⛏️ Write a test to check whether we can create/update an object with negative price/amount/value

[aktoboy]

💭 Introduction:
We want to test to check whether an attacker can create/update entity with an invalid price/amount/value.

🎯 Requirements:

1. Filters - This test should run on apis that has a query parameter or request-body parameter named price, amount, quantity or value.

2. Execute - It should replace the value with

• special characters
• A very long string (> 255 characters)
• Use whitespaces
• A negative integer
• A very long integer causing integer overflow
• Zero
• NULL

3. Validation - If the application responds with a exception trace, it is a vulnerability.

📚 Reading
You can find a detailed documentation of test editor rules here
Find 100+ examples of YAML tests here

✅ Task summary:

• Ask to be assigned to the issue.
• Wait to be assigned. We will try to assign in less than 2 hours.
• Signup for Akto
• Fork the tests-library repository, create a new branch and commit the yaml file which will be called in your test.
• Submit both the PR here.

✌🏻 Hints:
You can build the yaml template by referring this link

🙋🏼‍♂️ Questions:
If you have questions, need any help, or just want to hang out, make sure to join us on our Discord server.

[bhavyastar]

Hey @Ankita28g, I would like to work on this issue!

[Ankita28g]

Awesome! Assigned to you @bhavyastar. Happy hackfesting 😃

[aktoboy]

Hey @bhavyastar, I have updated the issue description to provide more details. Feel free to reach out if you need any help 😃. Happy hackfesting!!!

[siddoinghisjob]

Hey I am new to programming though I learnt java I don't know testing. Can you point me to some resources to learn about yaml, testing etc.

[Ankita28g]

how about you pair program with @ayushaga14? 🔥

[siddoinghisjob]

How does that work? I am ready for any learning opportunity 🤞

[Ankita28g]

Hi @siddoinghisjob this one is already assigned to @bhavyastar. Can you pick something else? Also, to learn how tests work with Akto, the best way is to local deploy Akto and run tests. 😊

[Ankita28g]

Hi @bhavyastar let us know if you need any help with this?

[Jittojoyes98]

If so i would like to help.

[bhavyastar]

Yes, Can we do a meeting tomorrow or just a discord call? I have some queries.
cc: @aktoboy @Ankita28g @Jittojoyes98

[Ankita28g]

hi totally, ping us on Discord. @bhavyastar

[Ankita28g]

Hi @bhavyastar thanks for your submission in Hackfest. 🔥 We are reviewing your work. Do these two below:

Join this group on discord for discussions around prizes? 🚀 🏆
Please fill this form your PR to be considered for prizes!

[OshaibBeg]

Hey, I would like to contribute to this issue.

[atharvamalji]

Is this issue still unassigned? If so I would like to get assigned to solve the issue. This is my first time participating in hactoberfest.

[avneesh-akto]

I've assigned it to you, @atharvamalji . Happy hacking! Feel free to join our Discord if you need assistance.