search

blst-security / cherrybomb

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
https://www.blstsecurity.com/cherrybomb
Apache License 2.0
1.08k stars 78 forks source link

YAML support broken? #111

Closed rngtng closed 7 months ago

rngtng commented 1 year ago

Describe the bug According to https://github.com/blst-security/cherrybomb/issues/19 yaml support should be there, but I couldn't get it working:

An OAS 3.1 file in yaml format raises error:

> cherrybomb --file foo.yaml
 v1.0.0
Starting Cherrybomb...
Opening OAS file...
Parsing OAS file...
Error: Error parsing OAS file: expected value at line 1 column

Same content as json works fine.

To Reproduce Steps to reproduce the behavior:

  1. wget https://raw.githubusercontent.com/OAI/OpenAPI-Specification/main/examples/v3.1/non-oauth-scopes.yaml
  2. cherrybomb --file non-oauth-scopes.yaml
  3. FAILURE!

But JSON works:

  1. wget https://raw.githubusercontent.com/OAI/OpenAPI-Specification/main/examples/v3.1/non-oauth-scopes.json
  2. cherrybomb --file non-oauth-scopes.json
  3. SUCCESS!

Expected behavior YAML File gets successfully parsed

Version

DeliciousBounty commented 1 year ago

Hey @rngtng, Thank you for taking the time to contact us. You are correct, We used to support the YAML OpenAPI file in previous versions. However, for the time being, we only support JSON files in this new release. Thank you to pay attention to us! It's already on our list of things to do. I will notify you once this feature is available.

rngtng commented 1 year ago

Cool, thanks the fast feedback. No worries, there are enough yaml -> json converters out there…

jayvdb commented 7 months ago

This is fixed..?

DeliciousBounty commented 7 months ago

Thank @jayvdb Yes it is fixed, and we also updated the crates. I close this issue