Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix auth #115

Closed
wants to merge 7 commits into from
Closed

Fix auth #115

wants to merge 7 commits into from

Conversation

DeliciousBounty
Copy link
Collaborator

@DeliciousBounty DeliciousBounty commented Feb 5, 2023
edited
Loading

Hey I fixed authentication and made some changes in auth.rs and conf.rs
In response to my issue #109

GuyL99
GuyL99 requested changes Feb 13, 2023
View reviewed changes
Copy link
Contributor

@GuyL99 GuyL99 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

In cherrybomb-engine/src/scan/active/http_client/auth.rs, you forgot to implement the custom auth type, and that's why it said the the 3 parts thingy is redundant, please implement it, plus I changed you toml file to have cherrybomb engine 0.1 and not path, we have to uplaod cherrybomb engine to crates.io before we move on, and that's for Raz to do.

@DeliciousBounty
Copy link
Collaborator Author

DeliciousBounty commented Feb 13, 2023
edited
Loading

@GuyL99 ,
I did not forget to implement the custom auth type.
Actually cherrybomb support four types of authentication: basic, bearer, header, cookie.
You can see https://github.com/blst-security/cherrybomb/blob/fix_auth/cherrybomb-engine/src/scan/active/http_client/auth.rs
that all of them are implemented. ( see the "from_parts" function)

@GuyL99
Copy link
Contributor

GuyL99 commented Feb 13, 2023

Why not include custom then?

@DeliciousBounty
Copy link
Collaborator Author

Raz called it header type instead of custom, it is work the same way. User provide header and value

@GuyL99
Copy link
Contributor

GuyL99 commented Feb 14, 2023

Custom can be delivered by query or payload as a parameter...

@DeliciousBounty
Copy link
Collaborator Author

DeliciousBounty commented Feb 14, 2023
edited
Loading

Custom can be delivered by query or payload as a parameter...
@RazMag
I get it.
So actually the new cherrybomb CLI does not include custom authentication.
I implemented authentication in according to the new CLI.
maybe open an issue for it?

@RazMag
Copy link
Collaborator

RazMag commented Feb 22, 2023

Merged with dev, will be added to main in 1.0.1

@RazMag RazMag closed this Feb 22, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@GuyL99 GuyL99 GuyL99 requested changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@DeliciousBounty @GuyL99 @RazMag