To use cnfuzzy, I only need to prepare the following 3 points.?
zyd6 opened this issue · 7 comments
My project is the spring boot project
1、cnfuzz/enable: "true" Set to use cnfuzzy identification
2、cnfuzz/open-api-doc: "/swagger/swagger.json" I need to prepare the swagger document under the target project container directory
3、cnfuzz/secret: "0d5989ed-d60c-470e-b1b5-576fcf0f5d8c" I don't understand the meaning of this secret. Whether the key of cnfuzzy service or the key of target project
Hi @zyd6!
1、cnfuzz/enable: "true" Set to use cnfuzzy identification
2、cnfuzz/open-api-doc: "/swagger/swagger.json" I need to prepare the swagger document under the target project container directory
3、cnfuzz/secret: "0d5989ed-d60c-470e-b1b5-576fcf0f5d8c" I don't understand the meaning of this secret. Whether the key of cnfuzzy service or the key of target project
- correct, from that moment on CNFuzz will start fuzzing the target once a new container image (hash) is being pushed.
- correct, so that HTTP path needs to be returning an OpenAPI spec document for the REST API running in the container.
- this secret string is being used as soon as CNFuzz encounters an endpoint which is secured by oauth, basic auth, etc. So it is about the target API that CNFuzz is going to fuzz. We are going to better document this feature.
hi
On the second point, can I use such a swagger document, such as: http://dev.secp.127.0.0.1.nip.io/api/test/doc.html
hi On the second point, can I use such a swagger document, such as: http://dev.secp.127.0.0.1.nip.io/api/test/doc.html
Yes, as long as it is a JSON with an OpenAPI spec in it.
ok thanks i will try it