Firecracker takes your HTTP logs and uses them to map your API flows and to detect anomalies in them.

Related tags

Logging cli security cybersecurity business-logic cyber security-tools firecracker blst
Overview
BLST's Firecracker logo

Maintained by blstsecurity docs Discord Shield

Who is BLST and what do we do?

BLST (Business Logic Security Testing) is a startup company that's developing an automatic penetration tester, replacing the manual penetration tester by using an advanced neural network and helping developers build more secure applications by catching bugs before they hit production.

What is BLST's Firecracker?

BLST's Firecracker is meant to be a free version of our main SaaS product. It's an easy to use CLI that scans your APIs for invalid business logic flows.

What exactly is "Business Logic"?

Business logic is the part of an application that contains all of the rules and procedures related to how data is created, stored, and changed. It is used when describing computer applications like databases and websites. If you don't write the business logic correctly, your database or website may not work properly -- thus making it vulnerable. One of the most common root causes of business logic vulnerabilities is making flawed assumptions and blindingly trusting user behavior or input.

How does this CLI differs from our SaaS product?

Main differences are the cut-down Decider algorithm, lack of CI/CD integration and no management dashboard. We made it so you can easily download, install and run it on your local machine to get a better understanding of what our main product is capable of. Learn more about us and what we can do for your business

Features

  • Mapper - takes in traffic logs and maps the business logic flow of the application, outputs a digest file.
  • Decider - takes in traffic logs and decides whether a certain business logic flow is an anomaly or not.
  • Attacker - takes in the digest file from the mapper and "attacks" the API while using the Decider to determine whether something is an anomaly or not.
  • Visualizer - takes in the digest file from the mapper and visualizes the business logic flow of the application. Use the JSON you get from the CLI and put it here to visualize your network now!

Installation

Clone the repository

Firecracker can be installed by cloning our git repository and building it with cargo. Note that you must have Rust installed on your machine (see Direct download to avoid this step).

git clone https://github.com/blst-security/firecracker
cd firecracker
cargo build --release

Direct download

You can also download the binary file directly from our website. This is a binary file and you DO NOT have to install Rust.

Usage

After installing the CLI, verify it's working by running

firecracker --version

Now, start by mapping your logs by running

firecracker map --file 
   
     --output

Passive checking for anomalies (1 step)

To run the decider only to passively check for anomalies in your logs, run

firecracker decide --file 
   
     --map

Active attacking and checking for anomalies (2 steps)

After mapping, prepare the attacker by running the command below. This will print the populations (API groups) so you can choose which one you want to run the attacker on.

firecracker prepare --url 
   
     --map

Now you can use the attacker to actively attack the API by running

firecracker attack --map 
   
     (the same one you used in the prepare step) --output 
    
      --population 
     
       (the one you got from the prepare step) --generations 
      
        --verbosity

In the future, if you want to load new logs to an existing map file, run

firecracker load --file 
   
     --map

Upcoming features

This product is currently under active development, and we are working on stabilizing more features. Here's a small taste of what's coming in the future:

  • More installation options - APT, Homebrew, crates.io, npm, Yarn etc.
  • Decider - A more advanced algorithm that can detect more anomalies.
  • Mapper - Path parameters analysis and support for more complex business logic flows.
  • Attacker - Better support for more complex business logic flows.

What's new in the latest version?

  • More formats - added another way to load sessions, explained in the docs.
  • More HTTP methods support - now supports PUT, DELETE, PATCH and OPTIONS.
  • Mapper: enabled path parameter extractions.
  • Attacker: some refactoring, fixed a bug that caused random genomes not being random in the first generation.
  • CLI: seperated the map.json from the map checkpoint to allow for less loading time in the visualizer.

Support

Documentation

Please read our documentation to understand the format of sessions our mapper needs to function correctly.

Get help

If you have any questions, please send us a message to [email protected]. You are also welcome to open an Issue here on GitHub.

Contributing

While this is an open source project, it is meant to be as an easy to get-started with example of our SaaS project, and outside contribution is not necessary. You can talk to us in our developers' discord channel.

BLST Security's logo
Comments
  • Build error `E0277`: trait bound `f64: std::cmp::Eq` is not satisfied

    Build error `E0277`: trait bound `f64: std::cmp::Eq` is not satisfied

    Describe the bug A clear and concise description of what the bug is.

    To Reproduce Steps to reproduce the behavior:

    1. Checkout latest main
    2. Run cargo build --release
    3. See error

    Expected behavior The project would actually build.

    Screenshots Skärmavbild 2022-08-23 kl 18 01 35

    error[E0277]: the trait bound f64: std::cmp::Eq is not satisfied --> swagger/src/schema.rs:56:5

    https://github.com/blst-security/cherrybomb/blob/100453111366a8723162a649fd8954268e51731c/swagger/src/schema.rs#L56

    = note: required because of the requirements on the impl of std::cmp::Eq for std::option::Option<f64> note: required by a bound in AssertParamIsEq --> /Users/pelle/.rustup/toolchains/stable-aarch64-apple-darwin/lib/rustlib/src/rust/library/core/src/cmp.rs:317:31

    Desktop (please complete the following information):

    • OS: [e.g. iOS] MacOS 12.5.1 M1

    Additional context I guess this might be because I'm compiling on an M1 and thus is targeting aarch64?

    enhancement good first issue 
    opened by voxpelli 10
  • 💡 Provide CherryBomb in an official Docker image

    💡 Provide CherryBomb in an official Docker image

    Is your feature request related to a problem? Please describe. For users that want to run/use your tool in a CI/CD pipeline as part of a quality check, needing to install the tool locally may not always be an option.

    Describe the solution you'd like I would like to see this tool be made available in an official Docker image like many other CLI-based tools provide (ie. AquaSec/Trivy, BridgeCrew/Checkov, etc.).

    Describe alternatives you've considered A self-built container with the tool installed.

    Additional context None

    enhancement good first issue 
    opened by AErmie 8
  • OpenAPI v3.1 Support

    OpenAPI v3.1 Support

    Hello! As the maintainer of openapi.tools, and as somebody works with Linux Foundation helping out in OpenAPI-land, I'm reaching out to tooling vendors to track the progress towards supporting OpenAPI v3.1, to see what roadblocks there are beyond folks just generally being busy at this ridiculous time.

    OpenAPI v3.1 has a bunch of great little changes, solving problems like the the JSON Schema <!=> OpenAPI Schema Object divergence. It also fixes some other inconsistencies and duplicate ways of doing things. It's the best version and everyone should be using it, but we need tooling to catch up. Just in case folks didn't notice, or don't have resources to simplify the process, I'm here to give a friendly prod and send over some handy links.

    Here are a few articles showing off the differences between OpenAPI v3.0 and v3.1.

    • https://www.openapis.org/blog/2021/02/16/migrating-from-openapi-3-0-to-3-1-0
    • https://www.apimatic.io/blog/2021/09/migrating-to-and-from-openapi-3-1/
    • https://nordicapis.com/whats-new-in-openapi-3-1-0/

    Here are some example files which can make for handy pass/fail test cases:

    https://github.com/Mermade/openapi3-examples/tree/master/3.1

    If you're looking for the JSON Schema that defines a valid OpenAPI document, that'll be right over here:

    https://github.com/OAI/OpenAPI-Specification/tree/main/schemas/v3.1

    When you're starting work on it, please update this issue so I can update openapi.tools to reflect that, and folks will have a way to subscribe for updates.

    LMK if you have any questions!

    enhancement 
    opened by philsturgeon 5
  • Failure while trying to install cherrybomb

    Failure while trying to install cherrybomb

    Describe the bug The application won't compile through cargo compile.

    To Reproduce Steps to reproduce the behavior:

    1. Execute the cargo install cherrybomb command

    Expected behavior A proper installation/compile

    Screenshots image

    Desktop (please complete the following information):

    • OS: Linux compooter 5.15.65-1-MANJARO #1 SMP PREEMPT Mon Sep 5 10:15:47 UTC 2022 x86_64 GNU/Linux
    opened by Arthurdw 2
  • Dev last nathan

    Dev last nathan

    Heyy, I fixed some minors bugs like path parameter, severity, full description in the active scan table. In addition I run several test on the existing tests to check them, and finally the broken level auth is working now

    opened by DeliciousBounty 2
  • Remove or sort unused code into new `issue`s

    Remove or sort unused code into new `issue`s

    There's a fairly substantial amount of logical code that's stored as comments in this repo. There seems to be a mixture of code that may get used later, and code that either is no longer going to be used or has been corrected but the predecessor was left as a comment instead of being removed. I'll compile a list to make tracking this easier.

    In general it may be better practice to store unused code on a local branch if the intention is to use it at a later date, otherwise it may end up forgotten and create clutter as the code base grows. Another option would be to create an issue describing the problem and include the code as a possible solution so that others can understand what the intent of that code is.

    Attacker:

    • [x] #98
    • [ ] attacker::auth Cli:
    • [ ] cli::actions
    • [ ] cli::auth
    • [ ] cli::main
    • [ ] cli::main_old Decider:
    • [ ] decider::lib
    • [ ] decider::rule_based Mapper:
    • [ ] mapper::digest::ep
    • [ ] mapper::digest::hash
    • [ ] mapper::digest::utils
    • [ ] mapper::path::hash
    • [ ] mapper::path::mod
    • [ ] mapper::lib Swagger:
    • [ ] swagger::scan::active::http_client::auth
    • [ ] swagger::scan::active::additional_checks
    • [ ] swagger::scan::active::logs
    • [ ] swagger::scan::active::mod
    • [ ] swagger::scan::passive::general
    • [ ] swagger::scan::passive::mod
    • [ ] swagger::scan::passive::utils
    • [ ] swagger::scan::checks
    • [ ] swagger::scan::mod
    • [ ] swagger::scan::print
    • [ ] swagger::tables::param_table
    • [ ] swagger::ep
    • [ ] swagger::lib
    • [ ] swagger::main
    • [ ] swagger::param
    • [ ] swagger::schema
    bug documentation enhancement 
    opened by eureka-cpu 2
  • Added new Checks

    Added new Checks

    Check for get permissions ( has to be only read) Check for post permissions ( has to be only read and write) Check for put permissions ( has to be only write)

    opened by DeliciousBounty 2
  • To release Cherrybomb binaries for common archs

    To release Cherrybomb binaries for common archs

    Is your feature request related to a problem? Please describe. Can blst-security team release cherrybomb binaries during the official release? It'll help users download binaries directly from GitHub.

    Describe the solution you'd like I'll like to download binaries from the GitHub release section and use cherrybomb on the go.

    opened by dmdhrumilmistry 1
  • Authorization input validation - Error handling

    Authorization input validation - Error handling

    Add better error handling in the auth.rs (/swagger/src/scan/active/http_client) file for auth types. line 15 includes a panic and the rest trust the input to be valid.

    There needs to be error handling for input validation.

    Cheers,

    opened by RoyB99 1
  • Fixing req and payload

    Fixing req and payload

    Hey Raz, Here two majors things:

    • Added to the function "create payload" the possibility to create also payload for POST request. I updated the in all POST request.
    • Added the possiblity to construct a server URI from OAS server object with placeholder ( filename: req.rs)
    opened by DeliciousBounty 1
  • CLI panick when server url contains `variables` that have a default

    CLI panick when server url contains `variables` that have a default

    Describe the bug

    I have an OpenAPI v3 with a servers section which uses variables that all have defaults, roughly like the following

    servers:
  - url: "https://some-server.com:{port}/{basePath}"
    variables:
      port:
        default: "443"
      basePath:
        default: "SomePath/v1"

    This causes the CLI to panick because it tries to fetch from literal https://some-server.com:{port}/{basePath}/endpoint1

    To Reproduce Steps to reproduce the behavior:

    1. Create an OAS containing servers with variables that all have a default
    2. Run RUST_BACKTRACE=full cherrybomb oas --file /path/to/openapi3.yaml
    3. See error

    Expected behavior The defaults should be substituted into the url.

    Screenshots

    thread 'main' panicked at 'called `Result::unwrap()` on an `Err` value: reqwest::Error { kind: Builder, source: InvalidPort }', /home/jayvdb/rust/cherrybomb/swagger/src/scan/active/http_client/req.rs:133:14
stack backtrace:
   0:     0x5594e8f28ea0 - std::backtrace_rs::backtrace::libunwind::trace::h8775ca7549bd9aaf
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
   1:     0x5594e8f28ea0 - std::backtrace_rs::backtrace::trace_unsynchronized::h32943b3fb883795a
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/std/src/../../backtrace/src/backtrace/mod.rs:66:5
   2:     0x5594e8f28ea0 - std::sys_common::backtrace::_print_fmt::h0669395116b5d100
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/std/src/sys_common/backtrace.rs:66:5
   3:     0x5594e8f28ea0 - <std::sys_common::backtrace::_print::DisplayBacktrace as core::fmt::Display>::fmt::h1c1f48aaca31af10
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/std/src/sys_common/backtrace.rs:45:22
   4:     0x5594e8f4eeae - core::fmt::write::h661da9189e69e70a
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/core/src/fmt/mod.rs:1202:17
   5:     0x5594e8f228b5 - std::io::Write::write_fmt::h1d5b175244301558
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/std/src/io/mod.rs:1679:15
   6:     0x5594e8f2a6a3 - std::sys_common::backtrace::_print::h6a2a07f240de0cad
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/std/src/sys_common/backtrace.rs:48:5
   7:     0x5594e8f2a6a3 - std::sys_common::backtrace::print::h995e03192e670124
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/std/src/sys_common/backtrace.rs:35:9
   8:     0x5594e8f2a6a3 - std::panicking::default_hook::{{closure}}::h853ab346ed83a809
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/std/src/panicking.rs:295:22
   9:     0x5594e8f2a38f - std::panicking::default_hook::hb7d50a51602c487b
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/std/src/panicking.rs:314:9
  10:     0x5594e8f2ad4a - std::panicking::rust_panic_with_hook::h95dc4345a5e101a2
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/std/src/panicking.rs:698:17
  11:     0x5594e8f2ac47 - std::panicking::begin_panic_handler::{{closure}}::h595f317cb1a01c1d
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/std/src/panicking.rs:588:13
  12:     0x5594e8f2934c - std::sys_common::backtrace::__rust_end_short_backtrace::h45aa6af331d91ebb
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/std/src/sys_common/backtrace.rs:138:18
  13:     0x5594e8f2a962 - rust_begin_unwind
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/std/src/panicking.rs:584:5
  14:     0x5594e8a90f33 - core::panicking::panic_fmt::hb6ebde4b6fadbf9c
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/core/src/panicking.rs:142:14
  15:     0x5594e8a91083 - core::result::unwrap_failed::hcf42c238e586aec7
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/core/src/result.rs:1785:5
  16:     0x5594e8b2cca5 - <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll::hb73d555436dff7d7
  17:     0x5594e8b26e7b - swagger::scan::checks::<impl swagger::scan::active::ActiveScan<T>>::run_check::{{closure}}::hfeeb8115a50cf861
  18:     0x5594e8b31aa6 - cherrybomb::parse_oas::{{closure}}::h2a4f67ce8d4cc858
  19:     0x5594e8b2b1f4 - <core::future::from_generator::GenFuture<T> as core::future::future::Future>::poll::h6db253bfc37efc93
  20:     0x5594e8aeeb36 - std::thread::local::LocalKey<T>::with::h487811906382d07f
  21:     0x5594e8b3f04a - tokio::park::thread::CachedParkThread::block_on::hacb2ca323e762455
  22:     0x5594e8ae9844 - tokio::runtime::scheduler::multi_thread::MultiThread::block_on::hab6656b3d64ed084
  23:     0x5594e8b3f124 - tokio::runtime::Runtime::block_on::h76afc280c10b7e30
  24:     0x5594e8ab3c6c - cherrybomb::main::h6a89d077b12cae37
  25:     0x5594e8ad79c3 - std::sys_common::backtrace::__rust_begin_short_backtrace::hb510b9cb7680e716
  26:     0x5594e8ae2689 - std::rt::lang_start::{{closure}}::h5e41c6681c949712
  27:     0x5594e8f1dd7f - core::ops::function::impls::<impl core::ops::function::FnOnce<A> for &F>::call_once::hd5a40c5c8da4e1d6
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/core/src/ops/function.rs:280:13
  28:     0x5594e8f1dd7f - std::panicking::try::do_call::h76d99af31738b65a
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/std/src/panicking.rs:492:40
  29:     0x5594e8f1dd7f - std::panicking::try::h7b17488cb6a9e4b4
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/std/src/panicking.rs:456:19
  30:     0x5594e8f1dd7f - std::panic::catch_unwind::hbfc3c253cd2a3290
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/std/src/panic.rs:137:14
  31:     0x5594e8f1dd7f - std::rt::lang_start_internal::{{closure}}::h559f65fd2a30215e
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/std/src/rt.rs:148:48
  32:     0x5594e8f1dd7f - std::panicking::try::do_call::h46408ceeefe09863
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/std/src/panicking.rs:492:40
  33:     0x5594e8f1dd7f - std::panicking::try::h7aada49248c3fbe0
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/std/src/panicking.rs:456:19
  34:     0x5594e8f1dd7f - std::panic::catch_unwind::hbac65c9221a2910b
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/std/src/panic.rs:137:14
  35:     0x5594e8f1dd7f - std::rt::lang_start_internal::h5836e6d88ed373fc
                               at /rustc/59e7a308e40fbc6b0901c9a8ee8ed51b17f9e772/library/std/src/rt.rs:148:20
  36:     0x5594e8ab3d48 - main
  37:     0x7f6b7c1285f0 - __libc_start_call_main
  38:     0x7f6b7c1286b9 - __libc_start_main@GLIBC_2.2.5
  39:     0x5594e8a91265 - _start
                               at /home/abuild/rpmbuild/BUILD/glibc-2.36/csu/../sysdeps/x86_64/start.S:115
  40:                0x0 - <unknown>

    Desktop (please complete the following information):

    • OS: Linux
    • Browser n/a
    • Version: branch dev https://github.com/blst-security/cherrybomb/commit/37263897e15feadb2152ab97d72cea472efc2ef2

    Additional context

    bug 
    opened by jayvdb 1
  • {type: number, format: int32} should be a validation error

    {type: number, format: int32} should be a validation error

    Is your feature request related to a problem? Please describe. {type: number, format: int32} is not ideal OAS 3.0.3, as it defines a format which should be an integer, but uses type: number when the type: integer should be used.

    As it is ambiguous, the validator should emit an error of some sort, as openapi tools are very likely to either ignore either type or format, or fail when trying to combined the two.

    An example of a tool which silently ignores the format is https://github.com/oxidecomputer/progenitor/issues/266

    Describe the solution you'd like Detect type: number and a integer format, and type: integer and a float format.

    https://github.com/zalando/zally (Kotlin) does detect this as rule MUST define a format for number and integer types

    Describe alternatives you've considered

    Additional context

    New passive check 
    opened by jayvdb 4
  • TLS error when scanning an internal API

    TLS error when scanning an internal API

    Describe the bug I’m trying to integrate cherrybomb within our CI/CD but I faced the following a TLS error.

    To Reproduce Steps to reproduce the behavior:

    cherrybomb oas --file swagger_docs.json -a 1 --format txt -v 2

    ERROR: error sending request for url ([https://internal-api//v1/rates/](https://internal-api/v1/rates/)): error trying to connect: invalid peer certificate contents: invalid peer certificate: UnknownIssuer

    It’s an internal API of my company, and the certificate is already installed/trusted in my local machine (other installed tool, like curl, can access the same URL without any TLS error) and it's not self-signed certificate.

    Expected behavior The ability to trust pre installed certificate on the local machine, or just simply a setting parameter to ignore certificate check (which can be a bit dangerous).

    Desktop (please complete the following information):

    • OS: Linux LTPAR500977 5.10.16.3-microsoft-standard-WSL2 #1 SMP Fri Apr 2 22:23:49 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
    • Version : v0.7.0

    Additional context I've installed cherrybomb using the cargo install cherrybomb cmd.

    opened by TmmmmmR 1
  • New check encoding

    New check encoding

    Hey , I modify this function, rewrite for post method only . I fixed the duplicate header in the send_all_request function.

    first .header then .headers

    opened by DeliciousBounty 0
Releases(v0.7.0)

  • v0.7.0(Aug 22, 2022)

    Release Notes

    We are excited to announce the release of Cherrybomb’s new version! The main feature of the v0.7.0 release is the new Active module. We’ve also fixed various bugs and made some security updates.

    The Active Module

    The active module takes our API testing to a new level. By providing not only static testing and auditing of your OAS file (with the passive module), but a test that tests the API itself by sending requests and analyzing the responses.

    The Active module tests APIs by:

    • Verifying that the API follows the specifications dictated in the OAS file
    • Testing the API for common security vulnerabilities

    CI/CD integration support

    We’ve implemented Improvements to the CLI interface to better support CI pipelines.

    Cherrybomb now supports emitting exit codes on completion to reflect different results:

    • 0 for a no warnings
    • 101 for warnings present
    • -1 for an error in the test More granular exit code support will be added in the future.

    Misc

    Other changes include:

    • New table format, now using comfy_table
    • Update tokio requirement from 1.13.0 to 1.13.1
    • 3 new passive checks
    Source code(tar.gz)
    Source code(zip)

  • v0.6.1(May 16, 2022)

  • v0.6.0(Apr 27, 2022)

    What's Changed

    CLI

    • Added the command ep-table
    • Separated param-table into it's own command
    • Added configuration options
    • Rebuilt the CLI main using structopt in clap
    • Added the option to present only 1 parameter or 1 endpoint in their respective tables
    • Added the option for a JSON output - cherrybomb oas --file --format json

    OAS

    • Created the EpTable module - it's meant to build the same kind of table as the param-table but with a different key(endpoint/path) and with some different related fields.

    General

    • Deprecated the Decider module.
    • Some minor bug fixes
    • Now taking yaml OAS files as input as well🎉

    New Contributors

    • @dret made their first contribution in https://github.com/blst-security/cherrybomb/pull/18

    Full Changelog: https://github.com/blst-security/cherrybomb/compare/v0.5.2...v0.6.0

    Source code(tar.gz)
    Source code(zip)
    cherrybomb_linux_gnu(16.07 MB)
    cherrybomb_mac_x86_64(10.24 MB)

  • v0.5.2(Mar 24, 2022)

  • v0.5.1(Mar 23, 2022)

    What's Changed

    A new check!

    We have released the long awaiting check regarding auth scopes in different methods Thanks to @H31S3nb3rg-0x00 for contributing the check!

    A new command!

    Hearing back some feedback we added a new command that you can use to call the OpenAPI specification validation. cherrybomb oas It functions exactly like the swagger command.

    Bug fixes:

    • Children parameters were sometimes not included in the param table - Fixed.
    • Path+ Query parameters were sometimes not included in the param table -Fixed.
    • Parameters min/max were not calculated correctly - Fixed.
    • Endpoints at which they are present.
    Source code(tar.gz)
    Source code(zip)
    cherrybomb_linux_gnu(16.58 MB)
    cherrybomb_mac_x86_64(10.82 MB)

  • v0.5.0(Mar 17, 2022)

  • v0.4.3(Feb 20, 2022)

  • v0.4.2(Feb 2, 2022)

  • v0.4.1(Feb 1, 2022)

Owner
BLST
BLST
GitHub https://www.blstsecurity.com/firecracker
A rust library for creating and managing logs of arbitrary binary data

A rust library for creating and managing logs of arbitrary binary data. Presently it's used to collect sensor data. But it should generally be helpful in cases where you need to store timeseries data, in a nearly (but not strictly) append-only fashion.

Yusuf Simonson 1 May 9, 2022
Quickwit - the next-gen search & analytics engine built for logs

Quickwit is the next-gen search & analytics engine built for logs. It is a highly reliable & cost-efficient alternative to Elasticsearch.

Quickwit OSS 2.9k Dec 30, 2022
HTTP request logger

nosy - HTTP request logger How hard can it be to build your own HTTP request logger in Rust? Well, not that easy if you've never written a webapp in R

Manuel Hutter 1 Nov 26, 2021
Compute and derive metrics by watching a log file

Export Prometheus metrics from your web server's access log Web servers only offer limited metrics. For example, nginx only offers stub_status unless

Remi Rampin 1 Nov 4, 2022
A pretty, sensible logger for Rust - ideal for running examples and tests on a crate of choice

sensible-env-logger A pretty, sensible logger for Rust - ideal for running examples and tests on a crate of choice. This is a thin wrapper around pret

Ritvik Nag 3 Aug 9, 2022
Rall is an incredibly simple and intuitive logger

Really...? Another Logging Library? Yes! :P rall is an incredibly simple and intuitive logger, consider this crate a failure if you can't get setup wi

Hamothy 4 Sep 5, 2022
Log for concurrent workloads, with support for atomic batches and in-order recovery

sharded-log A batch-oriented multi-threaded sharded log for workloads that occasionally flush logs into some other system. All batches have a 32-bit C

Komora 16 Nov 20, 2022
A dead simple logger that works globally and across threads.

Woody A logger for Rust that's *actually* easy to use. Features Easy to use: Just import the macros and you're good to go. No need to configure anythi

Travis A. Wagner 11 Apr 13, 2023
enum-map enum-map xfix/enum-map [enum-map] — An optimized map implementation for enums using an array to store values.

enum-map A library providing enum map providing type safe enum array. It is implemented using regular Rust arrays, so using them is as fast as using r

Konrad Borowski 57 Dec 19, 2022
Utility that takes logs from anywhere and sends them to Telegram.

logram Utility that takes logs from anywhere and sends them to Telegram. Supports log collection from files, journald and docker containers. More abou

Max Eliseev 85 Dec 22, 2022
SWC Transform to prefix logs. Useful for adding file and line number to logs

SWC Transform to prefix logs. Useful for adding file and line number to logs

William Tetlow 12 Jan 1, 2023
An experimental HTTP server in Rust that supports HTTP/1.1, HTTP/2, and HTTP/3 over QUIC.

?? H123 An experimental HTTP server in Rust that supports HTTP/1.1, HTTP/2, and HTTP/3 over QUIC. Warning This is an experimental project and not inte

Naoki Ikeguchi 7 Dec 15, 2022
This is a public snapshot of Fly's init code. It powers every Firecracker microvm we run for our users.

Fly Init This is a public snapshot of Fly's init code. It powers every Firecracker microvm we run for our users. It is Rust-based and we thought makin

fly.io 186 Dec 30, 2022
Automate your business flows, support, change tickets with Automatdeck

Automatdeck agent Website: https://automatdeck.com Documentation: https://doc.automatdeck.com Automatdeck agent is a simple lightweight IT automation

Kheshav Sewnundun 5 Aug 2, 2022
An oauth2 client implementation providing the Device, Installed and Service Account flows.

yup-oauth2 is a utility library which implements several OAuth 2.0 flows. It's mainly used by google-apis-rs, to authenticate against Google services.

Lewin Bormann 174 Dec 30, 2022
Self Organizing Map (SOM) is a type of Artificial Neural Network (ANN) that is trained using an unsupervised, competitive learning to produce a low dimensional, discretized representation (feature map) of higher dimensional data.

som Self Organizing Map Pre-requisites Setup rust To download Rustup and install Rust, run the following in your terminal, then follow the on-screen i

SelfOrgMap 5 Nov 4, 2020
Parses go-ethereum logs and pipes them to telegram

parrot Middleware that accepts logs via stdin and redirects them to Telegram, based on a configurable set of conditions.

null 6 Jul 25, 2022
A more modern http framework benchmarker supporting HTTP/1 and HTTP/2 benchmarks.

rewrk A more modern http framework benchmark utility.

Harrison Burt 273 Dec 27, 2022
Find out what takes most of the space in your executable.

cargo-bloat Find out what takes most of the space in your executable. Supports ELF (Linux, BSD), Mach-O (macOS) and PE (Windows) binaries. WASM is not

Yevhenii Reizner 1.7k Jan 4, 2023
Uses the cardano mini-protocols to receive every block and transaction, and save them to a configurable destination

cardano-slurp Connects to one or more cardano-node's, streams all available transactions, and saves them to disk (or to S3) in raw cbor format. Usage

Pi Lanningham 16 Jan 31, 2023