swagger/scan/active/
response_checks.rs1use super::*;
2
3impl<T: OAS + Serialize> ActiveScan<T> {
4 pub fn is_2xx(check_ret: CheckRetVal) -> (Vec<Alert>, AttackLog) {
5 let mut ret_val = vec![];
6 for (res_data, response) in check_ret.0.into_iter() {
8 if (200..300u16).contains(&response.status) {
9 ret_val.push(Alert::with_certainty(
10 res_data.serverity,
11 res_data.alert_text,
12 res_data.location,
13 Certainty::Certain,
14 ))
15 }
16 }
17 (ret_val, check_ret.1)
18 }
19
20 pub fn is_3xx(check_ret: CheckRetVal) -> (Vec<Alert>, AttackLog) {
21 let mut ret_val = vec![];
22 dbg!(&check_ret);
23 for (res_data, response) in check_ret.0.into_iter() {
24 if (300..300u16).contains(&response.status) {
25 ret_val.push(Alert::with_certainty(
26 res_data.serverity,
27 res_data.alert_text,
28 res_data.location,
29 Certainty::Certain,
30 ))
31 }
32 }
33 (ret_val, check_ret.1)
34 }
35
36 pub fn reflected_and_2xx(
37 check_ret_param: (CheckRetVal, Vec<String>),
38 ) -> (Vec<Alert>, AttackLog) {
39 let mut ret_val = vec![];
40 let check_ret_only = check_ret_param.0;
41 let check_ret = check_ret_only.0;
42 for (res_data, response) in &check_ret {
43 for polluted in &check_ret_param.1 {
44 if (200..300u16).contains(&response.status) && response.payload.contains(polluted) {
45 ret_val.push(Alert::with_certainty(
46 res_data.serverity.clone(),
47 res_data.alert_text.to_string(),
48 res_data.location.to_string(),
49 Certainty::Certain,
50 ))
51 }
52 }
53 }
54 (ret_val, check_ret_only.1)
55 }
56}