Detecting versions of multiple swagger-uis
Project description
Swagger-UI Detector
Description
Get versions of many Swagger-UIs specified in a URL list.
But first, ensure access to a local swagger-ui github repository (either point to a path or let the script clone it).
Detection method is basically from the official source
For each URL, the script attempts to detect a version:
- for major version 2 or less, try searching
swagger-ui.js
file - for major version 3 or more, search
swagger-ui-bundle.js
for a git reference and get version from local swagger-ui github repository.
Once the version is detected, report vulnerabilities associated with that version (source of data: SNYK).
Outputs to stdout, logs to stderr.
Installation
Use the package manager pip to install swagger-ui-detector.
pip install swagger-ui-detector
Usage
Usage: swagger-ui-detector [OPTIONS]
Options:
--swagger-ui-repo TEXT Local repository containing swagger-ui
[default: ./swagger-ui]
--swagger-ui-git-source TEXT GIT URL of swagger-ui
[default: https://github.com/swagger-api/swagger-ui]
--url-list TEXT File containing URLs pointing to swagger-uis
--snyk-url TEXT Snyk URL containing swagger-ui vulnerabilities
[default: https://snyk.io/vuln/npm:swagger-ui]
--get-repo Boolean, specifies whether to get the swagger-ui repo from github
[default: True]
--one-line Boolean, whether to print one line of output per URL.
[default: False]
--help Show this message and exit.
Examples:
Simple example:
> swagger-ui-detector --url-list http4kswag.txt
2022-06-13 15:25:23,523 [INFO] Directory for swagger-ui repo already exists.
2022-06-13 15:25:23,523 [INFO] Directory is not empty.
2022-06-13 15:25:23,525 [INFO] Directory is a valid swagger-ui dir with remote https://github.com/swagger-api/swagger-ui
2022-06-13 15:25:23,525 [INFO] Using local swagger-ui repository at ./swagger-ui
2022-06-13 15:25:23,525 [INFO] Load vulnerabilities from https://snyk.io/vuln/npm:swagger-ui ...
2022-06-13 15:25:23,903 [INFO] Loaded 14 vulnerabilities.
2022-06-13 15:25:23,903 [INFO] Got 2 URLs to try...
URL https://www.http4k.org/openapi3/ - [OK] Version v4.11.1
---------
This swagger-ui is not vulnerable.
2022-06-13 15:25:24,475 [INFO] Status: 95%, estimated 0s left.
URL https://demo.thingsboard.io/swagger-ui/ - [VULNERABLE] Version v3.52.5
---------
This swagger-ui is vulnerable to:
- [User Interface (UI) Misrepresentation of Critical Information](https://snyk.io/vuln/SNYK-JS-SWAGGERUI-2314885)
2022-06-13 15:25:26,028 [INFO] Done.
Redirect logs:
> swagger-ui-detector --url-list http4kswag.txt 2>/dev/null
URL https://www.http4k.org/openapi3/ - [OK] Version v4.11.1
---------
This swagger-ui is not vulnerable.
URL https://demo.thingsboard.io/swagger-ui/ - [VULNERABLE] Version v3.52.5
---------
This swagger-ui is vulnerable to:
- [User Interface (UI) Misrepresentation of Critical Information](https://snyk.io/vuln/SNYK-JS-SWAGGERUI-2314885)
One-line output:
> swagger-ui-detector --url-list http4kswag.txt --one-line 2>/dev/null
URL https://www.http4k.org/openapi3/ - [OK] Version v4.11.1
URL https://demo.thingsboard.io/swagger-ui/ - [VULNERABLE] Version v3.52.5
Redirect output:
> swagger-ui-detector --url-list http4kswag.txt 1>swagger-detected.log
2022-06-13 15:27:36,267 [INFO] Directory for swagger-ui repo already exists.
2022-06-13 15:27:36,267 [INFO] Directory is not empty.
2022-06-13 15:27:36,269 [INFO] Directory is a valid swagger-ui dir with remote https://github.com/swagger-api/swagger-ui
2022-06-13 15:27:36,270 [INFO] Using local swagger-ui repository at ./swagger-ui
2022-06-13 15:27:36,270 [INFO] Load vulnerabilities from https://snyk.io/vuln/npm:swagger-ui ...
2022-06-13 15:27:36,682 [INFO] Loaded 14 vulnerabilities.
2022-06-13 15:27:36,682 [INFO] Got 2 URLs to try...
2022-06-13 15:27:37,085 [INFO] Status: 95%, estimated 0s left.
2022-06-13 15:27:39,424 [INFO] Done.
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
swagger-ui-detector-1.0.0.tar.gz
(20.7 kB
view hashes)
Built Distribution
Close
Hashes for swagger-ui-detector-1.0.0.tar.gz
Algorithm | Hash digest | |
---|---|---|
SHA256 | 84e87a2407ae672bec1436f5dafdd73fad5fcc0b821d352d482e798294b8b1e8 |
|
MD5 | 24c2c87d019d94aa89d46b3187cbe433 |
|
BLAKE2b-256 | b4e4c9e43a51ca8514e856dfd1b6595579371515cd7490d16f8001d675a3fcdd |
Close
Hashes for swagger_ui_detector-1.0.0-py3-none-any.whl
Algorithm | Hash digest | |
---|---|---|
SHA256 | d2e5a428998538457652550620498eaf975e9f805952d5fd60baa139516f9d95 |
|
MD5 | 40cf990006a6ea96c300068c831eb776 |
|
BLAKE2b-256 | 240b3946ae1d4c66014557017bc04f2cac63b90d04aaca1d83be2f90d4fb1ca1 |