idempotency_verifier

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Mar 21, 2026 License: MIT Imports: 5 Imported by: 0

README

Idempotency Verifier (pkg/core/tools/idempotency_verifier)

The Idempotency Verifier checks if API endpoints correctly handle repeated requests.

Key Tool: verify_idempotency

This tool repeats requests to non-safe endpoints (POST, PUT, PATCH) to detect unintended side effects.

Features
  • Double-Submit Detection: Checks if sending the same request twice creates two records (when it shouldn't).
  • State Integrity: Verifies resource state remains consistent after multiple identical calls.

Usage

Critical for payment APIs and order processing systems where duplicate transactions are dangerous.

Example Prompts

Trigger this tool by asking:

  • "Verify that the payment endpoint is idempotent."
  • "Check if submitting the order twice creates duplicate records."
  • "Ensure that retrying a POST request doesn't cause side effects."

Documentation

Overview

Package idempotency_verifier provides idempotency validation for API endpoints for ZAP.

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type IdempotencyParams 

type IdempotencyParams struct {
	BaseURL     string   `json:"base_url"`               // Base URL of the API
	Endpoints   []string `json:"endpoints,omitempty"`    // Specific endpoints to verify
	RepeatCount int      `json:"repeat_count,omitempty"` // How many times to repeat the request (default: 2)
	IncludeGET  bool     `json:"include_get,omitempty"`  // Whether to verify GET/HEAD (usually idempotent by default)
}

IdempotencyParams defines parameters for idempotency verification.

type IdempotencyResult 

type IdempotencyResult struct {
	TotalVerified   int         `json:"total_verified"`
	IdempotentCount int         `json:"idempotent_count"`
	Violations      []Violation `json:"violations"`
	Summary         string      `json:"summary"`
}

IdempotencyResult represents the outcome of the verification.

type IdempotencyVerifierTool 

type IdempotencyVerifierTool struct {
	// contains filtered or unexported fields
}

IdempotencyVerifierTool checks if API endpoints are correctly idempotent.

func NewIdempotencyVerifierTool 

func NewIdempotencyVerifierTool(falconDir string, httpTool *shared.HTTPTool) *IdempotencyVerifierTool

NewIdempotencyVerifierTool creates a new idempotency verifier tool.

func (*IdempotencyVerifierTool) Description 

func (t *IdempotencyVerifierTool) Description() string

func (*IdempotencyVerifierTool) Execute 

func (t *IdempotencyVerifierTool) Execute(args string) (string, error)

func (*IdempotencyVerifierTool) Name 

func (t *IdempotencyVerifierTool) Name() string

func (*IdempotencyVerifierTool) Parameters 

func (t *IdempotencyVerifierTool) Parameters() string

type RepeatEngine 

type RepeatEngine struct {
	// contains filtered or unexported fields
}

RepeatEngine repeats requests and compares responses to detect idempotency issues.

func (*RepeatEngine) Verify 

func (e *RepeatEngine) Verify(endpoints map[string]shared.EndpointAnalysis) IdempotencyResult

Verify checks a set of endpoints for idempotency violations.

type Violation 

type Violation struct {
	Endpoint    string `json:"endpoint"`
	Description string `json:"description"`
	Diff        string `json:"diff,omitempty"`
}

Violation represents a case where idempotency was broken.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.