⛏️ Write a test to check whether we can create/update an object with invalid URLs

[arjun-akto]

💭 Introduction:

We want to test to check whether an attacker can create/update entity with an invalid URL.

🎯 Requirements:

1. Filters - API with Web URL as an input in GET query parameter or JSON body parameter

2. Execute - It should replace the value with

• special characters
• A very long string (> 255 characters)
• Use whitespaces
• Invalid SSN
• A negative integer
• A very long integer causing integer overflow
• Zero
• NULL
• Malicious Host URLs
• URLs having special Characters, possibly breaking the URL structure when executed internally

3. Validation - If the application responds with a exception trace, it is a vulnerability.

✅ Task summary:

• Ask to be assigned to the issue.
• Wait to be assigned. We will try to assign in less than 2 hours.
• Signup for [Akto]
• Fork the [tests-library] repository, create a new branch and commit the yaml file which will be called in your test.
• Submit both the PR here.

📚 Reading

You can find a detailed documentation of test editor rules [here]

Find 100+ examples of YAML tests [here]

🙋🏼‍♂️ Questions:

If you have questions, need any help, or just want to hang out, make sure to join us on our [Discord server].

[heysagnik]

I would love to work on this issue please kindly assign me

[arjun-akto]

Hi @heysagnik . I have assigned the issue to you. Please feel free to connect us on our Discord server for any doubts.

[STUDIOUS-WOLF]

Hi @arjun-akto, @heysagnik I would like to contribute to this issue if no one is working on it

[heysagnik]

yeah you may work, I am not getting what actually to be done.

[arjun-akto]

Hi @STUDIOUS-WOLF , I have assigned the issue to you. Please feel free to connect us on our Discord server for any doubts.