config

package
v1.0.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 12, 2026 License: MIT Imports: 9 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

func GenerateExample 

func GenerateExample(path string) error

GenerateExample writes an example config file to the given path

func GenerateMinimalExample 

func GenerateMinimalExample(path string) error

GenerateMinimalExample writes a minimal unauthenticated config to the given path. Suitable for quick scans against a public API when you have no auth tokens. Enables only injection and misconfig checks — no role-based tests.

Types

type Config 

type Config struct {
	Target  string                      `yaml:"target" validate:"omitempty,url"`
	Spec    string                      `yaml:"spec"`
	Roles   map[string]*models.Role     `yaml:"roles"`
	Params  models.Params               `yaml:"params"`
	BOLA    models.BOLAConfig           `yaml:"bola"`
	BFLA    models.BFLAConfig           `yaml:"bfla"`
	Prop    models.BrokenPropertyConfig `yaml:"broken_property"`
	Inject  models.InjectionConfig      `yaml:"injection"`
	Auth    models.BrokenAuthConfig     `yaml:"broken_auth"`
	Mass    models.MassAssignConfig     `yaml:"mass_assignment"`
	Rate    models.RateLimitConfig      `yaml:"rate_limit"`
	Race    models.RaceCondConfig       `yaml:"race_condition"`
	Misconf models.MisconfigConfig      `yaml:"misconfig"`
	Scan    types.ScanConfig            `yaml:"scan"`
	Output  types.OutputConfig          `yaml:"output"`
}

Config is the root configuration for apistrike

func DefaultConfig 

func DefaultConfig() *Config

DefaultConfig returns a ready-to-use Config for zero-config CI/CD mode. Includes an anonymous role and enables all non-role-dependent checks. Broken auth is disabled (no token available). BOLA/BFLA/mass-assign are disabled (require multiple roles with ownership).

func LoadConfig 

func LoadConfig(path string) (*Config, error)

LoadConfig reads, substitutes env vars, and validates a config file

func (*Config) IsCategorySkipped 

func (self *Config) IsCategorySkipped(name string) bool

IsCategorySkipped returns true if the given category or injection subtype is in the skip_categories list (case-insensitive).

func (*Config) IsDASTEnabled 

func (self *Config) IsDASTEnabled() bool

IsDASTEnabled returns whether DAST/fuzzing scanning is enabled. Defaults to false when not explicitly set.

func (*Config) IsEndpointInDASTScope 

func (self *Config) IsEndpointInDASTScope(path, method string) bool

IsEndpointInDASTScope returns true if the given path+method passes the DAST scope include/exclude/method filters.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.