Cherrybomb 1.0.1

Whats Changed

• Exclude Include #134: Improved handling for exclusions and inclusions.
• Support Yaml added #117: Added YAML support for enhanced functionality.
• Added auth #138: Authentication feature implemented for secure access.
• Support JSON output #121: Added capability for JSON output format.

This minor release brings these notable enhancements and additions to our open-source tool, enhancing its functionality and usability. Download the update now to enjoy these improvements!

Cherrybomb 1.0.0!

What's Changed

• adding fixes to dev by @RazMag in #64
• added rust-toolchain.toml file. fixing #65 by @RazMag in #66
• Readme update for crates.io install by @RazMag in #67
• Dev by @RazMag in #68
• Fix auth by @GuyL99 in #75
• Dev by @DeliciousBounty in #76
• Fixing req and payload by @DeliciousBounty in #81
• fix spelling error in swagger/src/lib.rs by @aliencdh in #99
• Version 0.7.2 by @RazMag in #92
• Create payload new version by @DeliciousBounty in #95
• Add files via upload by @DeliciousBounty in #102
• Final branch dev by @DeliciousBounty in #101
• Fix examples folder broken link by @OmerWow in #105
• Add files via upload by @DeliciousBounty in #106
• Add files via upload by @DeliciousBounty in #107
• Reformat by @RazMag in #108
• Bump tokio from 1.22.0 to 1.23.1 by @dependabot in #110
• Bump tokio from 1.24.1 to 1.25.0 in /cherrybomb-engine by @dependabot in #112

New Contributors

• @aliencdh made their first contribution in #99

Full Changelog: v0.7.0...v1.0.0

v0.7.0

Release Notes

We are excited to announce the release of Cherrybomb’s new version!
The main feature of the v0.7.0 release is the new Active module.
We’ve also fixed various bugs and made some security updates.

The Active Module

The active module takes our API testing to a new level. By providing not only static testing and auditing of your OAS file (with the passive module), but a test that tests the API itself by sending requests and analyzing the responses.

The Active module tests APIs by:

• Verifying that the API follows the specifications dictated in the OAS file
• Testing the API for common security vulnerabilities

CI/CD integration support

We’ve implemented Improvements to the CLI interface to better support CI pipelines.

Cherrybomb now supports emitting exit codes on completion to reflect different results:

• 0 for a no warnings
• 101 for warnings present
• -1 for an error in the test
  More granular exit code support will be added in the future.

Misc

Other changes include:

• New table format, now using comfy_table
• Update tokio requirement from 1.13.0 to 1.13.1
• 3 new passive checks

Refactor for package manger distribution

Dev (#25)

* added check and stuff

* Working on adding a new active test and diving into schemes.

* slow progress on active tests

* refactor structure for crates.io deployment.
added `auth.rs` - unused

* removed misconfigured tests from active tests

* fixed version numbers

* fixed version numbers 2

* Update main.rs

* Update Cargo.toml

* Update Cargo.toml

* Update checks.rs

Co-authored-by: raz <raz.m@blstsecurity.com>
Co-authored-by: raz <raz@magori.online>

Cherrybomb v0.6.0

What's Changed

CLI

• Added the command ep-table
• Separated param-table into it's own command
• Added configuration options
• Rebuilt the CLI main using structopt in clap
• Added the option to present only 1 parameter or 1 endpoint in their respective tables
• Added the option for a JSON output - cherrybomb oas --file --format json

OAS

• Created the EpTable module - it's meant to build the same kind of table as the param-table but with a different key(endpoint/path) and with some different related fields.

General

• Deprecated the Decider module.
• Some minor bug fixes
• Now taking yaml OAS files as input as well🎉

New Contributors

• @dret made their first contribution in #18

Full Changelog: v0.5.2...v0.6.0

Cherrybomb v0.5.2

What's Changed

Bug Fix:

• Fixed a bug where the tables were formatted for bigger screens and reduced it's size to the size of normal screens.
• Added an example download to the install script

Cherrybomb v0.5.1

What's Changed

A new check!

We have released the long awaiting check regarding auth scopes in different methods
Thanks to @H31S3nb3rg-0x00 for contributing the check!

A new command!

Hearing back some feedback we added a new command that you can use to call the OpenAPI specification validation.
cherrybomb oas
It functions exactly like the swagger command.

Bug fixes:

• Children parameters were sometimes not included in the param table - Fixed.
• Path+ Query parameters were sometimes not included in the param table -Fixed.
• Parameters min/max were not calculated correctly - Fixed.
• Endpoints at which they are present.

Cherrybomb v0.5.0

What's Changed

Parameter table feature

You can run the swagger scan command with the --param-table flag and get a table with all of the APIs parameters.

The table contains The parameters':

• Types.
• Min/Max.
• Status codes at which they are present.
• Endpoints at which they are present.
• Parent parameters.
• Child parameters.

0.4.3

Added support for OAS 3.1

0.4.2

Fixed a bug that fixated the CLI on the home dir