Merge pull request #9 from blst-security/oas3_1

Oas3 1

cli/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "cherrybomb"
-version = "0.3.0"
+version = "0.4.2"
 edition = "2021"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

cli/src/actions.rs

@@ -8,7 +8,8 @@ use std::fs::OpenOptions;
 use std::io::Write;
 use url::Url;
 use uuid::Uuid;
-use swagger::scan::passive::{PassiveSwaggerScan,ScanType};
+use swagger::scan::passive::{PassiveSwaggerScan,PassiveScanType};
+use swagger::{Swagger,OAS3_1,OAS};
 
 pub fn add_token(token: String) -> bool {
     match Uuid::parse_str(&token) {
@@ -38,6 +39,20 @@ pub fn add_token(token: String) -> bool {
     }
 }
 
+pub fn run_swagger_scan<T>(scan_try:Result<PassiveSwaggerScan<T>,&'static str>,verbosity:u8,output_file:&str)
+where T:OAS+Serialize+for<'de> Deserialize<'de>{
+    let mut scan = match scan_try{
+        Ok(s)=>s,
+        Err(e)=>{
+            print_err(e);
+            return;
+        },
+    };
+    scan.run(PassiveScanType::Full);
+    scan.print(verbosity);
+    let print = scan.print_to_file_string();
+    write_to_file(output_file,print);
+}
 pub fn run_swagger(file:&str,verbosity:u8,output_file:&str){
     let swagger_str = match read_file(file){
         Some(s)=>s,
@@ -53,17 +68,15 @@ pub fn run_swagger(file:&str,verbosity:u8,output_file:&str){
             return;
         }
     };
-    let mut scan = match PassiveSwaggerScan::new(swagger_value){
-        Ok(s)=>s,
-        Err(e)=>{
-            print_err(e);
-            return;
-        },
+    let version = swagger_value["openapi"].to_string().trim().replace("\"","");
+    if version.starts_with("3.0"){
+        run_swagger_scan::<Swagger>(PassiveSwaggerScan::<Swagger>::new(swagger_value),verbosity,output_file);
+    }else if version.starts_with("3.1"){
+        run_swagger_scan::<OAS3_1>(PassiveSwaggerScan::<OAS3_1>::new(swagger_value),verbosity,output_file);
+    }else{
+        print_err("Unsupported OpenAPI specification version");
+        return;
     };
-    scan.run(ScanType::Full);
-    scan.print(verbosity);
-    let print = scan.print_to_file_string();
-    write_to_file(output_file,print);
 }
 
 pub fn map(logs_file: String, output: String) {

cli/src/main.rs

@@ -1,17 +1,17 @@
 use attacker::{Authorization, Verbosity};
 use clap::{App, Arg, Error};
 use colored::*;
-use firecracker::*;
+use cherrybomb::*;
 use mapper::digest::Header;
 
-const VERSION: &str = "0.3.0";
+const VERSION: &str = "0.4.3";
 const MAP_FILE: &str = "map";
 const DECIDE_FILE: &str = "decide";
 const SWAGGER_OUTPUT_FILE: &str = "results.txt";
 
 #[tokio::main]
 async fn main() -> Result<(), Error> {
-    let matches = App::new("FIRECRACKER")
+    let matches = App::new("CHERRYBOMB")
         .version(VERSION)
         .author("<support@blstsecurity.com>")
         .about("Blst cli app")

swagger/Cargo.toml

@@ -16,3 +16,4 @@ strum = "0.23"
 strum_macros = "0.23"
 url="^2"
 colored = "2.0.0"
+base64 = "0.13.0"

swagger/src/ep.rs

@@ -1,14 +1,14 @@
 use super::*;
 
-#[derive(Debug, Clone, Serialize, Deserialize, Default,PartialEq,Eq)]
-pub struct Ep{
-    pub path:String,
-    pub method:Method,
-    pub path_params:Vec<Param>,
-    pub req_payload_params:Option<Param>,
-    pub req_payload_type:Option<String>,
-    pub res_payload_params:HashMap<String,Param>,
-    pub servers:Vec<String>,
+#[derive(Debug, Clone, Serialize, Deserialize, Default, PartialEq, Eq)]
+pub struct Ep {
+    pub path: String,
+    pub method: Method,
+    pub path_params: Vec<Param>,
+    pub req_payload_params: Option<Param>,
+    pub req_payload_type: Option<String>,
+    pub res_payload_params: HashMap<String, Param>,
+    pub servers: Vec<String>,
 }
 /*
 #[derive(Debug, Clone, Serialize, Deserialize, Default,PartialEq,Eq,Copy)]