⛏️ Write a test to check whether we can create/update an object with Parameter Exclusion

[arjun-akto]

💭 Introduction:

We want a test to check whether an attacker can create/update entity with Parameter exclusion.

🎯 Requirements:

1. Filters - API with atleast one parameter as an input in GET query parameter or JSON body parameter

2. Execute - It should replace the value with

• “name”=”john” → “name”=
• {”name”:”John”} → {”name”:””}
• {”name”:”John”} → {”name”:}
• Completely removing the key-value pair

3. Validation - If the application responds with a exception trace, it is a vulnerability.

✅ Task summary:

• Ask to be assigned to the issue.
• Wait to be assigned. We will try to assign in less than 2 hours.
• Signup for [Akto]
• Fork the [tests-library] repository, create a new branch and commit the yaml file which will be called in your test.
• Submit both the PR here.

📚 Reading

Find 100+ examples of YAML tests [here]

🙋🏼‍♂️ Questions:

If you have questions, need any help, or just want to hang out, make sure to join us on our [Discord server].

[falconcode16]

Hey @arjun-akto, I have gone through the test-library repo and example YAML test and I feel I can contribute to this issue by writing the above mentioned test. Can you please assign this issue to me?

[heysagnik]

Hey @arjun-akto I want to work on this issue

[arjun-akto]

Hi @heysagnik , @falconcode16 . I have assigned the issue to you. Please feel free to connect us on our Discord server for any doubts.