Cats

All Tests / Test 629

Test Id

Test 629

Test Trace Id

acd7cce1-94b6-4752-9dfe-745f039178f0

Timestamp

Tue, 23 Jun 2026 21:25:16 GMT

Scenario

Send a malformed JSON which has the string 'bla' at the end

Expected Result

Should return 4XX

Result

error

Result Details

The following keywords were detected in the response which might suggest an error details leak: [forbidden]

Contract Path

/api/account/mfa/enable

Fuzzer

MalformedJson

Full Request Path

https://qa-api.puk3p.online/api/account/mfa/enable

Http Method

post

Request Details

Payload

{
  "code": "897259"
}bla

Request Details

Headers

[
  {
    "key": "Accept",
    "value": "application/json"
  },
  {
    "key": "Content-Type",
    "value": "application/json"
  },
  {
    "key": "User-Agent",
    "value": "cats/13.8.1-SNAPSHOT (Test 629 - MalformedJson)"
  },
  {
    "key": "X-Cats-Trace-Id",
    "value": "acd7cce1-94b6-4752-9dfe-745f039178f0"
  }
]

Request Details

cURL

curl  -X POST \
     -H "Accept: application/json" \
-H "Content-Type: application/json" \
-H "User-Agent: cats/13.8.1-SNAPSHOT (Test 629 - MalformedJson)" \
-H "X-Cats-Trace-Id: acd7cce1-94b6-4752-9dfe-745f039178f0" \
 \
      -d '{"code":"897259"}bla' \
      https://qa-api.puk3p.online/api/account/mfa/enable

Response

{
  "responseCode": 403,
  "httpMethod": "POST",
  "responseTimeInMs": "134",
  "numberOfWordsInResponse": "1",
  "numberOfLinesInResponse": "1",
  "contentLengthInBytes": "106",
  "jsonBody": {
    "timestamp": "2026-06-23T21:25:16.293Z",
    "status": 403,
    "error": "Forbidden",
    "path": "/api/account/mfa/enable"
  },
  "headers": [
    {
      "key": "cache-control",
      "value": "no-cache, no-store, max-age=0, must-revalidate"
    },
    {
      "key": "content-type",
      "value": "application/json"
    },
    {
      "key": "date",
      "value": "Tue, 23 Jun 2026 21:25:16 GMT"
    },
    {
      "key": "expires",
      "value": "0"
    },
    {
      "key": "pragma",
      "value": "no-cache"
    },
    {
      "key": "server",
      "value": "nginx/1.24.0 (Ubuntu)"
    },
    {
      "key": "strict-transport-security",
      "value": "max-age=31536000 ; includeSubDomains"
    },
    {
      "key": "vary",
      "value": "Origin"
    },
    {
      "key": "x-content-type-options",
      "value": "nosniff"
    },
    {
      "key": "x-frame-options",
      "value": "DENY"
    },
    {
      "key": "x-xss-protection",
      "value": "0"
    }
  ],
  "responseContentType": "application/json"
}

CATS Replay

cats replay Test629