Movatterモバイル変換

[0]ホーム
URL:

Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly

 Sign up
Appearance settings

Use swagger as the source for targets#4833

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.

Already on GitHub?Sign in to your account

Open
donnd-t wants to merge12 commits intosqlmapproject:master
base:master
Choose a base branch
Loading
fromdonnd-t:swagger

Conversation

@donnd-t
Copy link

@donnd-tdonnd-t commentedSep 28, 2021
edited
Loading

Parse a JSON swagger document describing all APIs, for possible targets. Specify the swagger document using the --swaggerFile option.

The swagger must contain examples which sqlmap will use as parameter values to inject.

Addresses issue#3140

@stamparm
Copy link
Member

I appreciate your effort here, though, how realistic is the scenario where user gets a swagger.json with properly filled example(s)?

@donnd-t
Copy link
Author

I appreciate your effort here, though, how realistic is the scenario where user gets a swagger.json with properly filled example(s)?

Hi@stamparm . Thanks for your comment. Examples(s) are not required by the swagger spec but it is generally good practice to add them. Adding them has other advantages e.g. Swagger UI will prefill requests from the examples for users browsing and trying your APIs.

It is a small sample size but of the two applications I'm working on in my company, one had full examples already and the other had a handful missing which I was able to add in a few minutes.

If an example is missing a warning is printed and that API is skipped. Other APIs with full examples will still be scanned.

@kevin659591kevin659591 mentioned this pull requestApr 20, 2022
@arnoldasr
Copy link

Please add this, it is very useful

CrazyKidJack reacted with thumbs up emoji

@sahin52
Copy link

Can you please add more description, I want to use it from your repo even though it is not merged

@sahin52
Copy link

I tried this, it has bugs + there is no document or something that tells how it works + it doesn't directly work when a swagger is supplied + it doesn't run after doing everything(getting rid of bugs).
This needs a lot of improvements and testing.
Thanks for your effort.

@janmaterne
Copy link

While I think you shouldnt find such swagger files in production, I like the idea for security tests while development.

Sign up for freeto join this conversation on GitHub. Already have an account?Sign in to comment

Reviewers

1 more reviewer

@darkc0d33darkc0d33darkc0d33 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

6 participants

@donnd-t@stamparm@arnoldasr@sahin52@janmaterne@darkc0d33
[8]ページ先頭
©2009-2025 Movatter.jp