", - "from": "jsonpath $.token" - } - ] - }, - { - "id": "step-test", - "title": "POST /api/admin/teams with auth token", - "type": "test", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Authorization": "Bearer {{authToken}}", - "Content-Type": "application/json" - }, - "body": { - "description": "The government should confusing.", - "displayName": "yours", - "name": "Lee Burton" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-auth" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941938+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f4c0b7fc", - "title": "auth chain: POST /api/admin/webhooks", - "kind": "chain", - "priority": "P1", - "tags": [ - "Admin" - ], - "source": { - "technique": "auth_chain", - "spec_path": "POST /api/admin/webhooks", - "rationale": "authenticate via /api/tokens then call secured endpoint POST /api/admin/webhooks" - }, - "steps": [ - { - "id": "step-auth", - "title": "authenticate via POST /api/tokens", - "type": "setup", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Jakob Jensen", - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "authToken", - "from": "jsonpath $.token" - } - ] - }, - { - "id": "step-test", - "title": "POST /api/admin/webhooks with auth token", - "type": "test", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Authorization": "Bearer {{authToken}}", - "Content-Type": "application/json" - }, - "body": { - "events": [ - "where" - ], - "name": "Lilla Henderson", - "providerType": "shirt", - "teamId": "1e74395d-96d5-4632-bff5-1db94dfc9c0c", - "url": "http://www.brandengage.info/out-of-the-box/end-to-end/engineer/visualize" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-auth" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941944+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-c60cf805", - "title": "auth chain: POST /api/upload", - "kind": "chain", - "priority": "P1", - "tags": [ - "Upload" - ], - "source": { - "technique": "auth_chain", - "spec_path": "POST /api/upload", - "rationale": "authenticate via /api/tokens then call secured endpoint POST /api/upload" - }, - "steps": [ - { - "id": "step-auth", - "title": "authenticate via POST /api/tokens", - "type": "setup", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Jakob Jensen", - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "authToken", - "from": "jsonpath $.token" - } - ] - }, - { - "id": "step-test", - "title": "POST /api/upload with auth token", - "type": "test", - "method": "POST", - "path": "/api/upload", - "headers": { - "Authorization": "Bearer {{authToken}}", - "Content-Type": "application/json" - }, - "body": { - "branch": "they", - "commitSha": "sometimes", - "service": "Darwinian", - "specContent": "i.e." - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-auth" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941948+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-46922b8d", - "title": "auth chain: POST /auth/register", - "kind": "chain", - "priority": "P1", - "tags": [ - "Auth" - ], - "source": { - "technique": "auth_chain", - "spec_path": "POST /auth/register", - "rationale": "authenticate via /api/tokens then call secured endpoint POST /auth/register" - }, - "steps": [ - { - "id": "step-auth", - "title": "authenticate via POST /api/tokens", - "type": "setup", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Jakob Jensen", - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "authToken", - "from": "jsonpath $.token" - } - ] - }, - { - "id": "step-test", - "title": "POST /auth/register with auth token", - "type": "test", - "method": "POST", - "path": "/auth/register", - "headers": { - "Authorization": "Bearer {{authToken}}", - "Content-Type": "application/json" - }, - "body": { - "email": "edbarber@reyes.name", - "password": "nest" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 200 - }, - { - "target": "duration_ms", - "operator": "lt", - "expected": 2000 - } - ], - "depends_on": [ - "step-auth" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.941954+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-fae601d3", - "title": "sequence chain: /api/admin/teams/{id}/grants → DELETE /api/admin/grants/{id}", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/teams/{id}/grants", - "rationale": "field-similarity chain (score 1.00): /api/admin/teams/{id}/grants → /api/admin/grants/{id} param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/teams/{id}/grants", - "type": "setup", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "in" - ], - "expiresAt": "1934-04-27T17:54:54Z", - "granteeTeamId": "ef7ba0e3-e654-4cbe-a8db-7d80ae34554a", - "granteeUserId": "6b8cf351-2a07-4e9b-af8d-93adadf31af4", - "serviceId": "4af3c971-e3ff-4038-8eec-7562f600ef7e" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via DELETE /api/admin/grants/{id}", - "type": "test", - "method": "DELETE", - "path": "/api/admin/grants/{{id}}", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942181+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1e93f696", - "title": "sequence chain: /api/admin/teams/{id}/grants → DELETE /api/admin/users/{id}", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/teams/{id}/grants", - "rationale": "field-similarity chain (score 1.00): /api/admin/teams/{id}/grants → /api/admin/users/{id} param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/teams/{id}/grants", - "type": "setup", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "next" - ], - "expiresAt": "1953-08-22T03:36:54Z", - "granteeTeamId": "4ec6231f-137f-4153-97d0-8c43294d0bd2", - "granteeUserId": "94e4e393-307c-46af-870b-f6f1a737e66b", - "serviceId": "67af3e57-44c9-4422-ae15-53de1e10b9a7" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via DELETE /api/admin/users/{id}", - "type": "test", - "method": "DELETE", - "path": "/api/admin/users/{{id}}", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942186+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-7710bdae", - "title": "sequence chain: /api/admin/teams/{id}/grants → GET /api/admin/teams/{id}/members", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/teams/{id}/grants", - "rationale": "field-similarity chain (score 1.00): /api/admin/teams/{id}/grants → /api/admin/teams/{id}/members param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/teams/{id}/grants", - "type": "setup", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "place" - ], - "expiresAt": "1973-01-05T11:42:04Z", - "granteeTeamId": "58c7d788-061b-4021-9e8c-01942f155464", - "granteeUserId": "1b70dc76-c2d3-4e62-9f5d-22c8319dc0a2", - "serviceId": "a31b4938-a01f-4bc1-80fe-f165a18d784e" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via GET /api/admin/teams/{id}/members", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{{id}}/members", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.94219+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-fd7cb142", - "title": "sequence chain: /api/admin/teams/{id}/grants → GET /api/admin/teams/{id}/services", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/teams/{id}/grants", - "rationale": "field-similarity chain (score 1.00): /api/admin/teams/{id}/grants → /api/admin/teams/{id}/services param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/teams/{id}/grants", - "type": "setup", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "nightly" - ], - "expiresAt": "2014-07-24T15:17:10Z", - "granteeTeamId": "da38f17d-bcba-48c6-b1e9-2b8c5c84b849", - "granteeUserId": "a204f443-d1b0-4bfc-803a-4c17ae6cc61d", - "serviceId": "ce438324-485f-4319-9bd6-11c6d9721984" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via GET /api/admin/teams/{id}/services", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{{id}}/services", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942194+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-136f3cd3", - "title": "sequence chain: /api/admin/teams/{id}/grants → POST /api/admin/teams/{id}/members", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/teams/{id}/grants", - "rationale": "field-similarity chain (score 1.00): /api/admin/teams/{id}/grants → /api/admin/teams/{id}/members param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/teams/{id}/grants", - "type": "setup", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "wow" - ], - "expiresAt": "1972-07-06T21:33:45Z", - "granteeTeamId": "b14431ac-e726-45f0-93de-31b938772976", - "granteeUserId": "4d5d2551-5245-4b9f-96e5-0b702e93eff2", - "serviceId": "fa586d52-80ed-493e-8e6d-6047b31e41fa" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via POST /api/admin/teams/{id}/members", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{{id}}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "member", - "userId": "1dd37e1e-0598-4a14-9118-1e52865101d3" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942202+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-cafaccf6", - "title": "sequence chain: /api/admin/teams/{id}/grants → PUT /api/admin/services/{serviceId}/team", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/teams/{id}/grants", - "rationale": "field-similarity chain (score 0.50): /api/admin/teams/{id}/grants → /api/admin/services/{serviceId}/team param serviceId", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/teams/{id}/grants", - "type": "setup", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "am" - ], - "expiresAt": "1930-06-02T07:33:10Z", - "granteeTeamId": "6eb082a3-7a81-4673-b080-6f876150d238", - "granteeUserId": "9c8b45fd-f191-4a4d-80fd-b8dad10d176a", - "serviceId": "d078acf6-4a9a-463a-9632-1d93b5a7ecfa" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "serviceId", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via PUT /api/admin/services/{serviceId}/team", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{{serviceId}}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "teamId": "ef302aa8-fd8d-4fd6-9798-6d57d88f7ac6" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942207+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-636e3912", - "title": "sequence chain: /api/admin/teams/{id}/grants → PUT /api/admin/users/{id}", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/teams/{id}/grants", - "rationale": "field-similarity chain (score 1.00): /api/admin/teams/{id}/grants → /api/admin/users/{id} param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/teams/{id}/grants", - "type": "setup", - "method": "POST", - "path": "/api/admin/teams/{id}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "half" - ], - "expiresAt": "1911-12-23T17:30:07Z", - "granteeTeamId": "e275d7a1-f1f0-449b-9962-e43b92698249", - "granteeUserId": "5a22025f-d28e-4434-9b1d-93bf353fbdb9", - "serviceId": "71bbc723-acdf-4be2-b56f-e471f9077cc5" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via PUT /api/admin/users/{id}", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{{id}}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": true, - "role": "team_member" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942211+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-70b060a1", - "title": "sequence chain: /api/admin/teams → DELETE /api/admin/grants/{id}", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/teams", - "rationale": "field-similarity chain (score 1.00): /api/admin/teams → /api/admin/grants/{id} param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/teams", - "type": "setup", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Ours child be ready for irritation.", - "displayName": "daily", - "name": "Cordell Marshall" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via DELETE /api/admin/grants/{id}", - "type": "test", - "method": "DELETE", - "path": "/api/admin/grants/{{id}}", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942218+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f0f67b06", - "title": "sequence chain: /api/admin/teams → DELETE /api/admin/users/{id}", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/teams", - "rationale": "field-similarity chain (score 1.00): /api/admin/teams → /api/admin/users/{id} param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/teams", - "type": "setup", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Invite review for the group in Birmingham.", - "displayName": "eventually", - "name": "Robyn Williams" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via DELETE /api/admin/users/{id}", - "type": "test", - "method": "DELETE", - "path": "/api/admin/users/{{id}}", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942222+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-6aeda09f", - "title": "sequence chain: /api/admin/teams → GET /api/admin/teams/{id}/grants", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/teams", - "rationale": "field-similarity chain (score 1.00): /api/admin/teams → /api/admin/teams/{id}/grants param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/teams", - "type": "setup", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "They ski patiently to stabilize the year.", - "displayName": "fiercely", - "name": "Cassandra Robbins" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via GET /api/admin/teams/{id}/grants", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{{id}}/grants", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.94223+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-0cb6ef87", - "title": "sequence chain: /api/admin/teams → GET /api/admin/teams/{id}/members", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/teams", - "rationale": "field-similarity chain (score 1.00): /api/admin/teams → /api/admin/teams/{id}/members param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/teams", - "type": "setup", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Mind the hand, then celebrate!", - "displayName": "ride", - "name": "Dolores Grady" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via GET /api/admin/teams/{id}/members", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{{id}}/members", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942233+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3642a068", - "title": "sequence chain: /api/admin/teams → GET /api/admin/teams/{id}/services", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/teams", - "rationale": "field-similarity chain (score 1.00): /api/admin/teams → /api/admin/teams/{id}/services param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/teams", - "type": "setup", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Track problem over time weekly.", - "displayName": "of", - "name": "Owen Perez" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via GET /api/admin/teams/{id}/services", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{{id}}/services", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942237+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1b66938a", - "title": "sequence chain: /api/admin/teams → POST /api/admin/teams/{id}/grants", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/teams", - "rationale": "field-similarity chain (score 1.00): /api/admin/teams → /api/admin/teams/{id}/grants param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/teams", - "type": "setup", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Evenings in Oakland invite quieter man.", - "displayName": "which", - "name": "Clifton Shields" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via POST /api/admin/teams/{id}/grants", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{{id}}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "it" - ], - "expiresAt": "2001-12-10T08:50:19Z", - "granteeTeamId": "722fd61c-8b80-44f6-9e81-c9c8550ab73d", - "granteeUserId": "a1efd1eb-3a36-4f78-85fb-7edd1d4af481", - "serviceId": "2a7ed0b1-582d-4271-9b40-91828aded5f0" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942244+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-210690e6", - "title": "sequence chain: /api/admin/teams → POST /api/admin/teams/{id}/members", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/teams", - "rationale": "field-similarity chain (score 1.00): /api/admin/teams → /api/admin/teams/{id}/members param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/teams", - "type": "setup", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Weekends reserve time for Animation and fact.", - "displayName": "today", - "name": "Jeffrey Lyons" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via POST /api/admin/teams/{id}/members", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{{id}}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "owner", - "userId": "45f53f9f-487d-4010-8fff-c2d438433278" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.94225+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8cbdf061", - "title": "sequence chain: /api/admin/teams → PUT /api/admin/services/{serviceId}/team", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/teams", - "rationale": "field-similarity chain (score 0.50): /api/admin/teams → /api/admin/services/{serviceId}/team param serviceId", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/teams", - "type": "setup", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Optimize company for light clarity.", - "displayName": "many", - "name": "Christina Patterson" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "serviceId", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via PUT /api/admin/services/{serviceId}/team", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{{serviceId}}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "teamId": "40d2db88-109b-49a0-8983-e2740333822a" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942255+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2d5ea99d", - "title": "sequence chain: /api/admin/teams → PUT /api/admin/users/{id}", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/teams", - "rationale": "field-similarity chain (score 1.00): /api/admin/teams → /api/admin/users/{id} param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/teams", - "type": "setup", - "method": "POST", - "path": "/api/admin/teams", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "description": "Stage number behind feature flags.", - "displayName": "sew", - "name": "Stanley Purdy" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via PUT /api/admin/users/{id}", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{{id}}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": false, - "role": "super_admin" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942259+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8ef3fbbb", - "title": "sequence chain: /api/admin/webhooks → DELETE /api/admin/grants/{id}", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/webhooks", - "rationale": "field-similarity chain (score 1.00): /api/admin/webhooks → /api/admin/grants/{id} param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/webhooks", - "type": "setup", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "today" - ], - "name": "Abe Collier", - "providerType": "listen", - "teamId": "7fae1382-a4cd-4c6d-9387-4f7b3c489c4e", - "url": "https://www.staffclicks-and-mortar.biz/monetize/monetize/initiatives" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via DELETE /api/admin/grants/{id}", - "type": "test", - "method": "DELETE", - "path": "/api/admin/grants/{{id}}", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942264+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-763b85b6", - "title": "sequence chain: /api/admin/webhooks → DELETE /api/admin/users/{id}", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/webhooks", - "rationale": "field-similarity chain (score 1.00): /api/admin/webhooks → /api/admin/users/{id} param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/webhooks", - "type": "setup", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "other" - ], - "name": "Payton Yang", - "providerType": "anyone", - "teamId": "e7136d75-172b-46d0-8e7e-838fb2a645b4", - "url": "http://www.investorarchitectures.com/viral/real-time" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via DELETE /api/admin/users/{id}", - "type": "test", - "method": "DELETE", - "path": "/api/admin/users/{{id}}", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942268+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-83289d9f", - "title": "sequence chain: /api/admin/webhooks → GET /api/admin/teams/{id}/grants", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/webhooks", - "rationale": "field-similarity chain (score 1.00): /api/admin/webhooks → /api/admin/teams/{id}/grants param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/webhooks", - "type": "setup", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "yourself" - ], - "name": "Janis Santos", - "providerType": "owing", - "teamId": "f1f952e5-15e9-4e13-9296-ebf46b9a6f04", - "url": "http://www.corporateproductize.org/vortals" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via GET /api/admin/teams/{id}/grants", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{{id}}/grants", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942273+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-969a9fae", - "title": "sequence chain: /api/admin/webhooks → GET /api/admin/teams/{id}/members", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/webhooks", - "rationale": "field-similarity chain (score 1.00): /api/admin/webhooks → /api/admin/teams/{id}/members param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/webhooks", - "type": "setup", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "another" - ], - "name": "Roxanne Barber", - "providerType": "well", - "teamId": "360fddbd-2bf8-4533-b759-353946ddb3bb", - "url": "https://www.corporateimplement.net/recontextualize/extensible/leading-edge" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via GET /api/admin/teams/{id}/members", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{{id}}/members", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942278+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ce956549", - "title": "sequence chain: /api/admin/webhooks → GET /api/admin/teams/{id}/services", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/webhooks", - "rationale": "field-similarity chain (score 1.00): /api/admin/webhooks → /api/admin/teams/{id}/services param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/webhooks", - "type": "setup", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "does" - ], - "name": "Joanne Peterson", - "providerType": "extremely", - "teamId": "85472ea1-82f2-4e21-8559-2c86837acb46", - "url": "http://www.nationalroi.io/integrated/integrated/target/action-items" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via GET /api/admin/teams/{id}/services", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{{id}}/services", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942282+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-02ba968a", - "title": "sequence chain: /api/admin/webhooks → POST /api/admin/teams/{id}/grants", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/webhooks", - "rationale": "field-similarity chain (score 1.00): /api/admin/webhooks → /api/admin/teams/{id}/grants param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/webhooks", - "type": "setup", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "him" - ], - "name": "Cayla Rosenbaum", - "providerType": "ours", - "teamId": "ccd3929e-a106-4df3-8d31-66697e80dbe3", - "url": "https://www.seniore-enable.name/synergies/end-to-end/integrate/e-tailers" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via POST /api/admin/teams/{id}/grants", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{{id}}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "i.e." - ], - "expiresAt": "2011-10-23T02:54:47Z", - "granteeTeamId": "d189b00e-5719-4cc5-b97a-a00f62029da1", - "granteeUserId": "77c00823-081e-4450-9ea4-1bd04aabfdee", - "serviceId": "433f7b49-b2b9-485d-a48e-d48715ed6be5" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942289+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-393f686a", - "title": "sequence chain: /api/admin/webhooks → POST /api/admin/teams/{id}/members", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/webhooks", - "rationale": "field-similarity chain (score 1.00): /api/admin/webhooks → /api/admin/teams/{id}/members param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/webhooks", - "type": "setup", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "outside" - ], - "name": "Marlene Jacobs", - "providerType": "for", - "teamId": "c8d6d6a7-3cc6-4d33-b8b1-b6c03d928bf7", - "url": "http://www.internalbrand.info/impactful/transform/web-enabled/e-commerce" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via POST /api/admin/teams/{id}/members", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{{id}}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "member", - "userId": "6dc4ae45-29b7-456d-b346-b29b27cb5494" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942297+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-256209eb", - "title": "sequence chain: /api/admin/webhooks → PUT /api/admin/services/{serviceId}/team", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/webhooks", - "rationale": "field-similarity chain (score 0.50): /api/admin/webhooks → /api/admin/services/{serviceId}/team param serviceId", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/webhooks", - "type": "setup", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "throughout" - ], - "name": "Pablo Hoffman", - "providerType": "barely", - "teamId": "cc3b8d87-6c30-464d-a451-ec70a317a56a", - "url": "http://www.futuresynergize.org/evolve" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "serviceId", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via PUT /api/admin/services/{serviceId}/team", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{{serviceId}}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "teamId": "fbaecfc9-d46e-4518-8fc8-3534e881b114" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942302+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-88a6983e", - "title": "sequence chain: /api/admin/webhooks → PUT /api/admin/users/{id}", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/admin/webhooks", - "rationale": "field-similarity chain (score 1.00): /api/admin/webhooks → /api/admin/users/{id} param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/admin/webhooks", - "type": "setup", - "method": "POST", - "path": "/api/admin/webhooks", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "events": [ - "only" - ], - "name": "Dawson Matthews", - "providerType": "that", - "teamId": "7c2b8aba-98b4-477e-b7fe-f53f6306f514", - "url": "http://www.financecultivate.com/envisioneer/enable/synergies/strategize" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via PUT /api/admin/users/{id}", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{{id}}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": false, - "role": "super_admin" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942307+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-e1324ddf", - "title": "sequence chain: /api/tokens → DELETE /api/admin/grants/{id}", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/tokens", - "rationale": "field-similarity chain (score 1.00): /api/tokens → /api/admin/grants/{id} param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/tokens", - "type": "setup", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Bernardo Auer", - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via DELETE /api/admin/grants/{id}", - "type": "test", - "method": "DELETE", - "path": "/api/admin/grants/{{id}}", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942311+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-60268ad8", - "title": "sequence chain: /api/tokens → DELETE /api/admin/users/{id}", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/tokens", - "rationale": "field-similarity chain (score 1.00): /api/tokens → /api/admin/users/{id} param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/tokens", - "type": "setup", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Rafael Hopkins", - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via DELETE /api/admin/users/{id}", - "type": "test", - "method": "DELETE", - "path": "/api/admin/users/{{id}}", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942314+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f107e18d", - "title": "sequence chain: /api/tokens → GET /api/admin/teams/{id}/grants", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/tokens", - "rationale": "field-similarity chain (score 1.00): /api/tokens → /api/admin/teams/{id}/grants param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/tokens", - "type": "setup", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Janie Stone", - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via GET /api/admin/teams/{id}/grants", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{{id}}/grants", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942316+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-90e7f90e", - "title": "sequence chain: /api/tokens → GET /api/admin/teams/{id}/members", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/tokens", - "rationale": "field-similarity chain (score 1.00): /api/tokens → /api/admin/teams/{id}/members param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/tokens", - "type": "setup", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Brett Bird", - "scope": "read" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via GET /api/admin/teams/{id}/members", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{{id}}/members", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942318+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-bda7e5b2", - "title": "sequence chain: /api/tokens → GET /api/admin/teams/{id}/services", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/tokens", - "rationale": "field-similarity chain (score 1.00): /api/tokens → /api/admin/teams/{id}/services param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/tokens", - "type": "setup", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Bernadine Murray", - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via GET /api/admin/teams/{id}/services", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{{id}}/services", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.94232+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ba99a719", - "title": "sequence chain: /api/tokens → POST /api/admin/teams/{id}/grants", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/tokens", - "rationale": "field-similarity chain (score 1.00): /api/tokens → /api/admin/teams/{id}/grants param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/tokens", - "type": "setup", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Aric Carpenter", - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via POST /api/admin/teams/{id}/grants", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{{id}}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "consequence" - ], - "expiresAt": "1923-07-31T23:48:34Z", - "granteeTeamId": "951d9915-63f4-46d3-b5d5-8b170b457b9e", - "granteeUserId": "bbc3acfe-6b9e-4c9c-bf24-b4d09f78276d", - "serviceId": "47af9d4e-ddf7-4f73-8a33-2c60da4c1f72" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942325+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-714b8b84", - "title": "sequence chain: /api/tokens → POST /api/admin/teams/{id}/members", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/tokens", - "rationale": "field-similarity chain (score 1.00): /api/tokens → /api/admin/teams/{id}/members param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/tokens", - "type": "setup", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Athena Fernandez", - "scope": "read" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via POST /api/admin/teams/{id}/members", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{{id}}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "member", - "userId": "02ef8546-0050-41de-be11-ab585b23ac54" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942329+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-110b6d72", - "title": "sequence chain: /api/tokens → PUT /api/admin/services/{serviceId}/team", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/tokens", - "rationale": "field-similarity chain (score 0.50): /api/tokens → /api/admin/services/{serviceId}/team param serviceId", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/tokens", - "type": "setup", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Diego Herman", - "scope": "read" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "serviceId", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via PUT /api/admin/services/{serviceId}/team", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{{serviceId}}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "teamId": "9e4f4d0e-d5d7-447e-830c-1c638616ddbf" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942332+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-3028e37b", - "title": "sequence chain: /api/tokens → PUT /api/admin/users/{id}", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/tokens", - "rationale": "field-similarity chain (score 1.00): /api/tokens → /api/admin/users/{id} param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/tokens", - "type": "setup", - "method": "POST", - "path": "/api/tokens", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "name": "Dante Kennedy", - "scope": "write" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.id" - } - ] - }, - { - "id": "step-test", - "title": "use via PUT /api/admin/users/{id}", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{{id}}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": true, - "role": "super_admin" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942335+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8c25506c", - "title": "sequence chain: /api/upload → GET /api/specs/{service}/{branch}/openapi.json", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/upload", - "rationale": "field-similarity chain (score 1.00): /api/upload → /api/specs/{service}/{branch}/openapi.json param service", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/upload", - "type": "setup", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "gift", - "commitSha": "host", - "service": "been", - "specContent": "time" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "service", - "from": "jsonpath $.service" - } - ] - }, - { - "id": "step-test", - "title": "use via GET /api/specs/{service}/{branch}/openapi.json", - "type": "test", - "method": "GET", - "path": "/api/specs/{{service}}/{branch}/openapi.json", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942342+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-f88dc931", - "title": "sequence chain: /api/upload → PUT /api/admin/services/{serviceId}/team", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/api/upload", - "rationale": "field-similarity chain (score 0.50): /api/upload → /api/admin/services/{serviceId}/team param serviceId", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /api/upload", - "type": "setup", - "method": "POST", - "path": "/api/upload", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branch": "someone", - "commitSha": "instead", - "service": "therefore", - "specContent": "yesterday" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "serviceId", - "from": "jsonpath $.service" - } - ] - }, - { - "id": "step-test", - "title": "use via PUT /api/admin/services/{serviceId}/team", - "type": "test", - "method": "PUT", - "path": "/api/admin/services/{{serviceId}}/team", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "teamId": "e76c96fd-19bb-41c3-a5a4-6720d313f439" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942347+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2db91768", - "title": "sequence chain: /auth/login → DELETE /api/admin/grants/{id}", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/auth/login", - "rationale": "field-similarity chain (score 0.50): /auth/login → /api/admin/grants/{id} param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /auth/login", - "type": "setup", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "elbertgibson@sanchez.biz", - "password": "which" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.userId" - } - ] - }, - { - "id": "step-test", - "title": "use via DELETE /api/admin/grants/{id}", - "type": "test", - "method": "DELETE", - "path": "/api/admin/grants/{{id}}", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.94235+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-8192e6ba", - "title": "sequence chain: /auth/login → DELETE /api/admin/users/{id}", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/auth/login", - "rationale": "field-similarity chain (score 0.50): /auth/login → /api/admin/users/{id} param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /auth/login", - "type": "setup", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "meaghanbailey@simpson.io", - "password": "whatever" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.userId" - } - ] - }, - { - "id": "step-test", - "title": "use via DELETE /api/admin/users/{id}", - "type": "test", - "method": "DELETE", - "path": "/api/admin/users/{{id}}", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942352+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4f853ed4", - "title": "sequence chain: /auth/login → GET /api/admin/teams/{id}/grants", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/auth/login", - "rationale": "field-similarity chain (score 0.50): /auth/login → /api/admin/teams/{id}/grants param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /auth/login", - "type": "setup", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "frankiewebb@davies.org", - "password": "for" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.userId" - } - ] - }, - { - "id": "step-test", - "title": "use via GET /api/admin/teams/{id}/grants", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{{id}}/grants", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942359+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-315cb6bf", - "title": "sequence chain: /auth/login → GET /api/admin/teams/{id}/members", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/auth/login", - "rationale": "field-similarity chain (score 0.50): /auth/login → /api/admin/teams/{id}/members param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /auth/login", - "type": "setup", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "manuelcasper@owen.net", - "password": "herself" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.userId" - } - ] - }, - { - "id": "step-test", - "title": "use via GET /api/admin/teams/{id}/members", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{{id}}/members", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942363+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ccf62dd8", - "title": "sequence chain: /auth/login → GET /api/admin/teams/{id}/services", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/auth/login", - "rationale": "field-similarity chain (score 0.50): /auth/login → /api/admin/teams/{id}/services param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /auth/login", - "type": "setup", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "chetbergstrom@carroll.org", - "password": "additionally" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.userId" - } - ] - }, - { - "id": "step-test", - "title": "use via GET /api/admin/teams/{id}/services", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{{id}}/services", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942365+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ba58927e", - "title": "sequence chain: /auth/login → POST /api/admin/teams/{id}/grants", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/auth/login", - "rationale": "field-similarity chain (score 0.50): /auth/login → /api/admin/teams/{id}/grants param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /auth/login", - "type": "setup", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "chaimbird@peters.info", - "password": "have" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.userId" - } - ] - }, - { - "id": "step-test", - "title": "use via POST /api/admin/teams/{id}/grants", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{{id}}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "anybody" - ], - "expiresAt": "1900-01-23T02:22:54Z", - "granteeTeamId": "2c916244-ec7b-46c4-8a46-75d8003b66f2", - "granteeUserId": "c582e301-b02e-418f-9960-f865b66da97f", - "serviceId": "eaa19ebb-002b-497c-a98a-0293aa5606ad" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.94237+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b9578186", - "title": "sequence chain: /auth/login → POST /api/admin/teams/{id}/members", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/auth/login", - "rationale": "field-similarity chain (score 0.50): /auth/login → /api/admin/teams/{id}/members param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /auth/login", - "type": "setup", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "dwightsummers@schuster.org", - "password": "model" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.userId" - } - ] - }, - { - "id": "step-test", - "title": "use via POST /api/admin/teams/{id}/members", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{{id}}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "owner", - "userId": "5f656700-5067-4ad1-8384-1fb850bc7bf2" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942374+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-4e754ff4", - "title": "sequence chain: /auth/login → PUT /api/admin/users/{id}", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/auth/login", - "rationale": "field-similarity chain (score 0.50): /auth/login → /api/admin/users/{id} param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /auth/login", - "type": "setup", - "method": "POST", - "path": "/auth/login", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "amparoknight@evans.biz", - "password": "always" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.userId" - } - ] - }, - { - "id": "step-test", - "title": "use via PUT /api/admin/users/{id}", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{{id}}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": true, - "role": "team_owner" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.94238+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-465a3cf5", - "title": "sequence chain: /auth/register → DELETE /api/admin/grants/{id}", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/auth/register", - "rationale": "field-similarity chain (score 0.50): /auth/register → /api/admin/grants/{id} param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /auth/register", - "type": "setup", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "hollybarker@garza.com", - "password": "who" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.userId" - } - ] - }, - { - "id": "step-test", - "title": "use via DELETE /api/admin/grants/{id}", - "type": "test", - "method": "DELETE", - "path": "/api/admin/grants/{{id}}", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942384+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b3bffa74", - "title": "sequence chain: /auth/register → DELETE /api/admin/users/{id}", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/auth/register", - "rationale": "field-similarity chain (score 0.50): /auth/register → /api/admin/users/{id} param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /auth/register", - "type": "setup", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "fannystevenson@daugherty.com", - "password": "way" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.userId" - } - ] - }, - { - "id": "step-test", - "title": "use via DELETE /api/admin/users/{id}", - "type": "test", - "method": "DELETE", - "path": "/api/admin/users/{{id}}", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942386+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-a05de11b", - "title": "sequence chain: /auth/register → GET /api/admin/teams/{id}/grants", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/auth/register", - "rationale": "field-similarity chain (score 0.50): /auth/register → /api/admin/teams/{id}/grants param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /auth/register", - "type": "setup", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "claramorales@barton.org", - "password": "tickle" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.userId" - } - ] - }, - { - "id": "step-test", - "title": "use via GET /api/admin/teams/{id}/grants", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{{id}}/grants", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942389+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-b5dca30c", - "title": "sequence chain: /auth/register → GET /api/admin/teams/{id}/members", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/auth/register", - "rationale": "field-similarity chain (score 0.50): /auth/register → /api/admin/teams/{id}/members param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /auth/register", - "type": "setup", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "greggburns@spencer.info", - "password": "motivation" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.userId" - } - ] - }, - { - "id": "step-test", - "title": "use via GET /api/admin/teams/{id}/members", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{{id}}/members", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942396+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-344df791", - "title": "sequence chain: /auth/register → GET /api/admin/teams/{id}/services", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/auth/register", - "rationale": "field-similarity chain (score 0.50): /auth/register → /api/admin/teams/{id}/services param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /auth/register", - "type": "setup", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "joshpalmer@blake.info", - "password": "wad" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.userId" - } - ] - }, - { - "id": "step-test", - "title": "use via GET /api/admin/teams/{id}/services", - "type": "test", - "method": "GET", - "path": "/api/admin/teams/{{id}}/services", - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942398+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-10533daf", - "title": "sequence chain: /auth/register → POST /api/admin/teams/{id}/grants", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/auth/register", - "rationale": "field-similarity chain (score 0.50): /auth/register → /api/admin/teams/{id}/grants param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /auth/register", - "type": "setup", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "chaunceyjacobi@white.com", - "password": "that" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.userId" - } - ] - }, - { - "id": "step-test", - "title": "use via POST /api/admin/teams/{id}/grants", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{{id}}/grants", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "branches": [ - "disregard" - ], - "expiresAt": "2003-09-24T09:23:31Z", - "granteeTeamId": "c727d010-3eb5-469f-93d2-a46ab145fcf5", - "granteeUserId": "9f6fa71f-b14f-4fe8-bd62-fe79743d34db", - "serviceId": "1f968d6d-ab6e-4d94-b8de-a0df2b4a5209" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942404+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-98e576b1", - "title": "sequence chain: /auth/register → POST /api/admin/teams/{id}/members", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/auth/register", - "rationale": "field-similarity chain (score 0.50): /auth/register → /api/admin/teams/{id}/members param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /auth/register", - "type": "setup", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "lukasvalencia@cummings.name", - "password": "couple" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.userId" - } - ] - }, - { - "id": "step-test", - "title": "use via POST /api/admin/teams/{id}/members", - "type": "test", - "method": "POST", - "path": "/api/admin/teams/{{id}}/members", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "role": "owner", - "userId": "204452b4-832e-4601-a227-8ecf3cc125ec" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942408+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-0c6076ab", - "title": "sequence chain: /auth/register → PUT /api/admin/users/{id}", - "kind": "chain", - "priority": "P1", - "tags": null, - "source": { - "technique": "chain_sequence", - "spec_path": "/auth/register", - "rationale": "field-similarity chain (score 0.50): /auth/register → /api/admin/users/{id} param id", - "scenario": "CHAIN_SEQUENCE" - }, - "steps": [ - { - "id": "step-setup", - "title": "create via POST /auth/register", - "type": "setup", - "method": "POST", - "path": "/auth/register", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "email": "sharonwright@dietrich.org", - "password": "it" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "captures": [ - { - "name": "id", - "from": "jsonpath $.userId" - } - ] - }, - { - "id": "step-test", - "title": "use via PUT /api/admin/users/{id}", - "type": "test", - "method": "PUT", - "path": "/api/admin/users/{{id}}", - "headers": { - "Content-Type": "application/json" - }, - "body": { - "isActive": false, - "role": "team_owner" - }, - "assertions": [ - { - "target": "status_code", - "operator": "lt", - "expected": 300 - } - ], - "depends_on": [ - "step-setup" - ] - } - ], - "generated_at": "2026-05-06T21:30:41.942411+08:00" - } - ] -} \ No newline at end of file diff --git a/cmd/cases/index.json b/cmd/cases/index.json deleted file mode 100644 index 3f0c1ec..0000000 --- a/cmd/cases/index.json +++ /dev/null @@ -1,270 +0,0 @@ -{ - "$schema": "https://caseforge.dev/schema/v1/index.json", - "version": "1", - "generated_at": "2026-05-06T21:53:17.49805+08:00", - "meta": { - "caseforge_version": "dev", - "by_technique": { - "ask": 6 - }, - "by_priority": { - "P0": 1, - "P1": 4, - "P2": 1 - }, - "by_kind": { - "chain": 1, - "single": 5 - } - }, - "test_cases": [ - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-1bc07161", - "title": "Create user with valid data", - "kind": "single", - "priority": "P0", - "tags": [ - "happy-path", - "create" - ], - "source": { - "technique": "ask", - "spec_path": "", - "rationale": "POST /users - create user" - }, - "steps": [ - { - "id": "step-1", - "title": "POST new user with all required fields", - "type": "test", - "method": "POST", - "path": "/users", - "body": { - "email": "john.doe@example.com", - "name": "John Doe", - "password": "SecurePass123!" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 201 - } - ] - } - ], - "generated_at": "2026-05-06T21:53:17.498008+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-20f71db2", - "title": "Create user missing required name field", - "kind": "single", - "priority": "P1", - "tags": [ - "validation", - "error" - ], - "source": { - "technique": "ask", - "spec_path": "", - "rationale": "POST /users - create user" - }, - "steps": [ - { - "id": "step-1", - "title": "POST user without name", - "type": "test", - "method": "POST", - "path": "/users", - "body": { - "email": "missing.name@example.com", - "password": "SecurePass123!" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:53:17.49801+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-802bab4d", - "title": "Create user with invalid email format", - "kind": "single", - "priority": "P1", - "tags": [ - "validation", - "error" - ], - "source": { - "technique": "ask", - "spec_path": "", - "rationale": "POST /users - create user" - }, - "steps": [ - { - "id": "step-1", - "title": "POST user with malformed email", - "type": "test", - "method": "POST", - "path": "/users", - "body": { - "email": "not-an-email", - "name": "Jane Doe", - "password": "SecurePass123!" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:53:17.498011+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-2143a276", - "title": "Create user with duplicate email", - "kind": "chain", - "priority": "P1", - "tags": [ - "duplicate", - "error" - ], - "source": { - "technique": "ask", - "spec_path": "", - "rationale": "POST /users - create user" - }, - "steps": [ - { - "id": "step-1", - "title": "Create first user", - "type": "test", - "method": "POST", - "path": "/users", - "body": { - "email": "duplicate@example.com", - "name": "First User", - "password": "SecurePass123!" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 201 - } - ] - }, - { - "id": "step-2", - "title": "Attempt to create second user with same email", - "type": "test", - "method": "POST", - "path": "/users", - "body": { - "email": "duplicate@example.com", - "name": "Second User", - "password": "DifferentPass456!" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 409 - } - ] - } - ], - "generated_at": "2026-05-06T21:53:17.498011+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-ae7a9790", - "title": "Create user with empty request body", - "kind": "single", - "priority": "P1", - "tags": [ - "validation", - "error" - ], - "source": { - "technique": "ask", - "spec_path": "", - "rationale": "POST /users - create user" - }, - "steps": [ - { - "id": "step-1", - "title": "POST with empty body", - "type": "test", - "method": "POST", - "path": "/users", - "body": {}, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:53:17.498012+08:00" - }, - { - "$schema": "https://caseforge.dev/schema/v1/testcase.json", - "version": "1", - "id": "TC-61182975", - "title": "Create user with weak password", - "kind": "single", - "priority": "P2", - "tags": [ - "validation", - "security" - ], - "source": { - "technique": "ask", - "spec_path": "", - "rationale": "POST /users - create user" - }, - "steps": [ - { - "id": "step-1", - "title": "POST user with short password", - "type": "test", - "method": "POST", - "path": "/users", - "body": { - "email": "weakpass@example.com", - "name": "Weak Pass User", - "password": "123" - }, - "assertions": [ - { - "target": "status_code", - "operator": "eq", - "expected": 400 - } - ] - } - ], - "generated_at": "2026-05-06T21:53:17.498012+08:00" - } - ] -} \ No newline at end of file diff --git a/cmd/cases/users_post_create_and_retrieve_user_8a91cfff.hurl b/cmd/cases/users_post_create_and_retrieve_user_8a91cfff.hurl deleted file mode 100644 index 6a23ad4..0000000 --- a/cmd/cases/users_post_create_and_retrieve_user_8a91cfff.hurl +++ /dev/null @@ -1,32 +0,0 @@ -# ══════════════════════════════════════════════════ -# Create and retrieve user -# case_id=TC-8a91cfff -# case_name=Create and retrieve user -# case_kind=chain -# priority=P0 -# ══════════════════════════════════════════════════ - -# ── POST new user [test] ──────────────────── -# step_id=step-1 -# step_type=test -# title=POST new user - -POST {{base_url}}/users -```json -{ - "email": "jane.smith@example.com", - "name": "Jane Smith" -} -``` - -HTTP 201 - -# ── GET created user by ID [test] ─────────── -# step_id=step-2 -# step_type=test -# title=GET created user by ID - -GET {{base_url}}/users/1 - -HTTP 200 - diff --git a/cmd/cases/users_post_create_duplicate_user_62e19623.hurl b/cmd/cases/users_post_create_duplicate_user_62e19623.hurl deleted file mode 100644 index e48400f..0000000 --- a/cmd/cases/users_post_create_duplicate_user_62e19623.hurl +++ /dev/null @@ -1,40 +0,0 @@ -# ══════════════════════════════════════════════════ -# Create duplicate user -# case_id=TC-62e19623 -# case_name=Create duplicate user -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── Create first user [test] ──────────────── -# step_id=step-1 -# step_type=test -# title=Create first user - -POST {{base_url}}/users -```json -{ - "email": "jane.doe@example.com", - "name": "Jane Doe", - "password": "SecurePass123!" -} -``` - -HTTP 201 - -# ── Attempt to create duplicate user [test] ── -# step_id=step-2 -# step_type=test -# title=Attempt to create duplicate user - -POST {{base_url}}/users -```json -{ - "email": "jane.doe@example.com", - "name": "Jane Doe", - "password": "AnotherPass456!" -} -``` - -HTTP 409 - diff --git a/cmd/cases/users_post_create_duplicate_user_with_existing_email_7c11147b.hurl b/cmd/cases/users_post_create_duplicate_user_with_existing_email_7c11147b.hurl deleted file mode 100644 index c378547..0000000 --- a/cmd/cases/users_post_create_duplicate_user_with_existing_email_7c11147b.hurl +++ /dev/null @@ -1,40 +0,0 @@ -# ══════════════════════════════════════════════════ -# Create duplicate user with existing email -# case_id=TC-7c11147b -# case_name=Create duplicate user with existing email -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── POST first user [test] ────────────────── -# step_id=step-1 -# step_type=test -# title=POST first user - -POST {{base_url}}/users -```json -{ - "email": "duplicate@example.com", - "name": "Duplicate User", - "password": "SecurePass123!" -} -``` - -HTTP 201 - -# ── POST second user with same email [test] ── -# step_id=step-2 -# step_type=test -# title=POST second user with same email - -POST {{base_url}}/users -```json -{ - "email": "duplicate@example.com", - "name": "Another User", - "password": "DifferentPass456!" -} -``` - -HTTP 409 - diff --git a/cmd/cases/users_post_create_user_and_retrieve_it_f9ba7a73.hurl b/cmd/cases/users_post_create_user_and_retrieve_it_f9ba7a73.hurl deleted file mode 100644 index ffd3482..0000000 --- a/cmd/cases/users_post_create_user_and_retrieve_it_f9ba7a73.hurl +++ /dev/null @@ -1,33 +0,0 @@ -# ══════════════════════════════════════════════════ -# Create user and retrieve it -# case_id=TC-f9ba7a73 -# case_name=Create user and retrieve it -# case_kind=chain -# priority=P0 -# ══════════════════════════════════════════════════ - -# ── Create new user [test] ────────────────── -# step_id=step-1 -# step_type=test -# title=Create new user - -POST {{base_url}}/users -```json -{ - "email": "alice.smith@example.com", - "name": "Alice Smith", - "password": "SecurePass123!" -} -``` - -HTTP 201 - -# ── Retrieve created user [test] ──────────── -# step_id=step-2 -# step_type=test -# title=Retrieve created user - -GET {{base_url}}/users/1 - -HTTP 200 - diff --git a/cmd/cases/users_post_create_user_missing_required_fields_053ab84f.hurl b/cmd/cases/users_post_create_user_missing_required_fields_053ab84f.hurl deleted file mode 100644 index cf7aaeb..0000000 --- a/cmd/cases/users_post_create_user_missing_required_fields_053ab84f.hurl +++ /dev/null @@ -1,17 +0,0 @@ -# ── Create user missing required fields ───── -# case_id=TC-053ab84f -# case_name=Create user missing required fields -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "name": "John Doe" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_missing_required_fields_8b269035.hurl b/cmd/cases/users_post_create_user_missing_required_fields_8b269035.hurl deleted file mode 100644 index 9012158..0000000 --- a/cmd/cases/users_post_create_user_missing_required_fields_8b269035.hurl +++ /dev/null @@ -1,17 +0,0 @@ -# ── Create user missing required fields ───── -# case_id=TC-8b269035 -# case_name=Create user missing required fields -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "name": "Jane Doe" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_missing_required_fields_d374ddbf.hurl b/cmd/cases/users_post_create_user_missing_required_fields_d374ddbf.hurl deleted file mode 100644 index fa8e8c4..0000000 --- a/cmd/cases/users_post_create_user_missing_required_fields_d374ddbf.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── Create user missing required fields ───── -# case_id=TC-d374ddbf -# case_name=Create user missing required fields -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "name": "Jane Doe", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_missing_required_fields_e321037a.hurl b/cmd/cases/users_post_create_user_missing_required_fields_e321037a.hurl deleted file mode 100644 index e485fa3..0000000 --- a/cmd/cases/users_post_create_user_missing_required_fields_e321037a.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── Create user missing required fields ───── -# case_id=TC-e321037a -# case_name=Create user missing required fields -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "name": "Jane Doe", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_missing_required_name_field_20f71db2.hurl b/cmd/cases/users_post_create_user_missing_required_name_field_20f71db2.hurl deleted file mode 100644 index 93ca637..0000000 --- a/cmd/cases/users_post_create_user_missing_required_name_field_20f71db2.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── Create user missing required name field ── -# case_id=TC-20f71db2 -# case_name=Create user missing required name field -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "email": "missing.name@example.com", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_successfully_with_valid_data_6bdcfc62.hurl b/cmd/cases/users_post_create_user_successfully_with_valid_data_6bdcfc62.hurl deleted file mode 100644 index 9fc78c7..0000000 --- a/cmd/cases/users_post_create_user_successfully_with_valid_data_6bdcfc62.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user successfully with valid data ── -# case_id=TC-6bdcfc62 -# case_name=Create user successfully with valid data -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "email": "john.doe@example.com", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 201 - diff --git a/cmd/cases/users_post_create_user_successfully_with_valid_data_d6d2f9b6.hurl b/cmd/cases/users_post_create_user_successfully_with_valid_data_d6d2f9b6.hurl deleted file mode 100644 index 8a8006e..0000000 --- a/cmd/cases/users_post_create_user_successfully_with_valid_data_d6d2f9b6.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user successfully with valid data ── -# case_id=TC-d6d2f9b6 -# case_name=Create user successfully with valid data -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "email": "john.doe@example.com", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 201 - diff --git a/cmd/cases/users_post_create_user_successfully_with_valid_data_ed41be39.hurl b/cmd/cases/users_post_create_user_successfully_with_valid_data_ed41be39.hurl deleted file mode 100644 index 680d25d..0000000 --- a/cmd/cases/users_post_create_user_successfully_with_valid_data_ed41be39.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user successfully with valid data ── -# case_id=TC-ed41be39 -# case_name=Create user successfully with valid data -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "email": "john.doe@example.com", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 201 - diff --git a/cmd/cases/users_post_create_user_with_all_required_fields_ca607f38.hurl b/cmd/cases/users_post_create_user_with_all_required_fields_ca607f38.hurl deleted file mode 100644 index 26a6dae..0000000 --- a/cmd/cases/users_post_create_user_with_all_required_fields_ca607f38.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with all required fields ──── -# case_id=TC-ca607f38 -# case_name=Create user with all required fields -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "email": "john.doe@example.com", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 201 - diff --git a/cmd/cases/users_post_create_user_with_duplicate_email_0be9ec08.hurl b/cmd/cases/users_post_create_user_with_duplicate_email_0be9ec08.hurl deleted file mode 100644 index 78fb427..0000000 --- a/cmd/cases/users_post_create_user_with_duplicate_email_0be9ec08.hurl +++ /dev/null @@ -1,40 +0,0 @@ -# ══════════════════════════════════════════════════ -# Create user with duplicate email -# case_id=TC-0be9ec08 -# case_name=Create user with duplicate email -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── POST first user successfully [test] ───── -# step_id=step-1 -# step_type=test -# title=POST first user successfully - -POST {{base_url}}/users -```json -{ - "email": "alice@example.com", - "name": "Alice Johnson", - "password": "SecurePass123!" -} -``` - -HTTP 201 - -# ── POST second user with same email [test] ── -# step_id=step-2 -# step_type=test -# title=POST second user with same email - -POST {{base_url}}/users -```json -{ - "email": "alice@example.com", - "name": "Alice Smith", - "password": "DifferentPass456!" -} -``` - -HTTP 409 - diff --git a/cmd/cases/users_post_create_user_with_duplicate_email_14bec37e.hurl b/cmd/cases/users_post_create_user_with_duplicate_email_14bec37e.hurl deleted file mode 100644 index e0c447e..0000000 --- a/cmd/cases/users_post_create_user_with_duplicate_email_14bec37e.hurl +++ /dev/null @@ -1,40 +0,0 @@ -# ══════════════════════════════════════════════════ -# Create user with duplicate email -# case_id=TC-14bec37e -# case_name=Create user with duplicate email -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── POST first user [test] ────────────────── -# step_id=step-1 -# step_type=test -# title=POST first user - -POST {{base_url}}/users -```json -{ - "email": "alice@example.com", - "name": "Alice Johnson", - "password": "SecurePass123!" -} -``` - -HTTP 201 - -# ── POST second user with same email [test] ── -# step_id=step-2 -# step_type=test -# title=POST second user with same email - -POST {{base_url}}/users -```json -{ - "email": "alice@example.com", - "name": "Alice Duplicate", - "password": "AnotherPass456!" -} -``` - -HTTP 409 - diff --git a/cmd/cases/users_post_create_user_with_duplicate_email_16b5e1af.hurl b/cmd/cases/users_post_create_user_with_duplicate_email_16b5e1af.hurl deleted file mode 100644 index 90e217e..0000000 --- a/cmd/cases/users_post_create_user_with_duplicate_email_16b5e1af.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with duplicate email ──────── -# case_id=TC-16b5e1af -# case_name=Create user with duplicate email -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "email": "existing.user@example.com", - "name": "Jane Doe", - "password": "SecurePass123!" -} -``` - -HTTP 409 - diff --git a/cmd/cases/users_post_create_user_with_duplicate_email_2143a276.hurl b/cmd/cases/users_post_create_user_with_duplicate_email_2143a276.hurl deleted file mode 100644 index dd61193..0000000 --- a/cmd/cases/users_post_create_user_with_duplicate_email_2143a276.hurl +++ /dev/null @@ -1,40 +0,0 @@ -# ══════════════════════════════════════════════════ -# Create user with duplicate email -# case_id=TC-2143a276 -# case_name=Create user with duplicate email -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── Create first user [test] ──────────────── -# step_id=step-1 -# step_type=test -# title=Create first user - -POST {{base_url}}/users -```json -{ - "email": "duplicate@example.com", - "name": "First User", - "password": "SecurePass123!" -} -``` - -HTTP 201 - -# ── Attempt to create second user with same email [test] ── -# step_id=step-2 -# step_type=test -# title=Attempt to create second user with same email - -POST {{base_url}}/users -```json -{ - "email": "duplicate@example.com", - "name": "Second User", - "password": "DifferentPass456!" -} -``` - -HTTP 409 - diff --git a/cmd/cases/users_post_create_user_with_duplicate_email_4540500f.hurl b/cmd/cases/users_post_create_user_with_duplicate_email_4540500f.hurl deleted file mode 100644 index a0e7f8c..0000000 --- a/cmd/cases/users_post_create_user_with_duplicate_email_4540500f.hurl +++ /dev/null @@ -1,40 +0,0 @@ -# ══════════════════════════════════════════════════ -# Create user with duplicate email -# case_id=TC-4540500f -# case_name=Create user with duplicate email -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── Create first user [test] ──────────────── -# step_id=step-1 -# step_type=test -# title=Create first user - -POST {{base_url}}/users -```json -{ - "email": "alice@example.com", - "name": "Alice Johnson", - "password": "SecurePass123!" -} -``` - -HTTP 201 - -# ── Attempt to create second user with same email [test] ── -# step_id=step-2 -# step_type=test -# title=Attempt to create second user with same email - -POST {{base_url}}/users -```json -{ - "email": "alice@example.com", - "name": "Alice Smith", - "password": "DifferentPass456!" -} -``` - -HTTP 409 - diff --git a/cmd/cases/users_post_create_user_with_duplicate_email_847c5ec7.hurl b/cmd/cases/users_post_create_user_with_duplicate_email_847c5ec7.hurl deleted file mode 100644 index 4fc8df7..0000000 --- a/cmd/cases/users_post_create_user_with_duplicate_email_847c5ec7.hurl +++ /dev/null @@ -1,40 +0,0 @@ -# ══════════════════════════════════════════════════ -# Create user with duplicate email -# case_id=TC-847c5ec7 -# case_name=Create user with duplicate email -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── POST first user successfully [test] ───── -# step_id=step-1 -# step_type=test -# title=POST first user successfully - -POST {{base_url}}/users -```json -{ - "email": "duplicate@example.com", - "name": "Duplicate User", - "password": "Password123" -} -``` - -HTTP 201 - -# ── POST second user with same email [test] ── -# step_id=step-2 -# step_type=test -# title=POST second user with same email - -POST {{base_url}}/users -```json -{ - "email": "duplicate@example.com", - "name": "Another User", - "password": "DifferentPass456" -} -``` - -HTTP 409 - diff --git a/cmd/cases/users_post_create_user_with_duplicate_email_855ae92d.hurl b/cmd/cases/users_post_create_user_with_duplicate_email_855ae92d.hurl deleted file mode 100644 index b0f2219..0000000 --- a/cmd/cases/users_post_create_user_with_duplicate_email_855ae92d.hurl +++ /dev/null @@ -1,40 +0,0 @@ -# ══════════════════════════════════════════════════ -# Create user with duplicate email -# case_id=TC-855ae92d -# case_name=Create user with duplicate email -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── POST first user [test] ────────────────── -# step_id=step-1 -# step_type=test -# title=POST first user - -POST {{base_url}}/users -```json -{ - "email": "alice@example.com", - "name": "Alice Brown", - "password": "SecurePass123!" -} -``` - -HTTP 201 - -# ── POST second user with same email [test] ── -# step_id=step-2 -# step_type=test -# title=POST second user with same email - -POST {{base_url}}/users -```json -{ - "email": "alice@example.com", - "name": "Alice Duplicate", - "password": "AnotherPass456!" -} -``` - -HTTP 409 - diff --git a/cmd/cases/users_post_create_user_with_duplicate_email_d50aa5de.hurl b/cmd/cases/users_post_create_user_with_duplicate_email_d50aa5de.hurl deleted file mode 100644 index 8da5d6e..0000000 --- a/cmd/cases/users_post_create_user_with_duplicate_email_d50aa5de.hurl +++ /dev/null @@ -1,40 +0,0 @@ -# ══════════════════════════════════════════════════ -# Create user with duplicate email -# case_id=TC-d50aa5de -# case_name=Create user with duplicate email -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── POST first user [test] ────────────────── -# step_id=step-1 -# step_type=test -# title=POST first user - -POST {{base_url}}/users -```json -{ - "email": "jane.doe@example.com", - "name": "Jane Doe", - "password": "SecurePass123!" -} -``` - -HTTP 201 - -# ── POST second user with same email [test] ── -# step_id=step-2 -# step_type=test -# title=POST second user with same email - -POST {{base_url}}/users -```json -{ - "email": "jane.doe@example.com", - "name": "Jane Smith", - "password": "AnotherPass456!" -} -``` - -HTTP 409 - diff --git a/cmd/cases/users_post_create_user_with_duplicate_email_ec600d0b.hurl b/cmd/cases/users_post_create_user_with_duplicate_email_ec600d0b.hurl deleted file mode 100644 index 3898ee8..0000000 --- a/cmd/cases/users_post_create_user_with_duplicate_email_ec600d0b.hurl +++ /dev/null @@ -1,40 +0,0 @@ -# ══════════════════════════════════════════════════ -# Create user with duplicate email -# case_id=TC-ec600d0b -# case_name=Create user with duplicate email -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── POST first user [test] ────────────────── -# step_id=step-1 -# step_type=test -# title=POST first user - -POST {{base_url}}/users -```json -{ - "email": "alice.brown@example.com", - "name": "Alice Brown", - "password": "SecurePass123!" -} -``` - -HTTP 201 - -# ── POST second user with same email [test] ── -# step_id=step-2 -# step_type=test -# title=POST second user with same email - -POST {{base_url}}/users -```json -{ - "email": "alice.brown@example.com", - "name": "Alice Duplicate", - "password": "AnotherPass456!" -} -``` - -HTTP 409 - diff --git a/cmd/cases/users_post_create_user_with_empty_body_563fc76d.hurl b/cmd/cases/users_post_create_user_with_empty_body_563fc76d.hurl deleted file mode 100644 index 43e4b64a..0000000 --- a/cmd/cases/users_post_create_user_with_empty_body_563fc76d.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── Create user with empty body ───────────── -# case_id=TC-563fc76d -# case_name=Create user with empty body -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_empty_request_body_1f9b1832.hurl b/cmd/cases/users_post_create_user_with_empty_request_body_1f9b1832.hurl deleted file mode 100644 index 14c109b..0000000 --- a/cmd/cases/users_post_create_user_with_empty_request_body_1f9b1832.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── Create user with empty request body ───── -# case_id=TC-1f9b1832 -# case_name=Create user with empty request body -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P2 - -POST {{base_url}}/users -```json -{} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_empty_request_body_403e1b49.hurl b/cmd/cases/users_post_create_user_with_empty_request_body_403e1b49.hurl deleted file mode 100644 index d40a624..0000000 --- a/cmd/cases/users_post_create_user_with_empty_request_body_403e1b49.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── Create user with empty request body ───── -# case_id=TC-403e1b49 -# case_name=Create user with empty request body -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P2 - -POST {{base_url}}/users -```json -{} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_empty_request_body_5b591edb.hurl b/cmd/cases/users_post_create_user_with_empty_request_body_5b591edb.hurl deleted file mode 100644 index 1a79d52..0000000 --- a/cmd/cases/users_post_create_user_with_empty_request_body_5b591edb.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── Create user with empty request body ───── -# case_id=TC-5b591edb -# case_name=Create user with empty request body -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P2 - -POST {{base_url}}/users -```json -{} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_empty_request_body_5d3eb006.hurl b/cmd/cases/users_post_create_user_with_empty_request_body_5d3eb006.hurl deleted file mode 100644 index 296abd8..0000000 --- a/cmd/cases/users_post_create_user_with_empty_request_body_5d3eb006.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── Create user with empty request body ───── -# case_id=TC-5d3eb006 -# case_name=Create user with empty request body -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_empty_request_body_6d5b6c22.hurl b/cmd/cases/users_post_create_user_with_empty_request_body_6d5b6c22.hurl deleted file mode 100644 index 85b5796..0000000 --- a/cmd/cases/users_post_create_user_with_empty_request_body_6d5b6c22.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── Create user with empty request body ───── -# case_id=TC-6d5b6c22 -# case_name=Create user with empty request body -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P2 - -POST {{base_url}}/users -```json -{} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_empty_request_body_ae7a9790.hurl b/cmd/cases/users_post_create_user_with_empty_request_body_ae7a9790.hurl deleted file mode 100644 index 051111d..0000000 --- a/cmd/cases/users_post_create_user_with_empty_request_body_ae7a9790.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── Create user with empty request body ───── -# case_id=TC-ae7a9790 -# case_name=Create user with empty request body -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_empty_request_body_b9201ec1.hurl b/cmd/cases/users_post_create_user_with_empty_request_body_b9201ec1.hurl deleted file mode 100644 index db05705..0000000 --- a/cmd/cases/users_post_create_user_with_empty_request_body_b9201ec1.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── Create user with empty request body ───── -# case_id=TC-b9201ec1 -# case_name=Create user with empty request body -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_empty_request_body_d4ebbcfb.hurl b/cmd/cases/users_post_create_user_with_empty_request_body_d4ebbcfb.hurl deleted file mode 100644 index a6be502..0000000 --- a/cmd/cases/users_post_create_user_with_empty_request_body_d4ebbcfb.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── Create user with empty request body ───── -# case_id=TC-d4ebbcfb -# case_name=Create user with empty request body -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P2 - -POST {{base_url}}/users -```json -{} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_empty_request_body_dca30578.hurl b/cmd/cases/users_post_create_user_with_empty_request_body_dca30578.hurl deleted file mode 100644 index bdf6022..0000000 --- a/cmd/cases/users_post_create_user_with_empty_request_body_dca30578.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── Create user with empty request body ───── -# case_id=TC-dca30578 -# case_name=Create user with empty request body -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P2 - -POST {{base_url}}/users -```json -{} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_invalid_email_format_12d150e0.hurl b/cmd/cases/users_post_create_user_with_invalid_email_format_12d150e0.hurl deleted file mode 100644 index cf4ba09..0000000 --- a/cmd/cases/users_post_create_user_with_invalid_email_format_12d150e0.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with invalid email format ─── -# case_id=TC-12d150e0 -# case_name=Create user with invalid email format -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "email": "invalid-email", - "name": "Test User", - "password": "Password123" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_invalid_email_format_1b915f1c.hurl b/cmd/cases/users_post_create_user_with_invalid_email_format_1b915f1c.hurl deleted file mode 100644 index 0cdbf0c..0000000 --- a/cmd/cases/users_post_create_user_with_invalid_email_format_1b915f1c.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with invalid email format ─── -# case_id=TC-1b915f1c -# case_name=Create user with invalid email format -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "email": "invalid-email", - "name": "Bob Smith", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_invalid_email_format_3c84dd5d.hurl b/cmd/cases/users_post_create_user_with_invalid_email_format_3c84dd5d.hurl deleted file mode 100644 index ea228ec..0000000 --- a/cmd/cases/users_post_create_user_with_invalid_email_format_3c84dd5d.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with invalid email format ─── -# case_id=TC-3c84dd5d -# case_name=Create user with invalid email format -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "email": "not-an-email", - "name": "Bob Smith", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_invalid_email_format_4987e0c9.hurl b/cmd/cases/users_post_create_user_with_invalid_email_format_4987e0c9.hurl deleted file mode 100644 index 3131ec8..0000000 --- a/cmd/cases/users_post_create_user_with_invalid_email_format_4987e0c9.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with invalid email format ─── -# case_id=TC-4987e0c9 -# case_name=Create user with invalid email format -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "email": "invalid-email", - "name": "Bob Smith", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_invalid_email_format_802bab4d.hurl b/cmd/cases/users_post_create_user_with_invalid_email_format_802bab4d.hurl deleted file mode 100644 index 54e09ca..0000000 --- a/cmd/cases/users_post_create_user_with_invalid_email_format_802bab4d.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with invalid email format ─── -# case_id=TC-802bab4d -# case_name=Create user with invalid email format -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "email": "not-an-email", - "name": "Jane Doe", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_invalid_email_format_a76df09a.hurl b/cmd/cases/users_post_create_user_with_invalid_email_format_a76df09a.hurl deleted file mode 100644 index 6952e2c..0000000 --- a/cmd/cases/users_post_create_user_with_invalid_email_format_a76df09a.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with invalid email format ─── -# case_id=TC-a76df09a -# case_name=Create user with invalid email format -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "email": "invalid-email", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_invalid_email_format_c4f2a558.hurl b/cmd/cases/users_post_create_user_with_invalid_email_format_c4f2a558.hurl deleted file mode 100644 index d94c206..0000000 --- a/cmd/cases/users_post_create_user_with_invalid_email_format_c4f2a558.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with invalid email format ─── -# case_id=TC-c4f2a558 -# case_name=Create user with invalid email format -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "email": "invalid-email", - "name": "Bob Smith", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_invalid_email_format_c93fd0f2.hurl b/cmd/cases/users_post_create_user_with_invalid_email_format_c93fd0f2.hurl deleted file mode 100644 index c5cc8d6..0000000 --- a/cmd/cases/users_post_create_user_with_invalid_email_format_c93fd0f2.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with invalid email format ─── -# case_id=TC-c93fd0f2 -# case_name=Create user with invalid email format -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "email": "invalid-email", - "name": "Jane Doe", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_invalid_email_format_e753478f.hurl b/cmd/cases/users_post_create_user_with_invalid_email_format_e753478f.hurl deleted file mode 100644 index 780538d..0000000 --- a/cmd/cases/users_post_create_user_with_invalid_email_format_e753478f.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with invalid email format ─── -# case_id=TC-e753478f -# case_name=Create user with invalid email format -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "email": "invalid-email", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_invalid_email_format_ebabbba7.hurl b/cmd/cases/users_post_create_user_with_invalid_email_format_ebabbba7.hurl deleted file mode 100644 index 088c37a..0000000 --- a/cmd/cases/users_post_create_user_with_invalid_email_format_ebabbba7.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with invalid email format ─── -# case_id=TC-ebabbba7 -# case_name=Create user with invalid email format -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "email": "invalid-email", - "name": "Bob Smith", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_invalid_email_format_ee2ea20f.hurl b/cmd/cases/users_post_create_user_with_invalid_email_format_ee2ea20f.hurl deleted file mode 100644 index 0840efd..0000000 --- a/cmd/cases/users_post_create_user_with_invalid_email_format_ee2ea20f.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with invalid email format ─── -# case_id=TC-ee2ea20f -# case_name=Create user with invalid email format -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "email": "invalid-email", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_minimal_fields_4626dbf0.hurl b/cmd/cases/users_post_create_user_with_minimal_fields_4626dbf0.hurl deleted file mode 100644 index cada759..0000000 --- a/cmd/cases/users_post_create_user_with_minimal_fields_4626dbf0.hurl +++ /dev/null @@ -1,17 +0,0 @@ -# ── Create user with minimal fields ───────── -# case_id=TC-4626dbf0 -# case_name=Create user with minimal fields -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "email": "minimal@example.com" -} -``` - -HTTP 201 - diff --git a/cmd/cases/users_post_create_user_with_minimal_required_fields_272780ec.hurl b/cmd/cases/users_post_create_user_with_minimal_required_fields_272780ec.hurl deleted file mode 100644 index 60ce0ba..0000000 --- a/cmd/cases/users_post_create_user_with_minimal_required_fields_272780ec.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── Create user with minimal required fields ── -# case_id=TC-272780ec -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 -# title=Create user with minimal required fields - -POST {{base_url}}/users -```json -{ - "email": "minimal@example.com", - "password": "Password123" -} -``` - -HTTP 201 - diff --git a/cmd/cases/users_post_create_user_with_minimal_required_fields_6cad6219.hurl b/cmd/cases/users_post_create_user_with_minimal_required_fields_6cad6219.hurl deleted file mode 100644 index 62d8aeb..0000000 --- a/cmd/cases/users_post_create_user_with_minimal_required_fields_6cad6219.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── Create user with minimal required fields ── -# case_id=TC-6cad6219 -# case_name=Create user with minimal required fields -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "email": "minimal@example.com", - "password": "Password123" -} -``` - -HTTP 201 - diff --git a/cmd/cases/users_post_create_user_with_minimal_required_fields_9bb38a6e.hurl b/cmd/cases/users_post_create_user_with_minimal_required_fields_9bb38a6e.hurl deleted file mode 100644 index 928fc68..0000000 --- a/cmd/cases/users_post_create_user_with_minimal_required_fields_9bb38a6e.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── Create user with minimal required fields ── -# case_id=TC-9bb38a6e -# case_name=Create user with minimal required fields -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "email": "minimal@example.com", - "password": "Password123" -} -``` - -HTTP 201 - diff --git a/cmd/cases/users_post_create_user_with_missing_required_fields_088af62f.hurl b/cmd/cases/users_post_create_user_with_missing_required_fields_088af62f.hurl deleted file mode 100644 index 49919e2..0000000 --- a/cmd/cases/users_post_create_user_with_missing_required_fields_088af62f.hurl +++ /dev/null @@ -1,17 +0,0 @@ -# ── Create user with missing required fields ── -# case_id=TC-088af62f -# case_name=Create user with missing required fields -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "name": "John Doe" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_missing_required_fields_3e271201.hurl b/cmd/cases/users_post_create_user_with_missing_required_fields_3e271201.hurl deleted file mode 100644 index e9d8e80..0000000 --- a/cmd/cases/users_post_create_user_with_missing_required_fields_3e271201.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── Create user with missing required fields ── -# case_id=TC-3e271201 -# case_name=Create user with missing required fields -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "name": "Jane Doe", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_missing_required_fields_a1a407ac.hurl b/cmd/cases/users_post_create_user_with_missing_required_fields_a1a407ac.hurl deleted file mode 100644 index 5c332f6..0000000 --- a/cmd/cases/users_post_create_user_with_missing_required_fields_a1a407ac.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── Create user with missing required fields ── -# case_id=TC-a1a407ac -# case_name=Create user with missing required fields -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "name": "Jane Doe", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_missing_required_fields_cca11513.hurl b/cmd/cases/users_post_create_user_with_missing_required_fields_cca11513.hurl deleted file mode 100644 index b450d72..0000000 --- a/cmd/cases/users_post_create_user_with_missing_required_fields_cca11513.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── Create user with missing required fields ── -# case_id=TC-cca11513 -# case_name=Create user with missing required fields -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_missing_required_fields_d11763fa.hurl b/cmd/cases/users_post_create_user_with_missing_required_fields_d11763fa.hurl deleted file mode 100644 index 8a2d18d..0000000 --- a/cmd/cases/users_post_create_user_with_missing_required_fields_d11763fa.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── Create user with missing required fields ── -# case_id=TC-d11763fa -# case_name=Create user with missing required fields -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "name": "Jane Doe", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_missing_required_fields_f2b440ff.hurl b/cmd/cases/users_post_create_user_with_missing_required_fields_f2b440ff.hurl deleted file mode 100644 index 74869cd..0000000 --- a/cmd/cases/users_post_create_user_with_missing_required_fields_f2b440ff.hurl +++ /dev/null @@ -1,17 +0,0 @@ -# ── Create user with missing required fields ── -# case_id=TC-f2b440ff -# case_name=Create user with missing required fields -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "name": "John Doe" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_password_too_short_6585f31e.hurl b/cmd/cases/users_post_create_user_with_password_too_short_6585f31e.hurl deleted file mode 100644 index c534d24..0000000 --- a/cmd/cases/users_post_create_user_with_password_too_short_6585f31e.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with password too short ───── -# case_id=TC-6585f31e -# case_name=Create user with password too short -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P2 - -POST {{base_url}}/users -```json -{ - "email": "weakpass@example.com", - "name": "Weak Pass User", - "password": "123" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_valid_data_0add7ad1.hurl b/cmd/cases/users_post_create_user_with_valid_data_0add7ad1.hurl deleted file mode 100644 index 25ef66a..0000000 --- a/cmd/cases/users_post_create_user_with_valid_data_0add7ad1.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with valid data ───────────── -# case_id=TC-0add7ad1 -# case_name=Create user with valid data -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "email": "john.doe@example.com", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 201 - diff --git a/cmd/cases/users_post_create_user_with_valid_data_0b80c623.hurl b/cmd/cases/users_post_create_user_with_valid_data_0b80c623.hurl deleted file mode 100644 index cd928e9..0000000 --- a/cmd/cases/users_post_create_user_with_valid_data_0b80c623.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with valid data ───────────── -# case_id=TC-0b80c623 -# case_name=Create user with valid data -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "email": "john.doe@example.com", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 201 - diff --git a/cmd/cases/users_post_create_user_with_valid_data_168ded86.hurl b/cmd/cases/users_post_create_user_with_valid_data_168ded86.hurl deleted file mode 100644 index 8a754ff..0000000 --- a/cmd/cases/users_post_create_user_with_valid_data_168ded86.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with valid data ───────────── -# case_id=TC-168ded86 -# case_name=Create user with valid data -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "email": "john.doe@example.com", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 201 - diff --git a/cmd/cases/users_post_create_user_with_valid_data_1bc07161.hurl b/cmd/cases/users_post_create_user_with_valid_data_1bc07161.hurl deleted file mode 100644 index 2f6ef6f..0000000 --- a/cmd/cases/users_post_create_user_with_valid_data_1bc07161.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with valid data ───────────── -# case_id=TC-1bc07161 -# case_name=Create user with valid data -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "email": "john.doe@example.com", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 201 - diff --git a/cmd/cases/users_post_create_user_with_valid_data_23ae4070.hurl b/cmd/cases/users_post_create_user_with_valid_data_23ae4070.hurl deleted file mode 100644 index e585878..0000000 --- a/cmd/cases/users_post_create_user_with_valid_data_23ae4070.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with valid data ───────────── -# case_id=TC-23ae4070 -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 -# title=Create user with valid data - -POST {{base_url}}/users -```json -{ - "email": "john.doe@example.com", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 201 - diff --git a/cmd/cases/users_post_create_user_with_valid_data_2a7542be.hurl b/cmd/cases/users_post_create_user_with_valid_data_2a7542be.hurl deleted file mode 100644 index 5fb684c..0000000 --- a/cmd/cases/users_post_create_user_with_valid_data_2a7542be.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with valid data ───────────── -# case_id=TC-2a7542be -# case_name=Create user with valid data -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "email": "john.doe@example.com", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 201 - diff --git a/cmd/cases/users_post_create_user_with_valid_data_405b1cc7.hurl b/cmd/cases/users_post_create_user_with_valid_data_405b1cc7.hurl deleted file mode 100644 index a2df480..0000000 --- a/cmd/cases/users_post_create_user_with_valid_data_405b1cc7.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with valid data ───────────── -# case_id=TC-405b1cc7 -# case_name=Create user with valid data -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "email": "john.doe@example.com", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 201 - diff --git a/cmd/cases/users_post_create_user_with_valid_data_42336db4.hurl b/cmd/cases/users_post_create_user_with_valid_data_42336db4.hurl deleted file mode 100644 index cdfcaad..0000000 --- a/cmd/cases/users_post_create_user_with_valid_data_42336db4.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with valid data ───────────── -# case_id=TC-42336db4 -# case_name=Create user with valid data -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "email": "john.doe@example.com", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 201 - diff --git a/cmd/cases/users_post_create_user_with_valid_data_66eaac33.hurl b/cmd/cases/users_post_create_user_with_valid_data_66eaac33.hurl deleted file mode 100644 index edb6051..0000000 --- a/cmd/cases/users_post_create_user_with_valid_data_66eaac33.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with valid data ───────────── -# case_id=TC-66eaac33 -# case_name=Create user with valid data -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "email": "john.doe@example.com", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 201 - diff --git a/cmd/cases/users_post_create_user_with_valid_data_7bd9e5f4.hurl b/cmd/cases/users_post_create_user_with_valid_data_7bd9e5f4.hurl deleted file mode 100644 index b82129f..0000000 --- a/cmd/cases/users_post_create_user_with_valid_data_7bd9e5f4.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with valid data ───────────── -# case_id=TC-7bd9e5f4 -# case_name=Create user with valid data -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "email": "john.doe@example.com", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 201 - diff --git a/cmd/cases/users_post_create_user_with_valid_data_8d1e56af.hurl b/cmd/cases/users_post_create_user_with_valid_data_8d1e56af.hurl deleted file mode 100644 index 8cf5536..0000000 --- a/cmd/cases/users_post_create_user_with_valid_data_8d1e56af.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with valid data ───────────── -# case_id=TC-8d1e56af -# case_name=Create user with valid data -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "email": "john.doe@example.com", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 201 - diff --git a/cmd/cases/users_post_create_user_with_valid_data_d820dbc4.hurl b/cmd/cases/users_post_create_user_with_valid_data_d820dbc4.hurl deleted file mode 100644 index 1588a7b..0000000 --- a/cmd/cases/users_post_create_user_with_valid_data_d820dbc4.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with valid data ───────────── -# case_id=TC-d820dbc4 -# case_name=Create user with valid data -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "email": "john.doe@example.com", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 201 - diff --git a/cmd/cases/users_post_create_user_with_valid_data_ef5c32e1.hurl b/cmd/cases/users_post_create_user_with_valid_data_ef5c32e1.hurl deleted file mode 100644 index cd8cd30..0000000 --- a/cmd/cases/users_post_create_user_with_valid_data_ef5c32e1.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with valid data ───────────── -# case_id=TC-ef5c32e1 -# case_name=Create user with valid data -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "email": "john.doe@example.com", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 201 - diff --git a/cmd/cases/users_post_create_user_with_valid_data_f4fc91e0.hurl b/cmd/cases/users_post_create_user_with_valid_data_f4fc91e0.hurl deleted file mode 100644 index 861ac86..0000000 --- a/cmd/cases/users_post_create_user_with_valid_data_f4fc91e0.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with valid data ───────────── -# case_id=TC-f4fc91e0 -# case_name=Create user with valid data -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "email": "john.doe@example.com", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 201 - diff --git a/cmd/cases/users_post_create_user_with_weak_password_066b5eb6.hurl b/cmd/cases/users_post_create_user_with_weak_password_066b5eb6.hurl deleted file mode 100644 index ddb406c..0000000 --- a/cmd/cases/users_post_create_user_with_weak_password_066b5eb6.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with weak password ────────── -# case_id=TC-066b5eb6 -# case_name=Create user with weak password -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P2 - -POST {{base_url}}/users -```json -{ - "email": "weakpass@example.com", - "name": "Weak Pass User", - "password": "123" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_weak_password_4414257a.hurl b/cmd/cases/users_post_create_user_with_weak_password_4414257a.hurl deleted file mode 100644 index 9eb199f..0000000 --- a/cmd/cases/users_post_create_user_with_weak_password_4414257a.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with weak password ────────── -# case_id=TC-4414257a -# case_name=Create user with weak password -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P2 - -POST {{base_url}}/users -```json -{ - "email": "john.weak@example.com", - "name": "John Doe", - "password": "123" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_weak_password_61182975.hurl b/cmd/cases/users_post_create_user_with_weak_password_61182975.hurl deleted file mode 100644 index ef714ca..0000000 --- a/cmd/cases/users_post_create_user_with_weak_password_61182975.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with weak password ────────── -# case_id=TC-61182975 -# case_name=Create user with weak password -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P2 - -POST {{base_url}}/users -```json -{ - "email": "weakpass@example.com", - "name": "Weak Pass User", - "password": "123" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_weak_password_927b5196.hurl b/cmd/cases/users_post_create_user_with_weak_password_927b5196.hurl deleted file mode 100644 index 2d93789..0000000 --- a/cmd/cases/users_post_create_user_with_weak_password_927b5196.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with weak password ────────── -# case_id=TC-927b5196 -# case_name=Create user with weak password -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P2 - -POST {{base_url}}/users -```json -{ - "email": "john.weak@example.com", - "name": "John Doe", - "password": "123" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_weak_password_ad27efeb.hurl b/cmd/cases/users_post_create_user_with_weak_password_ad27efeb.hurl deleted file mode 100644 index 6e64e72..0000000 --- a/cmd/cases/users_post_create_user_with_weak_password_ad27efeb.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with weak password ────────── -# case_id=TC-ad27efeb -# case_name=Create user with weak password -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P2 - -POST {{base_url}}/users -```json -{ - "email": "charlie.wilson@example.com", - "name": "Charlie Wilson", - "password": "123" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_weak_password_e00f7c68.hurl b/cmd/cases/users_post_create_user_with_weak_password_e00f7c68.hurl deleted file mode 100644 index ec38de7..0000000 --- a/cmd/cases/users_post_create_user_with_weak_password_e00f7c68.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with weak password ────────── -# case_id=TC-e00f7c68 -# case_name=Create user with weak password -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P2 - -POST {{base_url}}/users -```json -{ - "email": "weakpass@example.com", - "name": "Weak Pass User", - "password": "123" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_weak_password_e83267a6.hurl b/cmd/cases/users_post_create_user_with_weak_password_e83267a6.hurl deleted file mode 100644 index 114b799..0000000 --- a/cmd/cases/users_post_create_user_with_weak_password_e83267a6.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with weak password ────────── -# case_id=TC-e83267a6 -# case_name=Create user with weak password -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P2 - -POST {{base_url}}/users -```json -{ - "email": "weakpass@example.com", - "name": "Weak Pass User", - "password": "123" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_with_weak_password_f80ddbdb.hurl b/cmd/cases/users_post_create_user_with_weak_password_f80ddbdb.hurl deleted file mode 100644 index 2b65e6e..0000000 --- a/cmd/cases/users_post_create_user_with_weak_password_f80ddbdb.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user with weak password ────────── -# case_id=TC-f80ddbdb -# case_name=Create user with weak password -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P2 - -POST {{base_url}}/users -```json -{ - "email": "weakpass@example.com", - "name": "Weak Pass User", - "password": "123" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_create_user_without_authentication_token_dd3e5af5.hurl b/cmd/cases/users_post_create_user_without_authentication_token_dd3e5af5.hurl deleted file mode 100644 index ccff5a6..0000000 --- a/cmd/cases/users_post_create_user_without_authentication_token_dd3e5af5.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Create user without authentication token ── -# case_id=TC-dd3e5af5 -# case_name=Create user without authentication token -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "email": "unauth@example.com", - "name": "Unauthorized User", - "password": "SecurePass123!" -} -``` - -HTTP 401 - diff --git a/cmd/cases/users_post_fail_to_create_duplicate_user_027c26b3.hurl b/cmd/cases/users_post_fail_to_create_duplicate_user_027c26b3.hurl deleted file mode 100644 index 450d3b0..0000000 --- a/cmd/cases/users_post_fail_to_create_duplicate_user_027c26b3.hurl +++ /dev/null @@ -1,38 +0,0 @@ -# ══════════════════════════════════════════════════ -# Fail to create duplicate user -# case_id=TC-027c26b3 -# case_name=Fail to create duplicate user -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── POST first user [test] ────────────────── -# step_id=step-1 -# step_type=test -# title=POST first user - -POST {{base_url}}/users -```json -{ - "email": "duplicate@example.com", - "name": "Duplicate Test" -} -``` - -HTTP 201 - -# ── POST duplicate user with same email [test] ── -# step_id=step-2 -# step_type=test -# title=POST duplicate user with same email - -POST {{base_url}}/users -```json -{ - "email": "duplicate@example.com", - "name": "Duplicate Test" -} -``` - -HTTP 409 - diff --git a/cmd/cases/users_post_fail_to_create_duplicate_user_9b4f9a72.hurl b/cmd/cases/users_post_fail_to_create_duplicate_user_9b4f9a72.hurl deleted file mode 100644 index fa7cbd0..0000000 --- a/cmd/cases/users_post_fail_to_create_duplicate_user_9b4f9a72.hurl +++ /dev/null @@ -1,40 +0,0 @@ -# ══════════════════════════════════════════════════ -# Fail to create duplicate user -# case_id=TC-9b4f9a72 -# case_name=Fail to create duplicate user -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── Create first user [test] ──────────────── -# step_id=step-1 -# step_type=test -# title=Create first user - -POST {{base_url}}/users -```json -{ - "email": "duplicate@example.com", - "name": "Duplicate User", - "password": "Password123" -} -``` - -HTTP 201 - -# ── Attempt to create user with same email [test] ── -# step_id=step-2 -# step_type=test -# title=Attempt to create user with same email - -POST {{base_url}}/users -```json -{ - "email": "duplicate@example.com", - "name": "Another User", - "password": "DifferentPass456" -} -``` - -HTTP 409 - diff --git a/cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_6c2e4ea0.hurl b/cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_6c2e4ea0.hurl deleted file mode 100644 index f103df4..0000000 --- a/cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_6c2e4ea0.hurl +++ /dev/null @@ -1,40 +0,0 @@ -# ══════════════════════════════════════════════════ -# Fail to create duplicate user with existing email -# case_id=TC-6c2e4ea0 -# case_name=Fail to create duplicate user with existing email -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── Create first user [test] ──────────────── -# step_id=step-1 -# step_type=test -# title=Create first user - -POST {{base_url}}/users -```json -{ - "email": "alice.brown@example.com", - "name": "Alice Brown", - "password": "SecurePass123!" -} -``` - -HTTP 201 - -# ── Attempt to create user with same email [test] ── -# step_id=step-2 -# step_type=test -# title=Attempt to create user with same email - -POST {{base_url}}/users -```json -{ - "email": "alice.brown@example.com", - "name": "Alice Brown", - "password": "DifferentPass456!" -} -``` - -HTTP 409 - diff --git a/cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_78c9e99f.hurl b/cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_78c9e99f.hurl deleted file mode 100644 index c0f2dde..0000000 --- a/cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_78c9e99f.hurl +++ /dev/null @@ -1,39 +0,0 @@ -# ══════════════════════════════════════════════════ -# Fail to create duplicate user with existing email -# case_id=TC-78c9e99f -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── Create first user [test] ──────────────── -# step_id=step-1 -# step_type=test -# title=Create first user - -POST {{base_url}}/users -```json -{ - "email": "jane.doe@example.com", - "name": "Jane Doe", - "password": "SecurePass123!" -} -``` - -HTTP 201 - -# ── Attempt to create second user with same email [test] ── -# step_id=step-2 -# step_type=test -# title=Attempt to create second user with same email - -POST {{base_url}}/users -```json -{ - "email": "jane.doe@example.com", - "name": "Jane Smith", - "password": "DifferentPass456!" -} -``` - -HTTP 409 - diff --git a/cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_b9e88eb8.hurl b/cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_b9e88eb8.hurl deleted file mode 100644 index 847c52b..0000000 --- a/cmd/cases/users_post_fail_to_create_duplicate_user_with_existing_email_b9e88eb8.hurl +++ /dev/null @@ -1,40 +0,0 @@ -# ══════════════════════════════════════════════════ -# Fail to create duplicate user with existing email -# case_id=TC-b9e88eb8 -# case_name=Fail to create duplicate user with existing email -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── Create first user [test] ──────────────── -# step_id=step-1 -# step_type=test -# title=Create first user - -POST {{base_url}}/users -```json -{ - "email": "alice@example.com", - "name": "Alice Johnson", - "password": "SecurePass123!" -} -``` - -HTTP 201 - -# ── Attempt to create user with same email [test] ── -# step_id=step-2 -# step_type=test -# title=Attempt to create user with same email - -POST {{base_url}}/users -```json -{ - "email": "alice@example.com", - "name": "Alice Johnson", - "password": "DifferentPass456!" -} -``` - -HTTP 409 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_duplicate_email_004d19bc.hurl b/cmd/cases/users_post_fail_to_create_user_with_duplicate_email_004d19bc.hurl deleted file mode 100644 index 5aca944..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_duplicate_email_004d19bc.hurl +++ /dev/null @@ -1,40 +0,0 @@ -# ══════════════════════════════════════════════════ -# Fail to create user with duplicate email -# case_id=TC-004d19bc -# case_name=Fail to create user with duplicate email -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── Create first user [test] ──────────────── -# step_id=step-1 -# step_type=test -# title=Create first user - -POST {{base_url}}/users -```json -{ - "email": "duplicate@example.com", - "name": "First User", - "password": "SecurePass123!" -} -``` - -HTTP 201 - -# ── Attempt to create second user with same email [test] ── -# step_id=step-2 -# step_type=test -# title=Attempt to create second user with same email - -POST {{base_url}}/users -```json -{ - "email": "duplicate@example.com", - "name": "Second User", - "password": "DifferentPass456!" -} -``` - -HTTP 409 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_duplicate_email_865cada7.hurl b/cmd/cases/users_post_fail_to_create_user_with_duplicate_email_865cada7.hurl deleted file mode 100644 index fa1c37d..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_duplicate_email_865cada7.hurl +++ /dev/null @@ -1,40 +0,0 @@ -# ══════════════════════════════════════════════════ -# Fail to create user with duplicate email -# case_id=TC-865cada7 -# case_name=Fail to create user with duplicate email -# case_kind=chain -# priority=P1 -# ══════════════════════════════════════════════════ - -# ── Create first user [test] ──────────────── -# step_id=step-1 -# step_type=test -# title=Create first user - -POST {{base_url}}/users -```json -{ - "email": "john.doe@example.com", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 201 - -# ── Attempt to create user with same email [test] ── -# step_id=step-2 -# step_type=test -# title=Attempt to create user with same email - -POST {{base_url}}/users -```json -{ - "email": "john.doe@example.com", - "name": "Another John", - "password": "DifferentPass456!" -} -``` - -HTTP 409 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_84405873.hurl b/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_84405873.hurl deleted file mode 100644 index 6cb216d..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_84405873.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── Fail to create user with empty request body ── -# case_id=TC-84405873 -# case_name=Fail to create user with empty request body -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P2 - -POST {{base_url}}/users -```json -{} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_9787221a.hurl b/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_9787221a.hurl deleted file mode 100644 index e154558..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_9787221a.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── Fail to create user with empty request body ── -# case_id=TC-9787221a -# case_name=Fail to create user with empty request body -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P2 - -POST {{base_url}}/users -```json -{} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_9fa1c233.hurl b/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_9fa1c233.hurl deleted file mode 100644 index c64c876..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_9fa1c233.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── Fail to create user with empty request body ── -# case_id=TC-9fa1c233 -# case_name=Fail to create user with empty request body -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P2 - -POST {{base_url}}/users -```json -{} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_cea3990a.hurl b/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_cea3990a.hurl deleted file mode 100644 index 6d99e29..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_empty_request_body_cea3990a.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── Fail to create user with empty request body ── -# case_id=TC-cea3990a -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 -# title=Fail to create user with empty request body - -POST {{base_url}}/users -```json -{} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_1ba1acf6.hurl b/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_1ba1acf6.hurl deleted file mode 100644 index cd513df..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_1ba1acf6.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Fail to create user with invalid email format ── -# case_id=TC-1ba1acf6 -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 -# title=Fail to create user with invalid email format - -POST {{base_url}}/users -```json -{ - "email": "invalid-email", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_2bd6ea23.hurl b/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_2bd6ea23.hurl deleted file mode 100644 index a1d6613..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_2bd6ea23.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Fail to create user with invalid email format ── -# case_id=TC-2bd6ea23 -# case_name=Fail to create user with invalid email format -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "email": "invalid-email", - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_354a4ea6.hurl b/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_354a4ea6.hurl deleted file mode 100644 index d821ae8..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_354a4ea6.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Fail to create user with invalid email format ── -# case_id=TC-354a4ea6 -# case_name=Fail to create user with invalid email format -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "email": "invalid-email-format", - "name": "Bob Smith", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_5204b57a.hurl b/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_5204b57a.hurl deleted file mode 100644 index 757cecd..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_5204b57a.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── Fail to create user with invalid email format ── -# case_id=TC-5204b57a -# case_name=Fail to create user with invalid email format -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "email": "invalid-email-format", - "name": "Test User" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_71d8d257.hurl b/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_71d8d257.hurl deleted file mode 100644 index 86fea35..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_71d8d257.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Fail to create user with invalid email format ── -# case_id=TC-71d8d257 -# case_name=Fail to create user with invalid email format -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "email": "not-an-email", - "name": "Bad Email User", - "password": "Password123" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_984e56e9.hurl b/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_984e56e9.hurl deleted file mode 100644 index ecbe682..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_984e56e9.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Fail to create user with invalid email format ── -# case_id=TC-984e56e9 -# case_name=Fail to create user with invalid email format -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "email": "not-an-email", - "name": "Invalid User", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_a2bd888d.hurl b/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_a2bd888d.hurl deleted file mode 100644 index c967014..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_invalid_email_format_a2bd888d.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Fail to create user with invalid email format ── -# case_id=TC-a2bd888d -# case_name=Fail to create user with invalid email format -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "email": "invalid-email", - "name": "Bob Smith", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_missing_email_9984528c.hurl b/cmd/cases/users_post_fail_to_create_user_with_missing_email_9984528c.hurl deleted file mode 100644 index bcf6301..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_missing_email_9984528c.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── Fail to create user with missing email ── -# case_id=TC-9984528c -# case_name=Fail to create user with missing email -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "name": "Jane Doe", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_missing_email_e1e9b7f8.hurl b/cmd/cases/users_post_fail_to_create_user_with_missing_email_e1e9b7f8.hurl deleted file mode 100644 index 63f8676..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_missing_email_e1e9b7f8.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── Fail to create user with missing email ── -# case_id=TC-e1e9b7f8 -# case_name=Fail to create user with missing email -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "name": "No Email User", - "password": "Password123" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_00b8cf47.hurl b/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_00b8cf47.hurl deleted file mode 100644 index 9551d95..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_00b8cf47.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── Fail to create user with missing required fields ── -# case_id=TC-00b8cf47 -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 -# title=Fail to create user with missing required fields - -POST {{base_url}}/users -```json -{ - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_8a424b35.hurl b/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_8a424b35.hurl deleted file mode 100644 index 7cb0e1b..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_8a424b35.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── Fail to create user with missing required fields ── -# case_id=TC-8a424b35 -# case_name=Fail to create user with missing required fields -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "name": "Jane Doe", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_8eba8f6c.hurl b/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_8eba8f6c.hurl deleted file mode 100644 index b489a5c..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_8eba8f6c.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── Fail to create user with missing required fields ── -# case_id=TC-8eba8f6c -# case_name=Fail to create user with missing required fields -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "name": "John Doe", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_9be782de.hurl b/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_9be782de.hurl deleted file mode 100644 index 1a3b32a..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_9be782de.hurl +++ /dev/null @@ -1,18 +0,0 @@ -# ── Fail to create user with missing required fields ── -# case_id=TC-9be782de -# case_name=Fail to create user with missing required fields -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{ - "name": "Jane Doe", - "password": "SecurePass123!" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_c122d03b.hurl b/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_c122d03b.hurl deleted file mode 100644 index a555c58..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_missing_required_fields_c122d03b.hurl +++ /dev/null @@ -1,15 +0,0 @@ -# ── Fail to create user with missing required fields ── -# case_id=TC-c122d03b -# case_name=Fail to create user with missing required fields -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P0 - -POST {{base_url}}/users -```json -{} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_weak_password_3cf31478.hurl b/cmd/cases/users_post_fail_to_create_user_with_weak_password_3cf31478.hurl deleted file mode 100644 index 3e44440..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_weak_password_3cf31478.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Fail to create user with weak password ── -# case_id=TC-3cf31478 -# case_name=Fail to create user with weak password -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "email": "charlie@example.com", - "name": "Charlie Brown", - "password": "123" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_weak_password_5278686c.hurl b/cmd/cases/users_post_fail_to_create_user_with_weak_password_5278686c.hurl deleted file mode 100644 index a131721..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_weak_password_5278686c.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Fail to create user with weak password ── -# case_id=TC-5278686c -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P2 -# title=Fail to create user with weak password - -POST {{base_url}}/users -```json -{ - "email": "john.weak@example.com", - "name": "John Doe", - "password": "123" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_weak_password_91adc9f5.hurl b/cmd/cases/users_post_fail_to_create_user_with_weak_password_91adc9f5.hurl deleted file mode 100644 index cabe4b9..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_weak_password_91adc9f5.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Fail to create user with weak password ── -# case_id=TC-91adc9f5 -# case_name=Fail to create user with weak password -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P1 - -POST {{base_url}}/users -```json -{ - "email": "weakpass@example.com", - "name": "Weak Password User", - "password": "123" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_weak_password_a8b3ff8c.hurl b/cmd/cases/users_post_fail_to_create_user_with_weak_password_a8b3ff8c.hurl deleted file mode 100644 index d1651f4..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_weak_password_a8b3ff8c.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Fail to create user with weak password ── -# case_id=TC-a8b3ff8c -# case_name=Fail to create user with weak password -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P2 - -POST {{base_url}}/users -```json -{ - "email": "charlie.wilson@example.com", - "name": "Charlie Wilson", - "password": "123" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_fail_to_create_user_with_weak_password_ac0b807a.hurl b/cmd/cases/users_post_fail_to_create_user_with_weak_password_ac0b807a.hurl deleted file mode 100644 index bab3801..0000000 --- a/cmd/cases/users_post_fail_to_create_user_with_weak_password_ac0b807a.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Fail to create user with weak password ── -# case_id=TC-ac0b807a -# case_name=Fail to create user with weak password -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P2 - -POST {{base_url}}/users -```json -{ - "email": "weakpass@example.com", - "name": "Weak Password User", - "password": "123" -} -``` - -HTTP 400 - diff --git a/cmd/cases/users_post_fail_to_create_user_without_authentication_127085f6.hurl b/cmd/cases/users_post_fail_to_create_user_without_authentication_127085f6.hurl deleted file mode 100644 index 08ac804..0000000 --- a/cmd/cases/users_post_fail_to_create_user_without_authentication_127085f6.hurl +++ /dev/null @@ -1,19 +0,0 @@ -# ── Fail to create user without authentication ── -# case_id=TC-127085f6 -# case_name=Fail to create user without authentication -# step_id=step-1 -# step_type=test -# technique=ask -# priority=P2 - -POST {{base_url}}/users -```json -{ - "email": "unauth@example.com", - "name": "Unauthorized User", - "password": "SecurePass123!" -} -``` - -HTTP 401 - diff --git a/cmd/reports/dea-report.json b/cmd/reports/dea-report.json deleted file mode 100644 index 9cb5bc8..0000000 --- a/cmd/reports/dea-report.json +++ /dev/null @@ -1,7 +0,0 @@ -{ - "spec_path": "/var/folders/1j/6j5tknyn4b3_gsbr3zbyv2hc0000gn/T/TestExploreCommand_ExportPool_DryRun3336969209/001/spec.yaml", - "target_url": "", - "explored_at": "2026-05-06T21:56:17.835811+08:00", - "total_probes": 0, - "rules": null -} \ No newline at end of file From 40573ac1454a9a1c82524cad93acc5914539325d Mon Sep 17 00:00:00 2001 From: yuchou87 Date: Thu, 7 May 2026 00:22:21 +0800 Subject: [PATCH 3/3] fix(gen): address batch annotation review feedback MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Fix off-by-one: annotationBatch >= 1 now dispatches batch path (previously batch=1 fell through to sequential mode silently) - Add 200ms inter-batch throttle to reduce rate-limit pressure - Cap MaxTokens at min(256*n, 8192) — stays within provider output limits - Include op.Description in batch prompt alongside Summary for richer LLM signal - Remove unused n variable from batchLLMProvider.Complete in tests - Strengthen AT-252: also verify --annotation-batch flag runs gen to completion --- docs/acceptance/acceptance-tests.md | 2 +- internal/methodology/engine.go | 13 ++++++++++--- internal/methodology/engine_test.go | 2 -- scripts/acceptance.sh | 5 ++++- 4 files changed, 15 insertions(+), 7 deletions(-) diff --git a/docs/acceptance/acceptance-tests.md b/docs/acceptance/acceptance-tests.md index 42b6760..73ca4e4 100644 --- a/docs/acceptance/acceptance-tests.md +++ b/docs/acceptance/acceptance-tests.md @@ -146,7 +146,7 @@ | AT-249 | Hurl output contains case_name field | `caseforge gen --no-ai --format hurl --spec petstore.yaml --output /tmp/at249` | Every `.hurl` file has a `# case_name=` header line | ✅ PASS | | AT-250 | gen skips regeneration on unchanged spec | Run `gen` twice on the same spec | Second run prints "unchanged" and exits without regenerating | ✅ PASS | | AT-251 | gen --force regenerates despite matching hash | Run `gen` then `gen --force` on the same spec | `--force` run prints "Generated" (bypasses dedup) | ✅ PASS | -| AT-252 | gen --annotation-batch flag is registered | `caseforge gen --help` | Help text contains `annotation-batch` | ✅ PASS | +| AT-252 | gen --annotation-batch flag is registered and runs without error | `caseforge gen --help` + `caseforge gen --no-ai --annotation-batch 5 --spec petstore.yaml --output /tmp/at252` | Help text contains `annotation-batch`; gen completes successfully with flag set | ✅ PASS | --- diff --git a/internal/methodology/engine.go b/internal/methodology/engine.go index d795514..2bf976d 100644 --- a/internal/methodology/engine.go +++ b/internal/methodology/engine.go @@ -243,7 +243,7 @@ func (e *Engine) annotateOperations(ops []*spec.Operation) { if !e.llm.IsAvailable() { return // NoopProvider: skip annotation, SemanticInfo stays nil } - if e.annotationBatch > 1 { + if e.annotationBatch >= 1 { e.annotateOperationsBatch(ops, e.annotationBatch) return } @@ -272,6 +272,9 @@ func (e *Engine) annotateOperations(ops []*spec.Operation) { // and generation continues unaffected (annotation is best-effort). func (e *Engine) annotateOperationsBatch(ops []*spec.Operation, batchSize int) { for start := 0; start < len(ops); start += batchSize { + if start > 0 { + time.Sleep(200 * time.Millisecond) // light throttle between batches + } end := start + batchSize if end > len(ops) { end = len(ops) @@ -307,7 +310,11 @@ func (e *Engine) annotateBatch(ops []*spec.Operation) (map[string]*spec.Semantic if id == "" { id = op.Method + "_" + op.Path } - fmt.Fprintf(&sb, "- operation_id: %q %s %s summary: %s\n", id, op.Method, op.Path, op.Summary) + desc := op.Summary + if op.Description != "" { + desc = op.Summary + " — " + op.Description + } + fmt.Fprintf(&sb, "- operation_id: %q %s %s summary: %s\n", id, op.Method, op.Path, desc) } sb.WriteString("\nReturn ONLY the JSON array, no other text.") @@ -317,7 +324,7 @@ func (e *Engine) annotateBatch(ops []*spec.Operation) (map[string]*spec.Semantic req := &llm.CompletionRequest{ System: "You are an API testing expert. Analyze operations and return structured JSON.", Messages: []llm.Message{{Role: "user", Content: sb.String()}}, - MaxTokens: 256 * len(ops), // ~256 tokens per op is enough for the annotation fields + MaxTokens: min(256*len(ops), 8192), // cap at 8192 — smallest common provider output limit } resp, err := llm.Retry(ctx, 5, func() (*llm.CompletionResponse, error) { return e.llm.Complete(ctx, req) diff --git a/internal/methodology/engine_test.go b/internal/methodology/engine_test.go index a8f93ee..6aba632 100644 --- a/internal/methodology/engine_test.go +++ b/internal/methodology/engine_test.go @@ -360,10 +360,8 @@ func (b *batchLLMProvider) IsAvailable() bool { return true } func (b *batchLLMProvider) Name() string { return "batch-stub" } func (b *batchLLMProvider) Complete(_ context.Context, req *llm.CompletionRequest) (*llm.CompletionResponse, error) { b.muCalls.Lock() - n := b.calls b.calls++ b.muCalls.Unlock() - _ = n text := b.responseFor(req.Messages[0].Content) return &llm.CompletionResponse{Text: text}, nil } diff --git a/scripts/acceptance.sh b/scripts/acceptance.sh index aa0cdee..7b165d2 100755 --- a/scripts/acceptance.sh +++ b/scripts/acceptance.sh @@ -1055,9 +1055,12 @@ run "AT-251" "gen --force regenerates even when spec is unchanged" \ "'$BIN' gen --spec '$WORKDIR/petstore.yaml' --no-ai --output '$AT251DIR' 2>&1 | grep -q 'Generated' && \ '$BIN' gen --spec '$WORKDIR/petstore.yaml' --no-ai --force --output '$AT251DIR' 2>&1 | grep -q 'Generated'" -# AT-252: --annotation-batch flag is registered +# AT-252: --annotation-batch flag is registered and runs without error +AT252DIR=$(mktemp -d) contains "AT-252" "gen --annotation-batch flag is registered" "annotation-batch" \ "$BIN gen --help" +run "AT-252b" "gen --annotation-batch flag runs gen to completion" \ + "'$BIN' gen --spec '$WORKDIR/petstore.yaml' --no-ai --annotation-batch 5 --output '$AT252DIR' 2>&1 | grep -q 'Generated'" echo ""