v0.8.0

What's Changed

• Add new flag
  • Add --with-headers flag for Delivers
• Add new output formats
  • oas2 e.g noir -b . -f oas2
  • oas3 e.g noir -b . -f oas3
• Improve codes
  • Add new type in CodeLocator
    • With the addition of CodeLocator's type inference, more precise code analysis is now possible.
    • In this patch, when there are multiple API Spec documents within the analysis directory, all of them can be processed.
  • The output-related logic has been moved to an object called output_builder from noir model.
    • With this change, adding output type has become easier.
    • Now when using the -o flag to save a file, only the results of output_builder are saved.

Full Changelog: v0.7.3...v0.8.0

--with-headers flag

The --with-headers flag supports multiple flags and allowing you to add arbitrary headers in commands like --send-proxy. Any headers added through this flag can override existing header information obtained during source code analysis, using them as new headers.

Single

noir -b ./source --send-proxy http://localhost:8090 --with-headers "X-API-Key: ABCD"

Multiple

noir -b ./source --send-proxy http://localhost:8090 \
    --with-headers "X-API-Key: ABCD" \
    --with-headers "Authentication: ABCD"

v0.7.3

What's Changed

• Add ZAP Deliver Model
• Fixed #102 bug in OAS2 Analyzer

Full Changelog: v0.7.2...v0.7.3

v0.7.2

What's Changed

• Fixed #95 (Add exception of Dir.glob)

Thank you for @fanzige

v0.7.1

What's Changed

• Fixed #90

v0.7.0

• Support to Kotlin Spring
• Support to Java Armeria
• Support to C# ASP.NET MVC (First step, Only URL Endpoints)
• Improve Analyzers
  • Java Spring
  • Python Django (Add Method / Param / Header)
• Improve code quality and functional/unit test codes
• Fixed bugs

I extend my infinite gratitude to the brilliant developer @ksg97031 . And I am truly thankful to @infosec-au for the great ideas provided!

v0.6.0

Summary

• Support to Go Gin
  • Detector
  • Analyzer(Endpoint, Method, Param, Header)
• Support to RAML
  • Detector
  • Analyzer(Endpoint, Method, Param, Header)
• Improve Analyzers
  • Add JSP Analyzer (+With param)
  • Improve Go Echo Analyzer (+Support header param)

Screenshots

Go Gin

RAML

v0.5.4

• 🪄 Improve PHP Analyzer
  • Modify to identify POST parameters (bug fix). v0.5.3 / v0.5.4
  • Add identification of Header parameters. v0.5.3
  • Improve code analysis. v0.5.4
• 🪲 Fixed bugs
  • param-type bug v0.5.3

PHP Analyzer

Test fixture

Example App

v0.5.3

• 🪄 Improve PHP Analyzers
  • Modify to identify POST parameters (bug fix).
  • Add identification of Header parameters.
  • 5cb8863 / #58
• 🪲 Fixed param-type bug

v0.5.2

• 🪄 Improve Analyzers
  • Django (Improve REGEX_URL_MAPPING)
  • Spring (Add RouterFunction analyze)
  • Go Echo (Add param analyze)
  • Rails (Add header analyze)
• 🦺 Testing structure refactoring
• 🪲 And fixed bugs :D

I would like to express my infinite gratitude to @ksg97031 once again.

v0.5.1

• Fixed #31 (Add exception handling for file access errors in spawn)