v0.9.1

What's Changed

• Fixed nil-cast bug in oas2,oas3,raml analyzers (#126 / @exhaustedMutex)
  • Add test code for nil-cast issue (functional_test/fixtures/oas3/nil_cast/)
  • Improve debug logs
• Fixed bug in js-express (#126 / @exhaustedMutex)
• Fixed typo in Deliver initialize (#132 / @HolyBugx)
  • Add test code for header in deliver

Full Changelog: v0.9.0...v0.9.1

v0.9.0

What's Changed

• FastAPI Detector&Analyzer (by @ksg97031 👍)
  • Support to URL, Method, Param, Header, WebSocket
  • And a thorough test codes
• ElasticSearch Deliver was added. (flag: --send-es)
• YAML has been added to the output format.

Full Changelog: v0.8.0...v0.9.0

Showcase

FastAPI Detector & Analyzer

noir -b ./fastapi_app

Flag: --send-es (ES Deliver)

# noir -b <BASE-PATH> --send-es http://<ES-ENDPOINT>/<INDEX>/<TYPE>
noir -b ./app/ --send-es http://localhost:9200/noir/url

ES search result

Flag: -f yaml

noir -b ./kemal -f yaml

v0.8.0

What's Changed

• Add new flag
  • Add --with-headers flag for Delivers
• Add new output formats
  • oas2 e.g noir -b . -f oas2
  • oas3 e.g noir -b . -f oas3
• Improve codes
  • Add new type in CodeLocator
    • With the addition of CodeLocator's type inference, more precise code analysis is now possible.
    • In this patch, when there are multiple API Spec documents within the analysis directory, all of them can be processed.
  • The output-related logic has been moved to an object called output_builder from noir model.
    • With this change, adding output type has become easier.
    • Now when using the -o flag to save a file, only the results of output_builder are saved.

Full Changelog: v0.7.3...v0.8.0

--with-headers flag

The --with-headers flag supports multiple flags and allowing you to add arbitrary headers in commands like --send-proxy. Any headers added through this flag can override existing header information obtained during source code analysis, using them as new headers.

Single

noir -b ./source --send-proxy http://localhost:8090 --with-headers "X-API-Key: ABCD"

Multiple

noir -b ./source --send-proxy http://localhost:8090 \
    --with-headers "X-API-Key: ABCD" \
    --with-headers "Authentication: ABCD"

v0.7.3

What's Changed

• Add ZAP Deliver Model
• Fixed #102 bug in OAS2 Analyzer

Full Changelog: v0.7.2...v0.7.3

v0.7.2

What's Changed

• Fixed #95 (Add exception of Dir.glob)

Thank you for @fanzige

v0.7.1

What's Changed

• Fixed #90

v0.7.0

• Support to Kotlin Spring
• Support to Java Armeria
• Support to C# ASP.NET MVC (First step, Only URL Endpoints)
• Improve Analyzers
  • Java Spring
  • Python Django (Add Method / Param / Header)
• Improve code quality and functional/unit test codes
• Fixed bugs

I extend my infinite gratitude to the brilliant developer @ksg97031 . And I am truly thankful to @infosec-au for the great ideas provided!

v0.6.0

Summary

• Support to Go Gin
  • Detector
  • Analyzer(Endpoint, Method, Param, Header)
• Support to RAML
  • Detector
  • Analyzer(Endpoint, Method, Param, Header)
• Improve Analyzers
  • Add JSP Analyzer (+With param)
  • Improve Go Echo Analyzer (+Support header param)

Screenshots

Go Gin

RAML

v0.5.4

• 🪄 Improve PHP Analyzer
  • Modify to identify POST parameters (bug fix). v0.5.3 / v0.5.4
  • Add identification of Header parameters. v0.5.3
  • Improve code analysis. v0.5.4
• 🪲 Fixed bugs
  • param-type bug v0.5.3

PHP Analyzer

Test fixture

Example App

v0.5.3

• 🪄 Improve PHP Analyzers
  • Modify to identify POST parameters (bug fix).
  • Add identification of Header parameters.
  • 5cb8863 / #58
• 🪲 Fixed param-type bug