Merge pull request #151 from cerberauth/add-bad-request-unauthorized-…

…similar fix: add bad request as unauthorized similar
cerberauth · Aug 16, 2024 · b9cb39d · b9cb39d
2 parents ecaa479 + b1342d7
commit b9cb39d
Show file tree

Hide file tree

Showing 3 changed files with 4 additions and 2 deletions.
diff --git a/README.md b/README.md
@@ -71,10 +71,10 @@ vulnapi scan curl http://localhost:8080 -H "Authorization: Bearer eyJhbGciOiJub2
 To perform a scan using OpenAPI contracts, execute the following command:
 
 ```bash
-echo "[JWT_TOKEN]" | vulnapi scan openapi [PATH_TO_OPENAPI_FILE]
+echo "[JWT_TOKEN]" | vulnapi scan openapi [PATH_OR_URL_TO_OPENAPI_FILE]
 ```
 
-Replace [PATH_TO_OPENAPI_FILE] with the path to the OpenAPI contract JSON file and [JWT_TOKEN] with the JWT token to use for authentication.
+Replace [PATH_OR_URL_TO_OPENAPI_FILE] with the path or the URL to the OpenAPI contract JSON file and [JWT_TOKEN] with the JWT token to use for authentication.
 
 Example:
 

diff --git a/internal/scan/utils.go b/internal/scan/utils.go
@@ -7,6 +7,7 @@ import (
 func IsUnauthorizedStatusCodeOrSimilar(resp *http.Response) bool {
 	return resp.StatusCode == http.StatusUnauthorized ||
 		resp.StatusCode == http.StatusForbidden ||
+		resp.StatusCode == http.StatusBadRequest ||
 		resp.StatusCode == http.StatusNotFound ||
 		resp.StatusCode == http.StatusInternalServerError
 }
diff --git a/internal/scan/utils_test.go b/internal/scan/utils_test.go
@@ -15,6 +15,7 @@ func TestIsUnauthorizedStatusCodeOrSimilar(t *testing.T) {
 	}{
 		{http.StatusUnauthorized, true},
 		{http.StatusForbidden, true},
+		{http.StatusBadRequest, true},
 		{http.StatusNotFound, true},
 		{http.StatusInternalServerError, true},
 		{http.StatusOK, false},