Merge pull request #50 from aringo-bf/fix/httpbasic-segfault-and-quiet-flag

Fix HTTPBasic segfault and --quiet flag issues

Author: twest-bf

cmd/auth.go

@@ -45,20 +45,25 @@ func CheckSecuritySchemes(spec map[string]interface{}) {
 						if schemeType := scheme["scheme"]; schemeType != nil {
 							switch schemeType {
 							case "basic":
-								fmt.Println("Basic Authentication is accepted. Supply a username and password? (y/N)")
-								fmt.Scanln(&autoApplyBasicAuth)
-								autoApplyBasicAuth = strings.ToLower(autoApplyBasicAuth)
-								if autoApplyBasicAuth == "y" {
-									fmt.Printf("Enter a username.")
-									fmt.Scanln(&basicAuthUser)
-									fmt.Printf("Enter a password.")
-									fmt.Scanln(&basicAuthPass)
-									basicAuth = []byte(basicAuthUser + ":" + basicAuthPass)
-									basicAuthString = base64.StdEncoding.EncodeToString(basicAuth)
-									log.Infof("Using %s as the Basic Auth value.", basicAuthString)
-									Headers = append(Headers, "Authorization: Basic "+basicAuthString)
-								} else {
+								if quiet {
+									autoApplyBasicAuth = "n"
 									log.Warn("A basic authentication header is accepted. Review the spec and craft a header manually using the -H flag.")
+								} else {
+									fmt.Println("Basic Authentication is accepted. Supply a username and password? (y/N)")
+									fmt.Scanln(&autoApplyBasicAuth)
+									autoApplyBasicAuth = strings.ToLower(autoApplyBasicAuth)
+									if autoApplyBasicAuth == "y" {
+										fmt.Printf("Enter a username.")
+										fmt.Scanln(&basicAuthUser)
+										fmt.Printf("Enter a password.")
+										fmt.Scanln(&basicAuthPass)
+										basicAuth = []byte(basicAuthUser + ":" + basicAuthPass)
+										basicAuthString = base64.StdEncoding.EncodeToString(basicAuth)
+										log.Infof("Using %s as the Basic Auth value.", basicAuthString)
+										Headers = append(Headers, "Authorization: Basic "+basicAuthString)
+									} else {
+										log.Warn("A basic authentication header is accepted. Review the spec and craft a header manually using the -H flag.")
+									}
 								}
 							case "bearer":
 								log.Warn("A bearer token is accepted. Review the spec and craft a token manually using the -H flag.")

cmd/requests.go

@@ -59,7 +59,11 @@ func MakeRequest(client http.Client, method, target string, timeout int64, reqDa
 	}
 
 	// Handling of dangerous keywords
-	u, _ := url.Parse(target)
+	u, err := url.Parse(target)
+	if err != nil || u == nil {
+		log.Printf("Error parsing URL '%s': %v - skipping request.", target, err)
+		return nil, "", 0
+	}
 	endpoint := u.RawPath + "?" + u.RawQuery
 	for _, v := range dangerousStrings {
 		if os.Args[1] == "automate" && strings.Contains(endpoint, v) && !strings.Contains(strings.Join(safeWords, ","), v) {
@@ -87,8 +91,11 @@ func MakeRequest(client http.Client, method, target string, timeout int64, reqDa
 	defer cancel()
 
 	req, err := http.NewRequest(method, target, reqData)
-	if err != nil && err != context.Canceled && err != io.EOF {
-		log.Fatal("Error: could not create HTTP request - ", err)
+	if err != nil {
+		if err != context.Canceled && err != io.EOF {
+			log.Fatal("Error: could not create HTTP request - ", err)
+		}
+		return nil, "", 0
 	}
 
 	for i := range Headers {
@@ -168,14 +175,21 @@ func MakeRequest(client http.Client, method, target string, timeout int64, reqDa
 }
 
 func CheckContentType(client http.Client, target string) string {
-	u, _ := url.Parse(target)
+	u, err := url.Parse(target)
+	if err != nil || u == nil {
+		log.Printf("Error parsing URL '%s': %v - skipping request.", target, err)
+		return ""
+	}
 
 	ctx, cancel := context.WithTimeout(context.Background(), time.Duration(timeout)*time.Second)
 	defer cancel()
 
 	req, err := http.NewRequest("GET", target, nil)
-	if err != nil && err != context.Canceled && err != io.EOF {
-		log.Fatal("Error: could not create HTTP request - ", err)
+	if err != nil {
+		if err != context.Canceled && err != io.EOF {
+			log.Fatal("Error: could not create HTTP request - ", err)
+		}
+		return ""
 	}
 
 	// User-Agent handling

cmd/root.go

@@ -52,7 +52,7 @@ $ sj convert -u https://petstore.swagger.io/v2/swagger.json -o openapi.json`,
 			log.Error("Command not specified. See the --help flag for usage.")
 		}
 	},
-	Version: "2.3.0",
+	Version: "2.3.1",
 }
 
 func Execute() {

cmd/utils.go

@@ -198,7 +198,11 @@ func BuildRequestsFromPaths(spec map[string]interface{}, client http.Client) {
 							}
 						}
 
-						logURL, _ := url.Parse(targetURL)
+						logURL, parseErr := url.Parse(targetURL)
+						if parseErr != nil || logURL == nil {
+							log.Printf("Error parsing URL '%s': %v - skipping endpoint.", targetURL, parseErr)
+							continue
+						}
 						switch os.Args[1] {
 						case "automate":
 							var postBodyData string
@@ -403,7 +407,10 @@ func GenerateRequests(bodyBytes []byte, client http.Client) {
 	// Checks defined security schemes and prompts for authentication
 	CheckSecuritySchemes(spec)
 
-	u, _ := url.Parse(swaggerURL)
+	u, parseErr := url.Parse(swaggerURL)
+	if parseErr != nil {
+		u = &url.URL{}
+	}
 
 	// Gets the target server and base path from the specification file
 	if apiTarget == "" {