Docs

Blog

Careers

Book a Demo

Docs

Blog

Careers

Demo

Fuzz Test

Test Anatomy

Test File Anatomy

This section explains the key elements of the generated test files. This will enable you to make adjustments when needed quickly.

  • At the top of each file, we show when the test was generated and what command was used

  • Below, we import all relevant libraries and specify the URL for all test requests

  • We define a function per method that is tested. It consists of:

    • Invocation of Skyramp Client

    • Definition of the authentication header

    • Definition of the default request body (based on API schema or sample data)

    • Definition of all fuzzed body values

    • Definition of all expected response status codes for fuzzed body values (default = 40X)

    • Definition of all expected response status codes for None body values

    • Loop through all fuzzed values. Each loop:

      • Creates a request with the fuzzed body value

      • Creates a request with the fuzzed value being None

    • Status Code Assertion

Test Execution Behavior

The generated fuzz test will execute in the following way:

  • First, it will execute a request with the default body values from the API spec or sample data you provide

  • The test then iterates through each body value, changing the selected body value with a fuzzed value and None while keeping the default values for all other keys

  • Lastly, it asserts the status codes of all requests. This is done at the end of the loop to avoid premature failure that would lead to unnecessary reruns of the test.

Default Fuzz Strategy

By default, Skyramp generates random data for all values in the request body and stores those in a separate dictionary. Additionally, the generated code contains a dictionary that stores the expected status codes for each fuzzed value. The default value is 40X. Below, we explain how to change those values to ensure your desired fuzz strategy quickly.

  • strings: All string values receive the value “0123456789"

  • integer/float: Integers and floats are assigned the value -10

  • boolean: The boolean value is changed to the opposite, e.g. true to false; if no default value is defined, we assign True.

  • enum: A randomly generated string, that is not part of the enum, is assigned.

Test File Anatomy

This section explains the key elements of the generated test files. This will enable you to make adjustments when needed quickly.

  • At the top of each file, we show when the test was generated and what command was used

  • Below, we import all relevant libraries and specify the URL for all test requests

  • We define a function per method that is tested. It consists of:

    • Invocation of Skyramp Client

    • Definition of the authentication header

    • Definition of the default request body (based on API schema or sample data)

    • Definition of all fuzzed body values

    • Definition of all expected response status codes for fuzzed body values (default = 40X)

    • Definition of all expected response status codes for None body values

    • Loop through all fuzzed values. Each loop:

      • Creates a request with the fuzzed body value

      • Creates a request with the fuzzed value being None

    • Status Code Assertion

Test Execution Behavior

The generated fuzz test will execute in the following way:

  • First, it will execute a request with the default body values from the API spec or sample data you provide

  • The test then iterates through each body value, changing the selected body value with a fuzzed value and None while keeping the default values for all other keys

  • Lastly, it asserts the status codes of all requests. This is done at the end of the loop to avoid premature failure that would lead to unnecessary reruns of the test.

Default Fuzz Strategy

By default, Skyramp generates random data for all values in the request body and stores those in a separate dictionary. Additionally, the generated code contains a dictionary that stores the expected status codes for each fuzzed value. The default value is 40X. Below, we explain how to change those values to ensure your desired fuzz strategy quickly.

  • strings: All string values receive the value “0123456789"

  • integer/float: Integers and floats are assigned the value -10

  • boolean: The boolean value is changed to the opposite, e.g. true to false; if no default value is defined, we assign True.

  • enum: A randomly generated string, that is not part of the enum, is assigned.

Test File Anatomy

This section explains the key elements of the generated test files. This will enable you to make adjustments when needed quickly.

  • At the top of each file, we show when the test was generated and what command was used

  • Below, we import all relevant libraries and specify the URL for all test requests

  • We define a function per method that is tested. It consists of:

    • Invocation of Skyramp Client

    • Definition of the authentication header

    • Definition of the default request body (based on API schema or sample data)

    • Definition of all fuzzed body values

    • Definition of all expected response status codes for fuzzed body values (default = 40X)

    • Definition of all expected response status codes for None body values

    • Loop through all fuzzed values. Each loop:

      • Creates a request with the fuzzed body value

      • Creates a request with the fuzzed value being None

    • Status Code Assertion

Test Execution Behavior

The generated fuzz test will execute in the following way:

  • First, it will execute a request with the default body values from the API spec or sample data you provide

  • The test then iterates through each body value, changing the selected body value with a fuzzed value and None while keeping the default values for all other keys

  • Lastly, it asserts the status codes of all requests. This is done at the end of the loop to avoid premature failure that would lead to unnecessary reruns of the test.

Default Fuzz Strategy

By default, Skyramp generates random data for all values in the request body and stores those in a separate dictionary. Additionally, the generated code contains a dictionary that stores the expected status codes for each fuzzed value. The default value is 40X. Below, we explain how to change those values to ensure your desired fuzz strategy quickly.

  • strings: All string values receive the value “0123456789"

  • integer/float: Integers and floats are assigned the value -10

  • boolean: The boolean value is changed to the opposite, e.g. true to false; if no default value is defined, we assign True.

  • enum: A randomly generated string, that is not part of the enum, is assigned.

Python

Single Method Test Generation (POST)

# Generated by Skyramp v0.5.23 on 2025-06-22 00:03:57.854654 -0400 EDT m=+1.189296459
# Command: skyramp generate fuzz rest https://demoshop.skyramp.dev/api/v1/products \
# 		--api-schema https://demoshop.skyramp.dev/openapi.json \
# 		--framework pytest \
# 		--language python \
# 		--method POST \

# Import of required libraries
import skyramp
import os
import time
# URL for test requests
URL = "https://demoshop.skyramp.dev"

# fuzz test for /api/v1/products POST
def test_products_post():
    # Invocation of Skyramp Client
    client = skyramp.Client()
    # Definition of authentication header
    headers = {}
    if os.getenv("SKYRAMP_TEST_TOKEN") is not None:
        headers["Authorization"] = "Bearer " + os.getenv("SKYRAMP_TEST_TOKEN")

    # Request Body
    products_POST_request_body = r'''{
            "category": "Toys",
            "description": "Bear Soft Toy",
            "image_url": "https://images.app.goo.gl/cgcHpeehRdu5osot8",
            "in_stock": true,
            "name": "bigbear",
            "price": 9.99
        }'''
    
    # Fuzz strategies
    products_post_fuzzed_body = {
        "category": "0123456789",
        "description": "0123456789",
        "image_url": "0123456789",
        "in_stock": False,
        "name": "0123456789",
        "price": -10
    }
    # Fuzz status codes
    expected_products_post_status_code = {
        "category": "40x",
        "description": "40x",
        "image_url": "40x",
        "in_stock": "40x",
        "name": "40x",
        "price": "40x"
    }
    # Fuzz status codes for Null values
    expected_products_post_null_status_code = {
        "category": "40x",
        "description": "40x",
        "image_url": "40x",
        "in_stock": "40x",
        "name": "40x",
        "price": "40x"
    }

    # Execute Request
    products_POST_response = client.send_request(
        url=URL,
        path="/api/v1/products",
        method="POST",
        body=products_POST_request_body,
        headers=headers,
        expected_code="20x"
    )

    for key in skyramp.iterate(products_post_fuzzed_body):
        # Execute Request
        products_POST_response = client.send_request(
            url=URL,
            path="/api/v1/products",
            method="POST",
            body=products_POST_request_body,
            headers=headers,
            data_override={key: skyramp.get_value(products_post_fuzzed_body, key)},
            expected_code=skyramp.get_value(expected_products_post_status_code, key),
            description=f'Fuzzing request body { key } to { skyramp.get_value(products_post_fuzzed_body, key) }'
        )

        # Execute Request
        products_POST_response = client.send_request(
            url=URL,
            path="/api/v1/products",
            method="POST",
            body=products_POST_request_body,
            headers=headers,
            data_override={key: None},
            expected_code=skyramp.get_value(expected_products_post_null_status_code, key),
            description=f'Fuzzing request body { key } to None'
        )

    assert client.is_success()


if __name__ == "__main__":
    test_products_post()

Python

Single Method Test Generation (POST)

# Generated by Skyramp v0.5.23 on 2025-06-22 00:03:57.854654 -0400 EDT m=+1.189296459
# Command: skyramp generate fuzz rest https://demoshop.skyramp.dev/api/v1/products \
# 		--api-schema https://demoshop.skyramp.dev/openapi.json \
# 		--framework pytest \
# 		--language python \
# 		--method POST \

# Import of required libraries
import skyramp
import os
import time
# URL for test requests
URL = "https://demoshop.skyramp.dev"

# fuzz test for /api/v1/products POST
def test_products_post():
    # Invocation of Skyramp Client
    client = skyramp.Client()
    # Definition of authentication header
    headers = {}
    if os.getenv("SKYRAMP_TEST_TOKEN") is not None:
        headers["Authorization"] = "Bearer " + os.getenv("SKYRAMP_TEST_TOKEN")

    # Request Body
    products_POST_request_body = r'''{
            "category": "Toys",
            "description": "Bear Soft Toy",
            "image_url": "https://images.app.goo.gl/cgcHpeehRdu5osot8",
            "in_stock": true,
            "name": "bigbear",
            "price": 9.99
        }'''
    
    # Fuzz strategies
    products_post_fuzzed_body = {
        "category": "0123456789",
        "description": "0123456789",
        "image_url": "0123456789",
        "in_stock": False,
        "name": "0123456789",
        "price": -10
    }
    # Fuzz status codes
    expected_products_post_status_code = {
        "category": "40x",
        "description": "40x",
        "image_url": "40x",
        "in_stock": "40x",
        "name": "40x",
        "price": "40x"
    }
    # Fuzz status codes for Null values
    expected_products_post_null_status_code = {
        "category": "40x",
        "description": "40x",
        "image_url": "40x",
        "in_stock": "40x",
        "name": "40x",
        "price": "40x"
    }

    # Execute Request
    products_POST_response = client.send_request(
        url=URL,
        path="/api/v1/products",
        method="POST",
        body=products_POST_request_body,
        headers=headers,
        expected_code="20x"
    )

    for key in skyramp.iterate(products_post_fuzzed_body):
        # Execute Request
        products_POST_response = client.send_request(
            url=URL,
            path="/api/v1/products",
            method="POST",
            body=products_POST_request_body,
            headers=headers,
            data_override={key: skyramp.get_value(products_post_fuzzed_body, key)},
            expected_code=skyramp.get_value(expected_products_post_status_code, key),
            description=f'Fuzzing request body { key } to { skyramp.get_value(products_post_fuzzed_body, key) }'
        )

        # Execute Request
        products_POST_response = client.send_request(
            url=URL,
            path="/api/v1/products",
            method="POST",
            body=products_POST_request_body,
            headers=headers,
            data_override={key: None},
            expected_code=skyramp.get_value(expected_products_post_null_status_code, key),
            description=f'Fuzzing request body { key } to None'
        )

    assert client.is_success()


if __name__ == "__main__":
    test_products_post()

Python

Single Method Test Generation (POST)

# Generated by Skyramp v0.5.23 on 2025-06-22 00:03:57.854654 -0400 EDT m=+1.189296459
# Command: skyramp generate fuzz rest https://demoshop.skyramp.dev/api/v1/products \
# 		--api-schema https://demoshop.skyramp.dev/openapi.json \
# 		--framework pytest \
# 		--language python \
# 		--method POST \

# Import of required libraries
import skyramp
import os
import time
# URL for test requests
URL = "https://demoshop.skyramp.dev"

# fuzz test for /api/v1/products POST
def test_products_post():
    # Invocation of Skyramp Client
    client = skyramp.Client()
    # Definition of authentication header
    headers = {}
    if os.getenv("SKYRAMP_TEST_TOKEN") is not None:
        headers["Authorization"] = "Bearer " + os.getenv("SKYRAMP_TEST_TOKEN")

    # Request Body
    products_POST_request_body = r'''{
            "category": "Toys",
            "description": "Bear Soft Toy",
            "image_url": "https://images.app.goo.gl/cgcHpeehRdu5osot8",
            "in_stock": true,
            "name": "bigbear",
            "price": 9.99
        }'''
    
    # Fuzz strategies
    products_post_fuzzed_body = {
        "category": "0123456789",
        "description": "0123456789",
        "image_url": "0123456789",
        "in_stock": False,
        "name": "0123456789",
        "price": -10
    }
    # Fuzz status codes
    expected_products_post_status_code = {
        "category": "40x",
        "description": "40x",
        "image_url": "40x",
        "in_stock": "40x",
        "name": "40x",
        "price": "40x"
    }
    # Fuzz status codes for Null values
    expected_products_post_null_status_code = {
        "category": "40x",
        "description": "40x",
        "image_url": "40x",
        "in_stock": "40x",
        "name": "40x",
        "price": "40x"
    }

    # Execute Request
    products_POST_response = client.send_request(
        url=URL,
        path="/api/v1/products",
        method="POST",
        body=products_POST_request_body,
        headers=headers,
        expected_code="20x"
    )

    for key in skyramp.iterate(products_post_fuzzed_body):
        # Execute Request
        products_POST_response = client.send_request(
            url=URL,
            path="/api/v1/products",
            method="POST",
            body=products_POST_request_body,
            headers=headers,
            data_override={key: skyramp.get_value(products_post_fuzzed_body, key)},
            expected_code=skyramp.get_value(expected_products_post_status_code, key),
            description=f'Fuzzing request body { key } to { skyramp.get_value(products_post_fuzzed_body, key) }'
        )

        # Execute Request
        products_POST_response = client.send_request(
            url=URL,
            path="/api/v1/products",
            method="POST",
            body=products_POST_request_body,
            headers=headers,
            data_override={key: None},
            expected_code=skyramp.get_value(expected_products_post_null_status_code, key),
            description=f'Fuzzing request body { key } to None'
        )

    assert client.is_success()


if __name__ == "__main__":
    test_products_post()

© 2025 Skyramp, Inc. All rights reserved.

Privacy Policy

Terms of Service

© 2025 Skyramp, Inc. All rights reserved.

Privacy Policy

Terms of Service

© 2025 Skyramp, Inc. All rights reserved.

Privacy Policy

Terms of Service