Generating tests from a single cURL is smart because it meets devs where they already are. We're already firing off cURL commands during development; turning that into a test suite with zero extra effort is a nice DX win.
A few edge cases I’d love to see: Rate limit testing (verify proper 429s with Retry-After) Idempotency checks for POST/PUT endpoints Unicode edge cases like : emoji, RTL characters, null bytes in strings
The ChatGPT API finding is a great proof point. Nothing sells a security tool better than “we found something in production at a major company.” Will try this on some internal APIs this week.
Rate-limit testing and proper 429/Retry-After handling are definitely on the roadmap. Idempotency checks for POST/PUT are a great call too, a lot of APIs behave unpredictably there, and it’s one of those areas people rarely test systematically. Unicode/emoji/RTL input fuzzing is a fun one, Rentgen already generates trimming/whitespace/negative cases, but expanding into more string-weirdness categories makes total sense.
If you end up trying it on any internal APIs this week, I’d genuinely love to hear what it catches. The tool often surprises me in places I didn’t expect.
liudasjank•2mo ago
Rentgen takes one cURL request and generates: • boundary tests (min/max, out-of-range) • enum variation tests • invalid/negative input cases • trimming/whitespace cases • structure/mapping validation • reflection safety checks • missing/incorrect security headers • basic latency/load insights • automatic bug-report templates • and many other.
The goal is to give engineers a rough but honest API health picture in ~2 minutes — without maintaining test files or writing code.
A fun surprise: I pointed Rentgen at ChatGPT’s API and found a few issues we genuinely didn’t expect to see in production. They were fixed immediately after reporting.
I would really appreciate feedback from the community: • What categories of tests are missing? • Which edge cases do you usually find manually? • What would make this useful in your workflow?
GitHub: https://github.com/LiudasJan/Rentgen
Happy to answer anything about the engine design, how the generator works, reflection detection, or upcoming performance modules.