Config file fix

[martian56]

This pull request introduces several enhancements to the rustfuzz project, including support for configuration files, expanded functionality, and improved usability. Key changes include the addition of a TOML-based configuration file, new command-line options, and updates to the payload handling and fuzzing logic.

Configuration and CLI Enhancements:

• Added support for a TOML-based configuration file (rustfuzz.example.toml) to simplify and centralize settings management. New options include crawl, mutate, payloads, and openapi.
• Updated the Config struct in src/main.rs to include new fields such as crawl, mutate, and payloads, allowing for more flexible configuration.
• Enhanced the CLI to support the --config option, enabling users to load settings from a configuration file. Command-line arguments now override configuration file values.

Payload and Fuzzing Improvements:

• Added a comprehensive set of XSS payloads in payloads/xss.txt to expand the fuzzing capabilities.
• Improved mutation-based fuzzing and payload handling by integrating configuration file options and enabling unified feature switches for crawl, mutate, and payloads.

Version and Metadata Updates:

• Updated the version of rustfuzz from 3.1.0 to 3.2.0 in Cargo.toml and src/main.rs. [1] [2]

OpenAPI and Analysis Enhancements:

• Added support for OpenAPI endpoint discovery via the openapi configuration option, providing a foundation for future improvements in endpoint parsing.
• Enhanced result analysis by allowing users to analyze export files directly from the configuration or command-line arguments.

These changes significantly improve the flexibility, usability, and functionality of rustfuzz, making it a more robust tool for web fuzzing and endpoint discovery.

Closes #9

[Copilot]

Pull Request Overview

This pull request introduces enhancements to the rustfuzz project by adding support for a TOML-based configuration file, new command-line options, and updates to the payload handling and fuzzing logic. Key changes include:

• Updating the Config struct and CLI parsing to support additional optional fields (crawl, mutate, payloads, openapi, analyze)
• Refactoring command-line argument precedence to override configuration file settings and updating version information
• Adding a comprehensive set of XSS payloads and updating associated files (Cargo.toml, rustfuzz.example.toml)

Reviewed Changes

Copilot reviewed 4 out of 5 changed files in this pull request and generated 1 comment.

File	Description
src/main.rs	Updated Config struct, CLI flags and overrides for improved configuration handling and feature switching
rustfuzz.example.toml	Introduced TOML configuration file with example settings
payloads/xss.txt	Added new XSS payloads to expand fuzzing capabilities
Cargo.toml	Bumped the project version from 3.1.0 to 3.2.0

Comments suppressed due to low confidence (1)

src/main.rs:267

• [nitpick] Since an empty string may not be a valid URL for subsequent operations, consider adding explicit validation or error messaging to handle cases where a required URL is missing.

    let url = config.url.as_deref().unwrap_or("");

[Copilot]

[nitpick] Consider consolidating the repetitive command-line override logic for config fields into a helper function to reduce duplication and improve maintainability.