⛏️ Write a test to check if a user can redeem the same coupon code multiple times

[aktoboy]

💭 Introduction:
We want to test whether an attacker can redeem the same coupon multiple times by exploiting race condition vulnerability.

🎯 Requirements:

1. Filters - This test should run on apis which are used to redeem coupons. You can choose an API that has a query-param named "coupon".

2. Execute - Re-run the same request without any changes

3. Validate - If we get 90% response match, then it is vulnerable

The test should correctly detect whether the api is vulnerable to race condition.

✅ Task summary:

• Ask to be assigned to the issue.
• Wait to be assigned. We will try to assign in less than 2 hours.
• Signup for Akto
• Fork the tests-library repository, create a new branch and commit the yaml file which will be called in your test.
• Submit both the PR here.

📚 Reading
You can find a detailed documentation of test editor rules here
Find 100+ examples of YAML tests here

🙋🏼‍♂️ Questions:
If you have questions, need any help, or just want to hang out, make sure to join us on our Discord server.

[roshhni97]

@aktoboy I want to work on this issue please assign it to me.

[Ankita28g]

Thanks for your interest 🎉

Assigning to you! Happy hackfesting 🥳

[aktoboy]

Hey @Roshani9731, let me know if you need any help with this issue.

[Ankita28g]

Hi @Roshani9731 do you need any help with this?

[Ankita28g]

Hi @Roshani9731 are you still working on this?

[Ankita28g]

Hi @Roshani9731 thanks for your submission in Hackfest. 🔥 We are reviewing your work. Do these two below:

1. Join this group on discord for discussions around prizes? 🚀 🏆
2. Please fill this form your PR to be considered for prizes!

[harshalkh]

@ankush-jain-akto - I can work on this test. Could you please assign the same to me.

[Anurag-space]

@Ankita28g @ankush-jain-akto
hii there!
i want to work on the test to check if a user can redeem the same coupon code multiple times #175. could you assign me this issue.

[harshalkh]

@Ankita28g @ankush-jain-akto I have raised a PR for this one. Please review and let me know if any suggestions/changes.
akto-api-security/tests-library#21

[SanchitMahajan236]

Hey @Ankita28g @ankush-jain-akto !! Can you please assign me this issue ?? I would love to contribute to it.

[avneesh-akto]

@harshalkh your YAML seems to be invalid. Logic is correct but please run the template on some valid endpoint before you make a PR.

[harshalkh]

@harshalkh your YAML seems to be invalid. Logic is correct but please run the template on some valid endpoint before you make a PR.

@avneesh-akto - i have made changes and tested on Test editor. please check now. akto-api-security/tests-library#21

[avneesh-akto]

Hello @harshalkh , could you please make a minor adjustment? Instead of solely searching for the coupon in the query parameters, could you also check for it in the request body? Thank you! Rest looks good to me

[avneesh-akto]

Also change target branch to develop instead of master

[harshalkh]

Also change target branch to develop instead of master

@avneesh-akto - requested changes done..
akto-api-security/tests-library#29

Also pls assign this issue to me.

[avneesh-akto]

Looks good @harshalkh.