cherrybomb

Whats Changed

• Exclude Include #134: Improved handling for exclusions and inclusions.
• Support Yaml added #117: Added YAML support for enhanced functionality.
• Added auth #138: Authentication feature implemented for secure access.
• Support JSON output #121: Added capability for JSON output format.

This minor release brings these notable enhancements and additions to our open-source tool, enhancing its functionality and usability. Download the update now to enjoy these improvements!

What's Changed

• adding fixes to dev by @RazMag in https://github.com/blst-security/cherrybomb/pull/64
• added rust-toolchain.toml file. fixing #65 by @RazMag in https://github.com/blst-security/cherrybomb/pull/66
• Readme update for crates.io install by @RazMag in https://github.com/blst-security/cherrybomb/pull/67
• Dev by @RazMag in https://github.com/blst-security/cherrybomb/pull/68
• Fix auth by @GuyL99 in https://github.com/blst-security/cherrybomb/pull/75
• Dev by @DeliciousBounty in https://github.com/blst-security/cherrybomb/pull/76
• Fixing req and payload by @DeliciousBounty in https://github.com/blst-security/cherrybomb/pull/81
• fix spelling error in swagger/src/lib.rs by @aliencdh in https://github.com/blst-security/cherrybomb/pull/99
• Version 0.7.2 by @RazMag in https://github.com/blst-security/cherrybomb/pull/92
• Create payload new version by @DeliciousBounty in https://github.com/blst-security/cherrybomb/pull/95
• Add files via upload by @DeliciousBounty in https://github.com/blst-security/cherrybomb/pull/102
• Final branch dev by @DeliciousBounty in https://github.com/blst-security/cherrybomb/pull/101
• Fix examples folder broken link by @OmerWow in https://github.com/blst-security/cherrybomb/pull/105
• Add files via upload by @DeliciousBounty in https://github.com/blst-security/cherrybomb/pull/106
• Add files via upload by @DeliciousBounty in https://github.com/blst-security/cherrybomb/pull/107
• Reformat by @RazMag in https://github.com/blst-security/cherrybomb/pull/108
• Bump tokio from 1.22.0 to 1.23.1 by @dependabot in https://github.com/blst-security/cherrybomb/pull/110
• Bump tokio from 1.24.1 to 1.25.0 in /cherrybomb-engine by @dependabot in https://github.com/blst-security/cherrybomb/pull/112

New Contributors

• @aliencdh made their first contribution in https://github.com/blst-security/cherrybomb/pull/99

Full Changelog: https://github.com/blst-security/cherrybomb/compare/v0.7.0...v1.0.0

Release Notes

We are excited to announce the release of Cherrybomb’s new version!
The main feature of the v0.7.0 release is the new Active module.
We’ve also fixed various bugs and made some security updates.

The Active Module

The active module takes our API testing to a new level. By providing not only static testing and auditing of your OAS file (with the passive module), but a test that tests the API itself by sending requests and analyzing the responses.

The Active module tests APIs by:

• Verifying that the API follows the specifications dictated in the OAS file
• Testing the API for common security vulnerabilities

CI/CD integration support

We’ve implemented Improvements to the CLI interface to better support CI pipelines.

Cherrybomb now supports emitting exit codes on completion to reflect different results:

• 0 for a no warnings
• 101 for warnings present
• -1 for an error in the test
  More granular exit code support will be added in the future.

Misc

Other changes include:

• New table format, now using comfy_table
• Update tokio requirement from 1.13.0 to 1.13.1
• 3 new passive checks

What's Changed

CLI

• Added the command ep-table
• Separated param-table into it's own command
• Added configuration options
• Rebuilt the CLI main using structopt in clap
• Added the option to present only 1 parameter or 1 endpoint in their respective tables
• Added the option for a JSON output - cherrybomb oas --file --format json

OAS

• Created the EpTable module - it's meant to build the same kind of table as the param-table but with a different key(endpoint/path) and with some different related fields.

General

• Deprecated the Decider module.
• Some minor bug fixes
• Now taking yaml OAS files as input as well🎉

New Contributors

• @dret made their first contribution in https://github.com/blst-security/cherrybomb/pull/18

Full Changelog: https://github.com/blst-security/cherrybomb/compare/v0.5.2...v0.6.0

What's Changed

Bug Fix:

• Fixed a bug where the tables were formatted for bigger screens and reduced it's size to the size of normal screens.
• Added an example download to the install script

What's Changed

A new check!

We have released the long awaiting check regarding auth scopes in different methods
Thanks to @H31S3nb3rg-0x00 for contributing the check!

A new command!

Hearing back some feedback we added a new command that you can use to call the OpenAPI specification validation.
cherrybomb oas
It functions exactly like the swagger command.

Bug fixes:

• Children parameters were sometimes not included in the param table - Fixed.
• Path+ Query parameters were sometimes not included in the param table -Fixed.
• Parameters min/max were not calculated correctly - Fixed.
• Endpoints at which they are present.

What's Changed

Parameter table feature

You can run the swagger scan command with the --param-table flag and get a table with all of the APIs parameters.

The table contains The parameters':

• Types.
• Min/Max.
• Status codes at which they are present.
• Endpoints at which they are present.
• Parent parameters.
• Child parameters.

Added support for OAS 3.1

Fixed a bug that fixated the CLI on the home dir

First release, no need to register