Fixing req and payload

.github/workflows/dev-build-check.yml

@@ -27,38 +27,32 @@ jobs:
           command: fmt
 
   cargo-clippy:
-    name: clippy
+    name: Clippy
     runs-on: ubuntu-latest
+    env:
+      RUSTFLAGS: -D warnings
     steps:
       - uses: actions/checkout@v2
-      - name: Install nightly
-        uses: actions-rs/toolchain@v1
+      - uses: actions-rs/toolchain@v1
         with:
           toolchain: nightly
           override: true
           components: clippy
-
-      - name: cargo-clippy
-        env:
-          RUSTFLAGS: "-D warnings"
-        uses: actions-rs/cargo@v1
+      - uses: actions-rs/cargo@v1
         with:
           command: clippy
 
   cargo-build:
     name: build
     runs-on: ubuntu-latest
+    env:
+      RUSTFLAGS: -D warnings
     steps:
       - uses: actions/checkout@v2
-      - name: Install nightly
-        uses: actions-rs/toolchain@v1
+      - uses: actions-rs/toolchain@v1
         with:
           toolchain: nightly
           override: true
-
-      - name: cargo-build
-        env:
-          RUSTFLAGS: "-A warnings"
-        uses: actions-rs/cargo@v1
+      - uses: actions-rs/cargo@v1
         with:
           command: build

.gitignore

@@ -4,3 +4,5 @@ Cargo.lock
 ./mapper
 ./attacker
 ./decider
+/.idea
+

Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "cherrybomb"
-version = "0.7.1"
+version = "0.7.2"
 authors = ["BLST Security"]
 description = """
 Cherrybomb is a CLI tool that helps you avoid undefined user behavior by validating your API specifications.
@@ -33,8 +33,8 @@ members = [
 	"swagger",
 ]
 [dependencies]
-cherrybomb-cli = "^0.7"
-cherrybomb-swagger = "^0.1"
+cherrybomb-cli = "^0.7.1"
+cherrybomb-swagger = "^0.1.1"
 clap = { version = "^3", features = ["derive"] }
 uuid = { version = "0.8", features = ["v4","serde"] }
 serde = { version = "^1.0", features = ["derive"] }

cli/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "cherrybomb-cli"
-version = "0.7.0"
+version = "0.7.1"
 edition = "2021"
 description = "A helper package for Cherrybomb"
 license = "Apache-2.0"
@@ -19,8 +19,7 @@ serde_json = "1.0"
 tokio = { version = "^1.0", features = ["full"] }
 futures = "0.3"
 futures-util = { version = "^0.3", default-features = false, features = ["alloc"] }
-#cherrybomb-swagger = "^0.1"
-cherrybomb-swagger = {path="../swagger"}
+cherrybomb-swagger = "^0.1.1"
 reqwest = { version = "^0.11",default_features = false, features = ["json","rustls-tls"] }
 colored = "2.0.0"
 url = { version = "2" }

cli/rust-toolchain.toml

@@ -0,0 +1,2 @@
+[toolchain]
+channel = "nightly"

cli/src/actions.rs

@@ -1,9 +1,9 @@
-use std::collections::HashMap;
 use super::*;
+use std::collections::HashMap;
 use swagger::scan::active::{ActiveScan, ActiveScanType};
 use swagger::scan::passive::PassiveSwaggerScan;
 use swagger::scan::Level;
-use swagger::{Authorization, Check, EpTable, ParamTable, PassiveScanType, Swagger, OAS, OAS3_1};
+use swagger::{Authorization, Check, EpTable, ParamTable, PassiveScanType, Swagger, OAS, OAS3_1, Server};
 
 pub fn run_passive_swagger_scan<T>(
     scan_try: Result<PassiveSwaggerScan<T>, &'static str>,
@@ -23,10 +23,10 @@ where
     };
     scan.run(passive_scan_type);
     if json {
-        let mut out_json : HashMap<&str,Vec<swagger::scan::Alert>>= HashMap::new();
-        for check in scan.passive_checks.iter(){
+        let mut out_json: HashMap<&str, Vec<swagger::scan::Alert>> = HashMap::new();
+        for check in scan.passive_checks.iter() {
             if !check.inner().is_empty() {
-                out_json.insert(check.name(),check.inner().clone());
+                out_json.insert(check.name(), check.inner().clone());
             }
         }
         print!("{}", serde_json::to_string(&out_json).unwrap());
@@ -55,7 +55,8 @@ pub async fn run_active_swagger_scan<T>(
     output_file: Option<String>,
     auth: Authorization,
     scan_type: ActiveScanType,
-    json:bool
+    json: bool,
+    _servers: Option<Vec<Server>>,
 ) -> Result<i8, &'static str>
 where
     T: OAS + Serialize + for<'de> Deserialize<'de> + std::fmt::Debug,
@@ -68,10 +69,10 @@ where
     };
     scan.run(scan_type, &auth).await;
     if json {
-        let mut out_json : HashMap<&str,Vec<swagger::scan::Alert>>= HashMap::new();
-        for check in scan.checks.iter(){
+        let mut out_json: HashMap<&str, Vec<swagger::scan::Alert>> = HashMap::new();
+        for check in scan.checks.iter() {
             if !check.inner().is_empty() {
-                out_json.insert(check.name(),check.inner().clone());
+                out_json.insert(check.name(), check.inner().clone());
             }
         }
         print!("{}", serde_json::to_string(&out_json).unwrap());
@@ -103,13 +104,10 @@ pub async fn run_swagger(
     no_active: bool,
     active_scan_type: ActiveScanType,
     passive_scan_type: PassiveScanType,
-    json: bool,
-) -> i8 {
+    json: bool, ) -> i8 {
     let (value, version) = if let Some((v1, v2)) = get_oas_value_version(file) {
         (v1, v2)
-    } else {
-        return -1;
-    };
+    } else { return -1 };
     if version.starts_with("3.") {
         if json {
             print!("{{\"passive checks\":");
@@ -128,19 +126,20 @@ pub async fn run_swagger(
         if json {
             print!(",\"active checks\":");
         }
-        let active_result =
-            if !no_active {
-                run_active_swagger_scan::<OAS3_1>(
-                    ActiveScan::<OAS3_1>::new(value.clone()),
-                    verbosity,
-                    output_file.clone(),
-                    auth,
-                    active_scan_type,
-                    json,
-                ).await
-            } else {
-                Ok(0)
-            };
+        let active_result = if !no_active && value.get("servers").is_some()  {
+            run_active_swagger_scan::<OAS3_1>(
+                ActiveScan::<OAS3_1>::new(value.clone()),
+                verbosity,
+                output_file.clone(),
+                auth,
+                active_scan_type,
+                json,
+                None, // TODO ADD SUPPORT FOR SERVERS FROM CONFIG
+            )
+            .await
+        } else {
+            Ok(0)
+        };
         if let Err(e) = active_result {
             print_err(e);
             return -1;