Authorization input validation - Error handling

blst-security / cherrybomb

Stop half-done APIs! Cherrybomb is a CLI tool that helps you avoid undefined user behaviour by auditing your API specifications, validating them and running API security tests.

https://www.blstsecurity.com/cherrybomb

Apache License 2.0

1.12k stars 78 forks source link

Authorization input validation - Error handling #86

Closed RoyB99 closed 1 year ago

RoyB99 commented 1 year ago

Add better error handling in the auth.rs (/swagger/src/scan/active/http_client) file for auth types. line 15 includes a panic and the rest trust the input to be valid.

There needs to be error handling for input validation.

Cheers,

DeliciousBounty commented 1 year ago

@RoyB99 I appreciate your suggestion. We'll include support for more sophisticated error handling in the upcoming release.