Skip to content

Commit

Permalink
Merge pull request #337 from owasp-noir/dev
Browse files Browse the repository at this point in the history
Release v.0.16.1
  • Loading branch information
hahwul authored Jun 26, 2024
2 parents f264562 + ad83acc commit 818a603
Show file tree
Hide file tree
Showing 8 changed files with 106 additions and 7 deletions.
2 changes: 1 addition & 1 deletion .github/ISSUE_TEMPLATE/bug_report.md
Original file line number Diff line number Diff line change
Expand Up @@ -23,7 +23,7 @@ If applicable, add screenshots to help explain your problem.

**Versions**
- OS: [e.g. macos, linux]
- Version [e.g. v0.16.0]
- Version [e.g. v0.16.1]

**Additional context**
Add any other context about the problem here.
2 changes: 1 addition & 1 deletion shard.yml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
# Project Metadata
name: noir
version: 0.16.0
version: 0.16.1
authors:
- hahwul <[email protected]>
- ksg97031 <[email protected]>
Expand Down
2 changes: 1 addition & 1 deletion snap/snapcraft.yaml
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
name: noir
base: core20
version: 0.16.0
version: 0.16.1
summary: Attack surface detector that identifies endpoints by static analysis.
description: |
Noir is an open-source project specializing in identifying attack surfaces for enhanced whitebox security testing and security pipeline.
Expand Down
32 changes: 32 additions & 0 deletions spec/unit_test/models/endpoint_spec.cr
Original file line number Diff line number Diff line change
Expand Up @@ -62,3 +62,35 @@ describe "Initialize 4 arguments" do
endpoint.details.code_paths[0].line.should eq(line)
end
end

describe "Endpoint equality" do
it "same endpoints" do
endpoint1 = Endpoint.new("/abcd", "GET")
endpoint2 = Endpoint.new("/abcd", "GET")
(endpoint1 == endpoint2).should eq(true)
end

it "different endpoints" do
endpoint1 = Endpoint.new("/abcd", "GET")
endpoint2 = Endpoint.new("/abcd", "POST")
(endpoint1 == endpoint2).should eq(false)
end

it "same endpoints with params" do
endpoint1 = Endpoint.new("/abcd", "GET", [Param.new("a", "b", "query")])
endpoint2 = Endpoint.new("/abcd", "GET", [Param.new("a", "b", "query")])
(endpoint1 == endpoint2).should eq(true)
end

it "different endpoints with params" do
endpoint1 = Endpoint.new("/abcd", "GET", [Param.new("a", "b", "query")])
endpoint2 = Endpoint.new("/abcd", "GET", [Param.new("a", "b", "json")])
(endpoint1 == endpoint2).should eq(false)
end

it "same endpoints and suffled params" do
endpoint1 = Endpoint.new("/abcd", "GET", [Param.new("a", "b", "query"), Param.new("c", "d", "json")])
endpoint2 = Endpoint.new("/abcd", "GET", [Param.new("c", "d", "json"), Param.new("a", "b", "query")])
(endpoint1 == endpoint2).should eq(true)
end
end
33 changes: 33 additions & 0 deletions spec/unit_test/models/output_builder_spec.cr
Original file line number Diff line number Diff line change
Expand Up @@ -85,4 +85,37 @@ describe OutputBuilderDiff do
result[:added].should eq [Endpoint.new("GET", "/new")]
result[:removed].should eq [Endpoint.new("GET", "/old")]
end

it "calculates the diff correctly with multiple endpoints" do
old_endpoints = [Endpoint.new("GET", "/old"), Endpoint.new("GET", "/old2")]
new_endpoints = [Endpoint.new("GET", "/new"), Endpoint.new("GET", "/new2")]
builder = OutputBuilderDiff.new options

result = builder.diff(new_endpoints, old_endpoints)

result[:added].should eq [Endpoint.new("GET", "/new"), Endpoint.new("GET", "/new2")]
result[:removed].should eq [Endpoint.new("GET", "/old"), Endpoint.new("GET", "/old2")]
end

it "calculates the diff correctly with multiple endpoints and different methods" do
old_endpoints = [Endpoint.new("GET", "/old"), Endpoint.new("POST", "/old2")]
new_endpoints = [Endpoint.new("GET", "/new"), Endpoint.new("POST", "/new2")]
builder = OutputBuilderDiff.new options

result = builder.diff(new_endpoints, old_endpoints)

result[:added].should eq [Endpoint.new("GET", "/new"), Endpoint.new("POST", "/new2")]
result[:removed].should eq [Endpoint.new("GET", "/old"), Endpoint.new("POST", "/old2")]
end

it "calculates the diff correctly with multiple endpoints and different methods and params" do
old_endpoints = [Endpoint.new("GET", "/old", [Param.new("a", "b", "query"), Param.new("c", "d", "json")])]
new_endpoints = [Endpoint.new("GET", "/new", [Param.new("e", "f", "query"), Param.new("g", "h", "json")])]
builder = OutputBuilderDiff.new options

result = builder.diff(new_endpoints, old_endpoints)

result[:added].should eq [Endpoint.new("GET", "/new", [Param.new("e", "f", "query"), Param.new("g", "h", "json")])]
result[:removed].should eq [Endpoint.new("GET", "/old", [Param.new("a", "b", "query"), Param.new("c", "d", "json")])]
end
end
20 changes: 20 additions & 0 deletions src/models/endpoint.cr
Original file line number Diff line number Diff line change
Expand Up @@ -50,13 +50,33 @@ struct Endpoint
params_hash["query"] = {} of String => String
params_hash["json"] = {} of String => String
params_hash["form"] = {} of String => String
params_hash["header"] = {} of String => String
params_hash["cookie"] = {} of String => String

@params.each do |param|
params_hash[param.param_type][param.name] = param.value
end

params_hash
end

def ==(other : Endpoint) : Bool
return false unless @url == other.url
return false unless @method == other.method

self_params = params_to_hash
other_params = other.params_to_hash

# Ensure both hashes have the same set of keys before comparing values
common_keys = self_params.keys & other_params.keys
return false unless common_keys.size == self_params.keys.size && common_keys.size == other_params.keys.size

common_keys.each do |key|
return false unless self_params[key] == other_params[key]
end

true
end
end

struct Param
Expand Down
2 changes: 1 addition & 1 deletion src/noir.cr
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@ require "./options.cr"
require "./techs/techs.cr"

module Noir
VERSION = "0.16.0"
VERSION = "0.16.1"
end

# Print banner
Expand Down
20 changes: 17 additions & 3 deletions src/output_builder/diff.cr
Original file line number Diff line number Diff line change
Expand Up @@ -6,9 +6,23 @@ require "yaml"

class OutputBuilderDiff < OutputBuilder
def diff(new_endpoints : Array(Endpoint), old_endpoints : Array(Endpoint))
added = new_endpoints - old_endpoints
removed = old_endpoints - new_endpoints
changed = new_endpoints & old_endpoints
added = [] of Endpoint
changed = [] of Endpoint
removed = [] of Endpoint

new_endpoints.each do |new_endpoint|
matching_old_endpoint = old_endpoints.find { |old_endpoint| old_endpoint.url == new_endpoint.url && old_endpoint.method == new_endpoint.method }
if matching_old_endpoint
changed << new_endpoint unless new_endpoint == matching_old_endpoint
else
added << new_endpoint
end
end

old_endpoints.each do |old_endpoint|
matching_new_endpoint = new_endpoints.find { |new_endpoint| new_endpoint.url == old_endpoint.url && new_endpoint.method == old_endpoint.method }
removed << old_endpoint unless matching_new_endpoint
end

{added: added, removed: removed, changed: changed}
end
Expand Down

0 comments on commit 818a603

Please sign in to comment.