diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 27408a85..01cf9296 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -73,6 +73,35 @@ jobs: name: ${{ matrix.name }}.tar.gz path: ${{ matrix.name }}.tar.gz + build-debug: + env: + IN_PIPELINE: true + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v2 + - name: Install System Dependencies + run: | + env + sudo apt-get update + sudo apt-get install -y --no-install-recommends libssl-dev pkg-config + - uses: actions-rs/toolchain@v1 + with: + toolchain: stable + target: x86_64-unknown-linux-musl + override: true + - uses: actions-rs/cargo@v1 + env: + PKG_CONFIG_PATH: /usr/lib/x86_64-linux-gnu/pkgconfig + OPENSSL_DIR: /usr/lib/ssl + with: + use-cross: true + command: build + args: --target=x86_64-unknown-linux-musl + - uses: actions/upload-artifact@v2 + with: + name: x86_64-linux-debug-feroxbuster + path: target/x86_64-unknown-linux-musl/debug/feroxbuster + # build-deb: # needs: [build-nix] # runs-on: ubuntu-latest diff --git a/src/banner/container.rs b/src/banner/container.rs index b251e45e..a7fe5643 100644 --- a/src/banner/container.rs +++ b/src/banner/container.rs @@ -1,13 +1,15 @@ use super::entry::BannerEntry; use crate::{ + client, config::Configuration, event_handlers::Handles, - utils::{logged_request, parse_url_with_raw_path, status_colorizer}, + utils::{make_request, parse_url_with_raw_path, status_colorizer}, DEFAULT_IGNORED_EXTENSIONS, DEFAULT_METHOD, DEFAULT_STATUS_CODES, VERSION, }; use anyhow::{bail, Result}; use console::{style, Emoji}; use serde_json::Value; +use std::collections::HashMap; use std::{io::Write, sync::Arc}; /// Url used to query github's api; specifically used to look for the latest tagged release name @@ -498,7 +500,34 @@ by Ben "epi" Risher {} ver: {}"#, let api_url = parse_url_with_raw_path(url)?; - let result = logged_request(&api_url, DEFAULT_METHOD, None, handles.clone()).await?; + // we don't want to leak sensitive header info / include auth headers + // with the github api request, so we'll build a client specifically + // for this task. thanks to @stuhlmann for the suggestion! + let client = client::initialize( + handles.config.timeout, + "feroxbuster-update-check", + handles.config.redirects, + handles.config.insecure, + &HashMap::new(), + Some(&handles.config.proxy), + &handles.config.server_certs, + Some(&handles.config.client_cert), + Some(&handles.config.client_key), + )?; + let level = handles.config.output_level; + let tx_stats = handles.stats.tx.clone(); + + let result = make_request( + &client, + &api_url, + DEFAULT_METHOD, + None, + level, + &handles.config, + tx_stats, + ) + .await?; + let body = result.text().await?; let json_response: Value = serde_json::from_str(&body)?; diff --git a/src/client.rs b/src/client.rs index afc00dc0..d8f11588 100644 --- a/src/client.rs +++ b/src/client.rs @@ -67,17 +67,19 @@ where } if let (Some(cert_path), Some(key_path)) = (client_cert, client_key) { - let cert = std::fs::read(cert_path)?; - let key = std::fs::read(key_path)?; + if !cert_path.is_empty() && !key_path.is_empty() { + let cert = std::fs::read(cert_path)?; + let key = std::fs::read(key_path)?; - let identity = reqwest::Identity::from_pkcs8_pem(&cert, &key).with_context(|| { - format!( - "either {} or {} are invalid; expecting PEM encoded certificate and key", - cert_path, key_path - ) - })?; + let identity = reqwest::Identity::from_pkcs8_pem(&cert, &key).with_context(|| { + format!( + "either {} or {} are invalid; expecting PEM encoded certificate and key", + cert_path, key_path + ) + })?; - client = client.identity(identity); + client = client.identity(identity); + } } Ok(client.build()?)