API Fuzzing using a Postman Collection
Problem to solve
As a user, I want to perform API Fuzzing using a Postman Collection. Postman collections are common assets to have and provide an easy way for users to get started with API Fuzzing.
Intended users
User experience goal
User can setup API Fuzzing using a Postman Collection via a new variable.
Proposal
Add a new variable FUZZAPI_POSTMAN_COLLECTION
allowing the user to provide a filename for a Postman Collection that is checked into the repository or generated by the pipeline.
The following versions will be supported:
- Collection v2
- Collection v2.1
Use authentication provided if user doesn't specify any:
- Bearer token
- Basic auth
- API Key (if support has been added to API Fuzzing)
Tasks:
-
Add support for variable to worker-entry
- Validate file and error if unsupported
-
Add authentication support torunner
existing Postman support -
Add integration tests to worker-entry
-
Update API Fuzzing template -
Document and add changelog entry -
Create example project that uses Postman Collection
Documentation
- Document usage of new variable
What does success look like, and how can we measure that?
Users are able to perform API Fuzzing using a Postman Collection.
Links / references
/cc @sethgitlab @stkerr
The following page may contain information related to upcoming products, features and functionality. It is important to note that the information presented is for informational purposes only, so please do not rely on the information for purchasing or planning purposes. Just like with all projects, the items mentioned on the page are subject to change or delay, and the development, release, and timing of any products, features, or functionality remain at the sole discretion of GitLab Inc.