Merge pull request #215 from noir-cr/dev

Release v0.12.0

.github/workflows/crystal_build.yml

@@ -1,8 +1,6 @@
 name: Crystal Build
 
 on:
-  push:
-    branches: [ "main", "dev" ]
   pull_request:
     branches: [ "main", "dev" ]
 

.github/workflows/crystal_lint.yml

@@ -1,7 +1,7 @@
 name: Crystal Lint
 
 on:
-  push:
+  pull_request:
     branches: [ "main", "dev" ]
 
 jobs:

.github/workflows/crystal_test.yml

@@ -1,8 +1,6 @@
 name: Crystal Test
 
 on:
-  push:
-    branches: [ "main", "dev" ]
   pull_request:
     branches: [ "main", "dev" ]
 

README.md

@@ -17,6 +17,7 @@
 - Header
 - Cookie
 - Protocol (e.g ws)
+- Details (e.g The origin of the endpoint)
 
 ### Languages and Frameworks
 
@@ -26,6 +27,7 @@
 | Crystal  | Lucky       | ✅   | ✅    | ✅    | ✅     | ✅     | X  |
 | Go       | Echo        | ✅   | ✅    | ✅    | ✅     | ✅     | X  |
 | Go       | Gin         | ✅   | ✅    | ✅    | ✅     | ✅     | X  |
+| Go       | Fiber       | ✅   | ✅    | ✅    | ✅     | ✅     | ✅ |
 | Python   | Django      | ✅   | ✅    | ✅    | ✅     | ✅     | X  |
 | Python   | Flask       | ✅   | ✅    | ✅    | ✅     | ✅     | X  |
 | Python   | FastAPI     | ✅   | ✅    | ✅    | ✅     | ✅     | ✅ |
@@ -37,7 +39,7 @@
 | Java     | Armeria     | ✅   | ✅    | X     | X      | X      | X  |
 | Java     | Spring      | ✅   | ✅    | X     | X      | X      | X  |
 | Kotlin   | Spring      | ✅   | ✅    | X     | X      | X      | X  |
-| JS       | Express     | ✅   | ✅    | X     | X      | X      | X  |
+| JS       | Express     | ✅   | ✅    | ✅    | ✅     | ✅     | X  |
 | Rust     | Axum        | ✅   | ✅    | X     | X      | X      | X  |
 | Elixir   | Phoenix     | ✅   | ✅    | X     | X      | X      | ✅ |
 | C#       | ASP.NET MVC | ✅   | X     | X     | X      | X      | X  |
@@ -92,13 +94,13 @@ Usage: noir <flags>
   Basic:
     -b PATH, --base-path ./app       (Required) Set base path
     -u URL, --url http://..          Set base url for endpoints
-    -s SCOPE, --scope url,param      Set scope for detection
 
   Output:
     -f FORMAT, --format json         Set output format
                                      [plain/json/yaml/markdown-table/curl/httpie/oas2/oas3]
     -o PATH, --output out.txt        Write result to file
     --set-pvalue VALUE               Specifies the value of the identified parameter
+    --include-path                   Include file path in the plain result
     --no-color                       Disable color output
     --no-log                         Displaying only the results
 
@@ -135,6 +137,7 @@ JSON Result
 ```
 noir -b . -u https://testapp.internal.domains -f json
 ```
+
 ```json
 [
   ...
@@ -159,7 +162,15 @@ noir -b . -u https://testapp.internal.domains -f json
       }
     ],
     "protocol": "http",
-    "url": "https://testapp.internal.domains/comments"
+    "url": "https://testapp.internal.domains/comments",
+    "details": {
+      "code_paths": [
+        {
+          "path": "app_source/testapp.cr",
+          "line": 3
+        }
+      ]
+    }
   }
 ]
 ```

shard.yml

@@ -1,5 +1,5 @@
 name: noir
-version: 0.11.0
+version: 0.12.0
 
 authors:
   - hahwul <[email protected]>

spec/functional_test/fixtures/file_based/base64.txt

@@ -0,0 +1,2 @@
+aHR0cHM6Ly93d3cuaGFod3VsLmNvbS90YWcvY3J5c3RhbC8=
+eyJ6YXAiOiJodHRwczovL3d3dy5oYWh3dWwuY29tL3RhZy96YXAvIn0=

spec/functional_test/fixtures/file_based/urls.json

@@ -0,0 +1,6 @@
+{
+ "url": [
+    "https://www.hahwul.com/tag/security/",
+    "https://www.hahwul.com/phoenix"
+ ]
+}

spec/functional_test/fixtures/file_based/urls.txt

@@ -0,0 +1,3 @@
+Main: https://www.hahwul.com/
+About page: https://www.hahwul.com/about
+Wiki: https://www.hahwul.com/cullinan

spec/functional_test/fixtures/go_echo/server.go

@@ -26,5 +26,8 @@ func main() {
 		return c.String(http.StatusOK, "Hello, Pet!")
 	})
 	e.Static("/public", "public")
+	e.Static("/public", "./public2")
+	e.Static("/public", "/public3")
+
 	e.Logger.Fatal(e.Start(":1323"))
 }

spec/functional_test/fixtures/go_fiber/go.mod

@@ -0,0 +1,18 @@
+module github.com/hahwul/test-go-app
+
+go 1.20
+
+require (
+	github.com/andybalholm/brotli v1.0.6 // indirect
+	github.com/gofiber/fiber/v2 v2.51.0 // indirect
+	github.com/google/uuid v1.5.0 // indirect
+	github.com/klauspost/compress v1.17.4 // indirect
+	github.com/mattn/go-colorable v0.1.13 // indirect
+	github.com/mattn/go-isatty v0.0.20 // indirect
+	github.com/mattn/go-runewidth v0.0.15 // indirect
+	github.com/rivo/uniseg v0.4.4 // indirect
+	github.com/valyala/bytebufferpool v1.0.0 // indirect
+	github.com/valyala/fasthttp v1.51.0 // indirect
+	github.com/valyala/tcplisten v1.0.0 // indirect
+	golang.org/x/sys v0.15.0 // indirect
+)

spec/functional_test/fixtures/go_fiber/server.go

@@ -0,0 +1,34 @@
+package main
+
+import (
+	"log"
+
+	fiber "github.com/gofiber/fiber/v2"
+)
+
+func main() {
+	app := fiber.New()
+
+	// GET /api/register
+	app.Get("/info", func(c *fiber.Ctx) error {
+		msg := c.Query("sort")
+		return c.SendString(msg) // => ✋ register
+	})
+
+	app.Post("/update", func(c *fiber.Ctx) error {
+		msg := "Hello, World!"
+		c.Cookies("auth")
+		c.FormValue("name")
+		c.GetRespHeader("X-API-Key")
+		c.Vary("Origin")
+		return c.SendString(msg) // => ✋ register
+	})
+
+	app.Get("/ws", websocket.New(func(c *websocket.Conn) {
+		// Websocket logic
+	}))
+
+	app.Static("/", "/public")
+
+	log.Fatal(app.Listen(":3000"))
+}

spec/functional_test/fixtures/js_express/app.js

@@ -2,9 +2,14 @@ require('express')
 
 module.exports = function(app) {
     app.get('/',function(req,res){ 
+        var userAgent = req.header('X-API-Key');
+        var paramName = req.query.name;
+
         res.render('index');
     });
     app.post('/upload',function(req,res){ 
         res.render('index');
+        var auth = req.cookies.auth;
+        const name = req.body.name;
     });
 }

spec/functional_test/func_spec.cr

@@ -124,4 +124,8 @@ class FunctionalTester
       test_analyze
     end
   end
+
+  def app
+    @app
+  end
 end

spec/functional_test/testers/file_based_spec.cr

@@ -0,0 +1,19 @@
+require "../func_spec.cr"
+
+extected_endpoints = [
+  Endpoint.new("https://www.hahwul.com/", "GET"),
+  Endpoint.new("https://www.hahwul.com/about", "GET"),
+  Endpoint.new("https://www.hahwul.com/cullinan", "GET"),
+  Endpoint.new("https://www.hahwul.com/phoenix", "GET"),
+  Endpoint.new("https://www.hahwul.com/tag/security/", "GET"),
+  Endpoint.new("https://www.hahwul.com/tag/crystal/", "GET"),
+  Endpoint.new("https://www.hahwul.com/tag/zap/", "GET"),
+]
+
+tester = FunctionalTester.new("fixtures/file_based/", {
+  :techs     => 0,
+  :endpoints => 7,
+}, extected_endpoints)
+
+tester.app.options[:url] = "https://www.hahwul.com"
+tester.test_all

spec/functional_test/testers/go_echo_spec.cr

@@ -15,9 +15,11 @@ extected_endpoints = [
     Param.new("name", "", "form"),
   ]),
   Endpoint.new("/public/secret.html", "GET"),
+  Endpoint.new("/public/mob.txt", "GET"),
+  Endpoint.new("/public/coffee.txt", "GET"),
 ]
 
 FunctionalTester.new("fixtures/go_echo/", {
   :techs     => 1,
-  :endpoints => 5,
+  :endpoints => 7,
 }, extected_endpoints).test_all

spec/functional_test/testers/go_fiber_spec.cr

@@ -0,0 +1,20 @@
+require "../func_spec.cr"
+
+extected_endpoints = [
+  Endpoint.new("/info", "GET", [
+    Param.new("sort", "", "query"),
+  ]),
+  Endpoint.new("/update", "POST", [
+    Param.new("name", "", "form"),
+    Param.new("auth", "", "cookie"),
+    Param.new("X-API-Key", "", "header"),
+    Param.new("Vary", "Origin", "header"),
+  ]),
+  Endpoint.new("/secret.html", "GET"),
+  Endpoint.new("/ws", "GET"),
+]
+
+FunctionalTester.new("fixtures/go_fiber/", {
+  :techs     => 1,
+  :endpoints => 4,
+}, extected_endpoints).test_all

spec/functional_test/testers/js_express_spec.cr

@@ -1,8 +1,14 @@
 require "../func_spec.cr"
 
 extected_endpoints = [
-  Endpoint.new("/", "GET"),
-  Endpoint.new("/upload", "POST"),
+  Endpoint.new("/", "GET", [
+    Param.new("name", "", "query"),
+    Param.new("X-API-Key", "", "header"),
+  ]),
+  Endpoint.new("/upload", "POST", [
+    Param.new("name", "", "json"),
+    Param.new("auth", "", "cookie"),
+  ]),
 ]
 
 FunctionalTester.new("fixtures/js_express/", {

spec/unit_test/analyzer/analyzer_spring_spec.cr

@@ -26,6 +26,15 @@ describe "mapping_to_path" do
   it "mapping_to_path - code style2" do
     instance.mapping_to_path("@GetMapping({ \"/abcd\" })").should eq(["/abcd"])
   end
+  it "mapping_to_path - code style3" do
+    instance.mapping_to_path("@GetMapping(\"abcd\")").should eq(["/abcd"])
+  end
+  it "mapping_to_path - code style4" do
+    instance.mapping_to_path("@GetMapping(value = \"abcd\")").should eq(["/abcd"])
+  end
+  it "mapping_to_path - code style5" do
+    instance.mapping_to_path("@GetMapping({ \"abcd\" })").should eq(["/abcd"])
+  end
   it "mapping_to_path - multiple path" do
     instance.mapping_to_path("@GetMapping(value={\"/abcd\", \"/efgh\"})").should eq(["/abcd", "/efgh"])
   end
@@ -56,6 +65,9 @@ describe "mapping_to_path" do
   it "mapping_to_path - requestmapping style6" do
     instance.mapping_to_path("@RequestMapping(\"/abcd\", produces=[MediaType.APPLICATION_JSON_VALUE])").should eq(["/abcd"])
   end
+  it "mapping_to_path - requestmapping style7" do
+    instance.mapping_to_path("@GetMapping").should eq([""])
+  end
 end
 
 describe "utils func" do

spec/unit_test/models/analyzer_spec.cr

@@ -1,7 +1,7 @@
 require "../../../src/models/analyzer.cr"
 require "../../../src/options.cr"
 
-describe "Initialize" do
+describe "Initialize Analyzer" do
   options = default_options
   options[:base] = "noir"
   object = Analyzer.new(options)
@@ -10,8 +10,23 @@ describe "Initialize" do
     object.url.should eq("")
   end
 
-  it "getter - scope" do
-    object.scope.should eq("url,param")
+  it "getter - result" do
+    empty = [] of Endpoint
+    object.result.should eq(empty)
+  end
+
+  it "initialized - base_path" do
+    object.base_path.should eq("noir")
+  end
+end
+
+describe "Initialize FileAnalyzer" do
+  options = default_options
+  options[:base] = "noir"
+  object = FileAnalyzer.new(options)
+
+  it "getter - url" do
+    object.url.should eq("")
   end
 
   it "getter - result" do
@@ -22,4 +37,8 @@ describe "Initialize" do
   it "initialized - base_path" do
     object.base_path.should eq("noir")
   end
+
+  it "getter - hooks_count" do
+    object.hooks_count.should_not eq(0)
+  end
 end

spec/unit_test/models/endpoint_spec.cr

@@ -24,4 +24,41 @@ describe "Initialize 3 arguments" do
   it "detect_params" do
     endpoint.params.should eq([Param.new("a", "b", "query")])
   end
+
+  path = "path/a/b/c"
+  line = 123
+  path_info = PathInfo.new(path, line)
+  endpoint2 = Endpoint.new("/abcd", "GET", Details.new(path_info))
+  it "detect_url" do
+    endpoint2.url.should eq("/abcd")
+  end
+  it "detect_method" do
+    endpoint2.method.should eq("GET")
+  end
+  it "detect_details" do
+    endpoint2.details.should eq(Details.new(path_info))
+    endpoint2.details.code_paths[0].path.should eq(path)
+    endpoint2.details.code_paths[0].line.should eq(line)
+  end
+end
+
+describe "Initialize 4 arguments" do
+  path = "path/a/b/c"
+  line = 123
+  path_info = PathInfo.new(path, line)
+  endpoint = Endpoint.new("/abcd", "GET", [Param.new("a", "b", "query")], Details.new(path_info))
+  it "detect_url" do
+    endpoint.url.should eq("/abcd")
+  end
+  it "detect_method" do
+    endpoint.method.should eq("GET")
+  end
+  it "detect_params" do
+    endpoint.params.should eq([Param.new("a", "b", "query")])
+  end
+  it "detect_details" do
+    endpoint.details.should eq(Details.new(path_info))
+    endpoint.details.code_paths[0].path.should eq(path)
+    endpoint.details.code_paths[0].line.should eq(line)
+  end
 end