Part 5: HTTP Clients and Real-World Integration - Complete Application

Introduction

Building a security tool isn't just about the core logic—it needs HTTP clients, JSON parsing, CLI arguments, and user-friendly output. This final part shows how I integrated everything to make simple-waf-scannerarrow-up-right a complete, production-ready tool.

We'll cover HTTP with reqwest, JSON with serde, CLI with clap, colored terminal output, and publishing to crates.io.

HTTP Requests with Reqwest

Setting Up the Client

use reqwest::{Client, Response, header};
use std::time::Duration;

fn build_client() -> Result<Client, reqwest::Error> {
    Client::builder()
        .timeout(Duration::from_secs(10))
        .user_agent("WAF-Scanner/0.1.0")
        .danger_accept_invalid_certs(true)  // For testing environments
        .redirect(reqwest::redirect::Policy::limited(5))
        .build()
}

Making GET Requests

Making POST Requests

Custom Headers

JSON Serialization with Serde

Defining Data Structures

Loading JSON from Files

Saving Results as JSON

Working with API Responses

Building the CLI with Clap

Add Dependencies

Define CLI Structure

Using CLI Arguments

Subcommands

Colored Terminal Output

Add Dependency

Using Colors

Progress Indication

Using indicatif

Progress Bar Implementation

Complete Application Structure

Real Scanner Module

Publishing to Crates.io

Prepare Cargo.toml

Create README.md

Usage

License

MIT

Version Updates

Integration Testing

Testing the Complete Application

Environment Configuration

Using .env Files

Logging

Add structured logging

Key Takeaways

  1. Reqwest: Powerful HTTP client with async support

  2. Serde: Effortless JSON serialization/deserialization

  3. Clap: Beautiful CLI parsing with derive macros

  4. Colored: Easy terminal output styling

  5. Crates.io: Simple publishing process

  6. Integration: Combine libraries for complete solutions

Common Patterns

Series Conclusion

You've now built a complete Rust application from scratch:

  • Part 1: Setup, basics, types, structs

  • Part 2: Ownership, borrowing, lifetimes

  • Part 3: Error handling with Result

  • Part 4: Async programming with Tokio

  • Part 5: HTTP, JSON, CLI, publishing

The simple-waf-scanner project demonstrates all these concepts in a real production tool with 280+ payloads and 11+ WAF detections.


Project available at github.com/Htunn/simple-waf-scannerarrow-up-right Published on crates.io as simple-waf-scanner

Last updated