add flag to skip TLS/SSL verification

OWASP · Jul 12, 2024 · 2a0e6b8 · 2a0e6b8
1 parent 08002ba
commit 2a0e6b8
Show file tree

Hide file tree

Showing 3 changed files with 28 additions and 7 deletions.
diff --git a/src/cmd/offat/main.go b/src/cmd/offat/main.go
@@ -16,14 +16,15 @@ import (
 
 type CliConfig struct {
 	// Parser config
-	Filename *string
-
-	RequestsPerSecond *int
-
+	Filename                        *string
 	IsExternalRefsAllowed           *bool
 	DisableExamplesValidation       *bool
 	DisableSchemaDefaultsValidation *bool
 	DisableSchemaPatternValidation  *bool
+
+	// HTTP
+	RequestsPerSecond  *int
+	SkipTlsVerfication *bool
 }
 
 func main() {
@@ -36,7 +37,10 @@ func main() {
 	config.DisableExamplesValidation = flag.Bool("de", false, "disable example validation for OAS files")
 	config.DisableSchemaDefaultsValidation = flag.Bool("ds", false, "disable schema defaults validation for OAS files")
 	config.DisableSchemaPatternValidation = flag.Bool("dp", false, "disable schema patterns validation for OAS files")
+
 	config.RequestsPerSecond = flag.Int("r", 60, "number of requests per second")
+	config.SkipTlsVerfication = flag.Bool("ns", false, "disable TLS/SSL Verfication")
+
 	flag.Parse()
 
 	// parse documentation
@@ -63,7 +67,7 @@ func main() {
 	log.Info().Msgf("%v", parser.Doc.GetDocHttpParams())
 
 	// http client
-	httpCfg := http.NewConfig(config.RequestsPerSecond)
+	httpCfg := http.NewConfig(config.RequestsPerSecond, config.SkipTlsVerfication)
 	hc := http.NewHttp(httpCfg)
 	client := hc.Client.FHClient
 

diff --git a/src/pkg/http/http.go b/src/pkg/http/http.go
@@ -1,13 +1,28 @@
 package http
 
 import (
+	"crypto/tls"
 	"time"
 
 	fhc "github.com/dmdhrumilmistry/fasthttpclient/client"
 	"github.com/valyala/fasthttp"
 )
 
-func NewConfig(requestsPerSecond *int) *Config {
+func NewConfig(requestsPerSecond *int, skipTlsVerification *bool) *Config {
+	tlsConfig := &tls.Config{
+		InsecureSkipVerify: *skipTlsVerification,
+		MinVersion:         tls.VersionTLS12,
+		CipherSuites: []uint16{
+			tls.TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,
+			tls.TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384,
+			tls.TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305,
+			tls.TLS_AES_128_GCM_SHA256,       // TLS 1.3
+			tls.TLS_AES_256_GCM_SHA384,       // TLS 1.3
+			tls.TLS_CHACHA20_POLY1305_SHA256, // TLS 1.3
+		},
+		PreferServerCipherSuites: true,
+	}
+
 	fhc := &fasthttp.Client{
 		Name:                     "OWASP-OFFAT",
 		MaxConnsPerHost:          10000,
@@ -19,6 +34,7 @@ func NewConfig(requestsPerSecond *int) *Config {
 			Concurrency:      4096,
 			DNSCacheDuration: time.Hour,
 		}).Dial,
+		TLSConfig: tlsConfig,
 	}
 
 	return &Config{

diff --git a/src/pkg/http/http_test.go b/src/pkg/http/http_test.go
@@ -12,7 +12,8 @@ import (
 func TestHttpClient(t *testing.T) {
 	// http client
 	requestsPerSecond := 10
-	httpCfg := http.NewConfig(&requestsPerSecond)
+	skipTlsVerification := false
+	httpCfg := http.NewConfig(&requestsPerSecond, &skipTlsVerification)
 	hc := http.NewHttp(httpCfg)
 	client := hc.Client.FHClient