search

blst-security / cherrybomb

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.
https://www.blstsecurity.com/cherrybomb
Apache License 2.0
1.08k stars 78 forks source link

Cherrybomb throwing stackover error #143

Open abnair24 opened 8 months ago

abnair24 commented 8 months ago

Describe the bug On executing cherrybomb through command line with openapi json file, below error is observed


╭━━━┳╮╱╱╱╱╱╱╱╱╱╱╱╱╭╮╱╱╱╱╱╱╱╭╮
┃╭━╮┃┃╱╱╱╱╱╱╱╱╱╱╱╱┃┃╱╱╱╱╱╱╱┃┃
┃┃╱╰┫╰━┳━━┳━┳━┳╮╱╭┫╰━┳━━┳╮╭┫╰━╮
┃┃╱╭┫╭╮┃┃━┫╭┫╭┫┃╱┃┃╭╮┃╭╮┃╰╯┃╭╮┃
┃╰━╯┃┃┃┃┃━┫┃┃┃┃╰━╯┃╰╯┃╰╯┃┃┃┃╰╯┃
╰━━━┻╯╰┻━━┻╯╰╯╰━╮╭┻━━┻━━┻┻┻┻━━╯
╱╱╱╱╱╱╱╱╱╱╱╱╱╱╭━╯┃
╱╱╱╱╱╱╱╱╱╱╱╱╱╱╰━━╯       v1.0.0

Sending telemetry data to Cherrybomb servers
Getting telemetry token
Starting Cherrybomb...
Opening OAS file...
Parsing OAS file...
Creating OAS struct...
Creating passive scan struct...
Running passive scan...

**thread 'main' has overflowed its stack
fatal runtime error: stack overflow**
[1]    68531 abort      cherrybomb --file openapi.json --profile passive --verbosity debug

Expected behavior Exception should not be thrown. If thrown, detailed log should be present

Desktop (please complete the following information):

Additional context Add any other context about the problem here.

Kindly help on fixing this

DeliciousBounty commented 8 months ago

Hello @abnair24, in order to resolve this issue I would happy to get the OAS file