diff --git a/README.md b/README.md index b722212..45e4915 100644 --- a/README.md +++ b/README.md @@ -50,7 +50,7 @@ The script requires sudo permissions to move the cherrybomb bin into /usr/loc (If you want to view the shell script(or even help to improving it - [/scripts/install.sh](/scripts/install.sh)) ##### Containerized version - You can get Cherrybomb through its containerized version which is hosted on AWS ECR, and requires an API key that you can get on that addess(the loading is a bit slow) - [https://cicd.blstsecurity.com/](https://cicd.blstsecurity.com/) + You can get Cherrybomb through its containerized version which is hosted on AWS ECR, and requires an API key that you can get on that address(the loading is a bit slow) - [https://cicd.blstsecurity.com/](https://cicd.blstsecurity.com/) ``` docker run --mount type=bind,source=[PATH TO OAS],destination=/home public.ecr.aws/blst-security/cherrybomb:latest cherrybomb -f /home/[OAS NAME] --api-key=[API-KEY] diff --git a/cherrybomb-engine/src/lib.rs b/cherrybomb-engine/src/lib.rs index 0124664..43c9b93 100644 --- a/cherrybomb-engine/src/lib.rs +++ b/cherrybomb-engine/src/lib.rs @@ -58,7 +58,7 @@ pub async fn run(config: &mut Config) -> anyhow::Result { }; (oas,oas_json) }else { - return Err(anyhow!("Misconfigured file extention")); + return Err(anyhow!("Misconfigured file extension")); }; match config.profile { config::Profile::Info => run_profile_info(&config, &oas, &oas_json), diff --git a/cherrybomb-engine/src/scan/active/active_scanner.rs b/cherrybomb-engine/src/scan/active/active_scanner.rs index edee0b6..f872192 100644 --- a/cherrybomb-engine/src/scan/active/active_scanner.rs +++ b/cherrybomb-engine/src/scan/active/active_scanner.rs @@ -50,7 +50,7 @@ pub struct OASMap { pub struct ResponseData { pub(crate) location: String, pub(crate) alert_text: String, - pub(crate) serverity: Level, + pub(crate) severity: Level, } #[derive(Debug, Clone, Serialize, Default, PartialEq)] diff --git a/cherrybomb-engine/src/scan/active/additional_checks.rs b/cherrybomb-engine/src/scan/active/additional_checks.rs index 35c1a55..64ca764 100644 --- a/cherrybomb-engine/src/scan/active/additional_checks.rs +++ b/cherrybomb-engine/src/scan/active/additional_checks.rs @@ -66,7 +66,7 @@ impl ActiveScan { "The parameter {} seems to be vulenrable to sqli on the endpoint {:?}", i.inner(&self.oas_value).name, path ), - serverity: Level::High, + severity: Level::High, }, response, )); @@ -134,10 +134,10 @@ impl ActiveScan { ); } if !vec_param.is_empty() { - //chek if there is a relevent parameter + //check if there is a relevant parameter for param in &vec_param { - ///TODO check how it is possible to insert the different params - // if ther is more than one vuln parameter + // TODO check how it is possible to insert the different params + // if there is more than one vuln parameter for payload in &vec_payload { //check all the SQLI payload let req = AttackRequest::builder() @@ -172,7 +172,7 @@ impl ActiveScan { "The endpoint {} seems to be vulnerable to SQLI with paramteter {:?}", &oas_map.path.path.clone(),payload ), - serverity: Level::Medium, + severity: Level::Medium, }, response, )); @@ -232,7 +232,7 @@ impl ActiveScan { ResponseData { location: path.to_string(), alert_text: format!("The endpoint seems to be not secure {:?}, with the method : {method} ", &path ), - serverity: Level::High, + severity: Level::High, }, response, )); @@ -305,7 +305,7 @@ impl ActiveScan { oas_map.path.path.clone(), i ), - serverity: Level::Low, + severity: Level::Low, }, response, )); @@ -370,7 +370,7 @@ impl ActiveScan { alert_text: format!( "The endpoint {path} seems to be vulnerable to SSRF" ), - serverity: Level::Medium, + severity: Level::Medium, }, response, )); @@ -445,7 +445,7 @@ impl ActiveScan { "The endpoint {} seems to be vulnerable to SSRF", &oas_map.path.path.clone() ), - serverity: Level::Medium, + severity: Level::Medium, }, response, )); @@ -499,7 +499,7 @@ impl ActiveScan { "The endpoint {} seems to be vulnerable to SSRF", &oas_map.path.path.clone() ), - serverity: Level::Medium, + severity: Level::Medium, }, response, )); @@ -562,7 +562,7 @@ impl ActiveScan { alert_text: format!( "The {} parameter in the {} endpoint seems to be vulnerable to parameter pollution" , vec_param.last().unwrap().name, path), - serverity: Level::Medium, + severity: Level::Medium, }, response, )); @@ -611,7 +611,7 @@ impl ActiveScan { location: path.clone(), alert_text: format!( "The parameter {param_to_redirect} seems to be vulnerable to open-redirect, location: {path}" ), - serverity: Level::Medium, + severity: Level::Medium, }, response, )); @@ -683,7 +683,7 @@ impl ActiveScan { alert_text: format!( "The {max_len} length limit for {json_path:?} is not enforced by the server" ), - serverity: Level::Low, + severity: Level::Low, }, response, )); @@ -744,7 +744,7 @@ impl ActiveScan { "The {} for {json_path:?} is not enforced by the server", val.0, ), - serverity: Level::Low, + severity: Level::Low, }, response, )); @@ -815,7 +815,7 @@ impl ActiveScan { ResponseData{ location: path.clone(), alert_text: format!("The parameter {:?} seems to be vulnerable to BOLA, location: {path}.", i.inner(&self.oas_value).name), - serverity: Level::High, + severity: Level::High, }, res.clone(), )); @@ -888,7 +888,7 @@ impl ActiveScan { alert_text: format!( "The endpoint {path} seems to broken in context of authorization with parameter {var_int:?}." ), - serverity: Level::Medium, + severity: Level::Medium, }, res.clone(), )); @@ -925,7 +925,7 @@ impl ActiveScan { "The server does not seem to be using SSL, status code: {}", response.status ), - serverity: Level::Medium, + severity: Level::Medium, }, response.clone(), )); @@ -968,7 +968,7 @@ impl ActiveScan { ResponseData { location: oas_map.path.path.to_string(), alert_text: format!("The endpoint seems to be not secure {:?}, with the method : {m} ", &oas_map.path.path), - serverity: Level::High, + severity: Level::High, }, response, )); @@ -1010,7 +1010,7 @@ impl ActiveScan { ResponseData{ location: path.to_string(), alert_text: format!("The endpoint seems to be not secure {path:?}, with the method : {m}"), - serverity: Level::High, + severity: Level::High, }, response, )); diff --git a/cherrybomb-engine/src/scan/active/response_checks.rs b/cherrybomb-engine/src/scan/active/response_checks.rs index f865f94..5387030 100644 --- a/cherrybomb-engine/src/scan/active/response_checks.rs +++ b/cherrybomb-engine/src/scan/active/response_checks.rs @@ -11,7 +11,7 @@ impl ActiveScan { for (res_data, response) in check_ret.0.into_iter() { if (200..300u16).contains(&response.status) { ret_val.push(Alert::with_certainty( - res_data.serverity, + res_data.severity, res_data.alert_text, res_data.location, Certainty::Low, @@ -26,7 +26,7 @@ impl ActiveScan { for (res_data, response) in check_ret.0.into_iter() { if (300..310).contains(&response.status) { ret_val.push(Alert::with_certainty( - res_data.serverity, + res_data.severity, res_data.alert_text, res_data.location, Certainty::Certain, @@ -46,7 +46,7 @@ impl ActiveScan { for polluted in &check_ret_param.1 { if (200..300u16).contains(&response.status) && response.payload.contains(polluted) { ret_val.push(Alert::with_certainty( - res_data.serverity.clone(), + res_data.severity.clone(), res_data.alert_text.to_string(), res_data.location.to_string(), Certainty::Certain, diff --git a/cherrybomb-engine/src/scan/passive/additions_checks.rs b/cherrybomb-engine/src/scan/passive/additions_checks.rs index 57d1f62..2e5068f 100644 --- a/cherrybomb-engine/src/scan/passive/additions_checks.rs +++ b/cherrybomb-engine/src/scan/passive/additions_checks.rs @@ -37,7 +37,7 @@ impl PassiveSwaggerScan { } pub fn check_int_type(&self) -> Vec { - // this function check the get paramter schema all component and response and request body that does not use component + // this function check the get parameter schema all component and response and request body that does not use component // The purpose of the check is to ensure that the type number correspond to integer format and type number has a float format let mut hashset_compo_name: HashSet = HashSet::new(); @@ -52,9 +52,9 @@ impl PassiveSwaggerScan { //dive into schema let _name = format!("#/components/schemas/{key}"); // building the whole components value hashset_compo_name.insert(key.to_string()); // insert the key of the schema into hashset - if let Some(propert) = value.inner(&self.swagger_value).properties { + if let Some(property) = value.inner(&self.swagger_value).properties { //if there is properties - for (key, schemaref) in propert { + for (key, schemaref) in property { if let Some(format_value) = schemaref.inner(&self.swagger_value).format { if format_value.eq("int32") || format_value.eq("int64") { // check if the format is int32 or int64 @@ -120,10 +120,10 @@ impl PassiveSwaggerScan { SchemaRef::Ref(_) => (), SchemaRef::Schema(_) => { - if let Some(propertie) = + if let Some(properties) = schema.inner(&self.swagger_value).properties { - for (_key, schema_ref) in propertie { + for (_key, schema_ref) in properties { self.check_schema( schema_ref, &mut alerts, @@ -145,10 +145,10 @@ impl PassiveSwaggerScan { match &schema { SchemaRef::Ref(_) => (), SchemaRef::Schema(_) => { - if let Some(propertie) = + if let Some(properties) = schema.inner(&self.swagger_value).properties { - for (_key, schema_ref) in propertie { + for (_key, schema_ref) in properties { self.check_schema( schema_ref, &mut alerts, diff --git a/cherrybomb-engine/src/scan/passive/auth.rs b/cherrybomb-engine/src/scan/passive/auth.rs index 6a12fa2..7620ac0 100644 --- a/cherrybomb-engine/src/scan/passive/auth.rs +++ b/cherrybomb-engine/src/scan/passive/auth.rs @@ -12,7 +12,7 @@ pub trait PassiveAuthScan { fn check_fn_auth(&self) -> Vec; } impl PassiveAuthScan for PassiveSwaggerScan { - ///Rule fucntion + ///Rule function fn check_401(&self) -> Vec { let mut alerts = vec![]; for (path, method, p_sec, resps) in get_path_responses(&self.swagger) { @@ -39,7 +39,7 @@ impl PassiveAuthScan for PassiveSwaggerScan { } alerts } - //Checks for auth existance and type and alerts if non existant or basic + //Checks for auth existence and type and alerts if non existent or basic fn check_auth(&self) -> Vec { let mut alerts = vec![]; if let Some(sec_schemes) = get_auth(&self.swagger) { diff --git a/cherrybomb-engine/src/scan/passive/general.rs b/cherrybomb-engine/src/scan/passive/general.rs index 35584a6..92bae71 100644 --- a/cherrybomb-engine/src/scan/passive/general.rs +++ b/cherrybomb-engine/src/scan/passive/general.rs @@ -10,14 +10,14 @@ pub trait PassiveGeneralScan { fn check_successes(&self) -> Vec; fn check_default_response(&self) -> Vec; fn check_response_body_schema(&self) -> Vec; - fn example_inconsistant_schema(&self) -> Vec; + fn example_inconsistent_schema(&self) -> Vec; fn check_default_type(&self) -> Vec; fn check_enum_type(&self) -> Vec; fn check_required_undefined(&self) -> Vec; fn check_unused_schema(&self) -> Vec; } -///Rule fucntions implementation +///Rule functions implementation impl PassiveGeneralScan for PassiveSwaggerScan { ///Can raise no https alert and invalid url in server alert fn check_server_url(&self) -> Vec { @@ -114,7 +114,7 @@ impl PassiveGeneralScan for PassiveSwaggerScan { } alerts } - fn example_inconsistant_schema(&self) -> Vec { + fn example_inconsistent_schema(&self) -> Vec { vec![] } fn check_default_type(&self) -> Vec { diff --git a/cherrybomb-oas/src/legacy/legacy_oas.rs b/cherrybomb-oas/src/legacy/legacy_oas.rs index 37c7454..4149466 100644 --- a/cherrybomb-oas/src/legacy/legacy_oas.rs +++ b/cherrybomb-oas/src/legacy/legacy_oas.rs @@ -50,7 +50,7 @@ pub type Callback = HashMap>; pub type Content = HashMap; pub type Examples = HashMap; pub type EncodingMap = HashMap; -//Practicaly Any +//Practically Any //type Schema = Value; pub type HeaderMap = HashMap; pub type Responses = HashMap;