search

blst-security / cherrybomb

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
https://www.blstsecurity.com/cherrybomb
Apache License 2.0
1.08k stars 78 forks source link

include/exclude Seem to Have no Effect #140

Closed afrazkhan closed 8 months ago

afrazkhan commented 9 months ago

Describe the bug

Adding the include/exclude rules in the configuration seem to have no effect.

To Reproduce

Steps to reproduce the behavior:

  1. Add something like the following into a configuration file:

    ```
{
    "profile": "Passive",
    "passive_exclude": [
        "DESCRIPTION"
    ],
    "active_exclude": [
        "DESCRIPTION"
    ]
}
```

  2. Run with cherrybomb -c [CONFIG_FILE] -f [FILE_TO_CHECK]

I've also tried with every variation in the exclude strings I could think of, like:

And many more! ;)

Expected behavior

The excluded checks are excluded.

Screenshots

If applicable, add screenshots to help explain your problem.

Desktop (please complete the following information):

Additional context

Add any other context about the problem here.

DeliciousBounty commented 9 months ago

Hey @afrazkhan, Thanks for catching that. But we still do not publicly update the crate. You can try to compile locally, and that should be solved. We will update when the new crates are available.

afrazkhan commented 9 months ago

Thanks @DeliciousBounty. Do you know if the Docker image you provide has the latest code already? Else I'll build one for my CI myself.

DeliciousBounty commented 9 months ago

@afrazkhan You need to build it by yourself

DeliciousBounty commented 8 months ago

We already updated the crate, so I will close this issue.If it rises again, I invite you to open a new one.