@j3r3my/scan-orchestrator 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/LICENSE +21 -0
- package/README.md +230 -0
- package/dist/src/adapters/queue/QueueAdapter.d.ts +1 -0
- package/dist/src/adapters/queue/QueueAdapter.d.ts.map +1 -0
- package/dist/src/adapters/queue/QueueAdapter.js +2 -0
- package/dist/src/adapters/queue/QueueAdapter.js.map +1 -0
- package/dist/src/adapters/storage/StorageAdapter.d.ts +1 -0
- package/dist/src/adapters/storage/StorageAdapter.d.ts.map +1 -0
- package/dist/src/adapters/storage/StorageAdapter.js +2 -0
- package/dist/src/adapters/storage/StorageAdapter.js.map +1 -0
- package/dist/src/core/Orchestrator.d.ts +1 -0
- package/dist/src/core/Orchestrator.d.ts.map +1 -0
- package/dist/src/core/Orchestrator.js +2 -0
- package/dist/src/core/Orchestrator.js.map +1 -0
- package/dist/src/core/ScanStateManager.d.ts +1 -0
- package/dist/src/core/ScanStateManager.d.ts.map +1 -0
- package/dist/src/core/ScanStateManager.js +2 -0
- package/dist/src/core/ScanStateManager.js.map +1 -0
- package/dist/src/core/TaskDispatcher.d.ts +1 -0
- package/dist/src/core/TaskDispatcher.d.ts.map +1 -0
- package/dist/src/core/TaskDispatcher.js +2 -0
- package/dist/src/core/TaskDispatcher.js.map +1 -0
- package/dist/src/core/TaskScheduler.d.ts +1 -0
- package/dist/src/core/TaskScheduler.d.ts.map +1 -0
- package/dist/src/core/TaskScheduler.js +2 -0
- package/dist/src/core/TaskScheduler.js.map +1 -0
- package/dist/src/index.d.ts +2 -0
- package/dist/src/index.d.ts.map +1 -0
- package/dist/src/index.js +18 -0
- package/dist/src/index.js.map +1 -0
- package/dist/src/types/__tests__/attack-payloads.test.d.ts +2 -0
- package/dist/src/types/__tests__/attack-payloads.test.d.ts.map +1 -0
- package/dist/src/types/__tests__/attack-payloads.test.js +116 -0
- package/dist/src/types/__tests__/attack-payloads.test.js.map +1 -0
- package/dist/src/types/__tests__/task-payload.test.d.ts +2 -0
- package/dist/src/types/__tests__/task-payload.test.d.ts.map +1 -0
- package/dist/src/types/__tests__/task-payload.test.js +125 -0
- package/dist/src/types/__tests__/task-payload.test.js.map +1 -0
- package/dist/src/types/__tests__/task-type.failure.d.ts +1 -0
- package/dist/src/types/__tests__/task-type.failure.d.ts.map +1 -0
- package/dist/src/types/__tests__/task-type.failure.js +11 -0
- package/dist/src/types/__tests__/task-type.failure.js.map +1 -0
- package/dist/src/types/__tests__/task-type.test.d.ts +2 -0
- package/dist/src/types/__tests__/task-type.test.d.ts.map +1 -0
- package/dist/src/types/__tests__/task-type.test.js +35 -0
- package/dist/src/types/__tests__/task-type.test.js.map +1 -0
- package/dist/src/types/__tests__/task.failure.d.ts +1 -0
- package/dist/src/types/__tests__/task.failure.d.ts.map +1 -0
- package/dist/src/types/__tests__/task.failure.js +21 -0
- package/dist/src/types/__tests__/task.failure.js.map +1 -0
- package/dist/src/types/__tests__/task.test.d.ts +2 -0
- package/dist/src/types/__tests__/task.test.d.ts.map +1 -0
- package/dist/src/types/__tests__/task.test.js +15 -0
- package/dist/src/types/__tests__/task.test.js.map +1 -0
- package/dist/src/types/analyze/AnalyzeJsPayload.d.ts +8 -0
- package/dist/src/types/analyze/AnalyzeJsPayload.d.ts.map +1 -0
- package/dist/src/types/analyze/AnalyzeJsPayload.js +3 -0
- package/dist/src/types/analyze/AnalyzeJsPayload.js.map +1 -0
- package/dist/src/types/analyze/AnalyzePayload.d.ts +10 -0
- package/dist/src/types/analyze/AnalyzePayload.d.ts.map +1 -0
- package/dist/src/types/analyze/AnalyzePayload.js +3 -0
- package/dist/src/types/analyze/AnalyzePayload.js.map +1 -0
- package/dist/src/types/analyze/index.d.ts +3 -0
- package/dist/src/types/analyze/index.d.ts.map +1 -0
- package/dist/src/types/analyze/index.js +19 -0
- package/dist/src/types/analyze/index.js.map +1 -0
- package/dist/src/types/attack/client/OpenRedirectPayload.d.ts +5 -0
- package/dist/src/types/attack/client/OpenRedirectPayload.d.ts.map +1 -0
- package/dist/src/types/attack/client/OpenRedirectPayload.js +3 -0
- package/dist/src/types/attack/client/OpenRedirectPayload.js.map +1 -0
- package/dist/src/types/attack/client/XssReflectedPayload.d.ts +5 -0
- package/dist/src/types/attack/client/XssReflectedPayload.d.ts.map +1 -0
- package/dist/src/types/attack/client/XssReflectedPayload.js +3 -0
- package/dist/src/types/attack/client/XssReflectedPayload.js.map +1 -0
- package/dist/src/types/attack/client/XssStoredPayload.d.ts +5 -0
- package/dist/src/types/attack/client/XssStoredPayload.d.ts.map +1 -0
- package/dist/src/types/attack/client/XssStoredPayload.js +3 -0
- package/dist/src/types/attack/client/XssStoredPayload.js.map +1 -0
- package/dist/src/types/attack/client/index.d.ts +4 -0
- package/dist/src/types/attack/client/index.d.ts.map +1 -0
- package/dist/src/types/attack/client/index.js +20 -0
- package/dist/src/types/attack/client/index.js.map +1 -0
- package/dist/src/types/attack/common/AttackBasePayload.d.ts +7 -0
- package/dist/src/types/attack/common/AttackBasePayload.d.ts.map +1 -0
- package/dist/src/types/attack/common/AttackBasePayload.js +3 -0
- package/dist/src/types/attack/common/AttackBasePayload.js.map +1 -0
- package/dist/src/types/attack/common/GenericAttackPayload.d.ts +10 -0
- package/dist/src/types/attack/common/GenericAttackPayload.d.ts.map +1 -0
- package/dist/src/types/attack/common/GenericAttackPayload.js +3 -0
- package/dist/src/types/attack/common/GenericAttackPayload.js.map +1 -0
- package/dist/src/types/attack/common/index.d.ts +3 -0
- package/dist/src/types/attack/common/index.d.ts.map +1 -0
- package/dist/src/types/attack/common/index.js +19 -0
- package/dist/src/types/attack/common/index.js.map +1 -0
- package/dist/src/types/attack/index.d.ts +4 -0
- package/dist/src/types/attack/index.d.ts.map +1 -0
- package/dist/src/types/attack/index.js +20 -0
- package/dist/src/types/attack/index.js.map +1 -0
- package/dist/src/types/attack/server/HeadersPayload.d.ts +6 -0
- package/dist/src/types/attack/server/HeadersPayload.d.ts.map +1 -0
- package/dist/src/types/attack/server/HeadersPayload.js +3 -0
- package/dist/src/types/attack/server/HeadersPayload.js.map +1 -0
- package/dist/src/types/attack/server/LfiPayload.d.ts +5 -0
- package/dist/src/types/attack/server/LfiPayload.d.ts.map +1 -0
- package/dist/src/types/attack/server/LfiPayload.js +3 -0
- package/dist/src/types/attack/server/LfiPayload.js.map +1 -0
- package/dist/src/types/attack/server/OpenRedirectPayload.d.ts +4 -0
- package/dist/src/types/attack/server/OpenRedirectPayload.d.ts.map +1 -0
- package/dist/src/types/attack/server/OpenRedirectPayload.js +3 -0
- package/dist/src/types/attack/server/OpenRedirectPayload.js.map +1 -0
- package/dist/src/types/attack/server/PathTraversalPayload.d.ts +6 -0
- package/dist/src/types/attack/server/PathTraversalPayload.d.ts.map +1 -0
- package/dist/src/types/attack/server/PathTraversalPayload.js +3 -0
- package/dist/src/types/attack/server/PathTraversalPayload.js.map +1 -0
- package/dist/src/types/attack/server/RcePayload.d.ts +6 -0
- package/dist/src/types/attack/server/RcePayload.d.ts.map +1 -0
- package/dist/src/types/attack/server/RcePayload.js +3 -0
- package/dist/src/types/attack/server/RcePayload.js.map +1 -0
- package/dist/src/types/attack/server/RfiPayload.d.ts +5 -0
- package/dist/src/types/attack/server/RfiPayload.d.ts.map +1 -0
- package/dist/src/types/attack/server/RfiPayload.js +3 -0
- package/dist/src/types/attack/server/RfiPayload.js.map +1 -0
- package/dist/src/types/attack/server/SqliBooleanPayload.d.ts +5 -0
- package/dist/src/types/attack/server/SqliBooleanPayload.d.ts.map +1 -0
- package/dist/src/types/attack/server/SqliBooleanPayload.js +3 -0
- package/dist/src/types/attack/server/SqliBooleanPayload.js.map +1 -0
- package/dist/src/types/attack/server/SqliErrorPayload.d.ts +5 -0
- package/dist/src/types/attack/server/SqliErrorPayload.d.ts.map +1 -0
- package/dist/src/types/attack/server/SqliErrorPayload.js +3 -0
- package/dist/src/types/attack/server/SqliErrorPayload.js.map +1 -0
- package/dist/src/types/attack/server/SqliStackedPayload.d.ts +5 -0
- package/dist/src/types/attack/server/SqliStackedPayload.d.ts.map +1 -0
- package/dist/src/types/attack/server/SqliStackedPayload.js +3 -0
- package/dist/src/types/attack/server/SqliStackedPayload.js.map +1 -0
- package/dist/src/types/attack/server/SqliTimePayload.d.ts +5 -0
- package/dist/src/types/attack/server/SqliTimePayload.d.ts.map +1 -0
- package/dist/src/types/attack/server/SqliTimePayload.js +3 -0
- package/dist/src/types/attack/server/SqliTimePayload.js.map +1 -0
- package/dist/src/types/attack/server/SqliUnionPayload.d.ts +5 -0
- package/dist/src/types/attack/server/SqliUnionPayload.d.ts.map +1 -0
- package/dist/src/types/attack/server/SqliUnionPayload.js +3 -0
- package/dist/src/types/attack/server/SqliUnionPayload.js.map +1 -0
- package/dist/src/types/attack/server/SsrfPayload.d.ts +9 -0
- package/dist/src/types/attack/server/SsrfPayload.d.ts.map +1 -0
- package/dist/src/types/attack/server/SsrfPayload.js +3 -0
- package/dist/src/types/attack/server/SsrfPayload.js.map +1 -0
- package/dist/src/types/attack/server/XxePayload.d.ts +6 -0
- package/dist/src/types/attack/server/XxePayload.d.ts.map +1 -0
- package/dist/src/types/attack/server/XxePayload.js +3 -0
- package/dist/src/types/attack/server/XxePayload.js.map +1 -0
- package/dist/src/types/attack/server/index.d.ts +10 -0
- package/dist/src/types/attack/server/index.d.ts.map +1 -0
- package/dist/src/types/attack/server/index.js +26 -0
- package/dist/src/types/attack/server/index.js.map +1 -0
- package/dist/src/types/core/Scan.d.ts +26 -0
- package/dist/src/types/core/Scan.d.ts.map +1 -0
- package/dist/src/types/core/Scan.js +3 -0
- package/dist/src/types/core/Scan.js.map +1 -0
- package/dist/src/types/core/SecurityContextPayload.d.ts +10 -0
- package/dist/src/types/core/SecurityContextPayload.d.ts.map +1 -0
- package/dist/src/types/core/SecurityContextPayload.js +3 -0
- package/dist/src/types/core/SecurityContextPayload.js.map +1 -0
- package/dist/src/types/core/Task.d.ts +10 -0
- package/dist/src/types/core/Task.d.ts.map +1 -0
- package/dist/src/types/core/Task.js +3 -0
- package/dist/src/types/core/Task.js.map +1 -0
- package/dist/src/types/core/TaskPayload.d.ts +3 -0
- package/dist/src/types/core/TaskPayload.d.ts.map +1 -0
- package/dist/src/types/core/TaskPayload.js +3 -0
- package/dist/src/types/core/TaskPayload.js.map +1 -0
- package/dist/src/types/core/TaskPayloadMap.d.ts +52 -0
- package/dist/src/types/core/TaskPayloadMap.d.ts.map +1 -0
- package/dist/src/types/core/TaskPayloadMap.js +4 -0
- package/dist/src/types/core/TaskPayloadMap.js.map +1 -0
- package/dist/src/types/core/TaskType.d.ts +27 -0
- package/dist/src/types/core/TaskType.d.ts.map +1 -0
- package/dist/src/types/core/TaskType.js +36 -0
- package/dist/src/types/core/TaskType.js.map +1 -0
- package/dist/src/types/core/WorkerResult.d.ts +18 -0
- package/dist/src/types/core/WorkerResult.d.ts.map +1 -0
- package/dist/src/types/core/WorkerResult.js +3 -0
- package/dist/src/types/core/WorkerResult.js.map +1 -0
- package/dist/src/types/core/index.d.ts +6 -0
- package/dist/src/types/core/index.d.ts.map +1 -0
- package/dist/src/types/core/index.js +22 -0
- package/dist/src/types/core/index.js.map +1 -0
- package/dist/src/types/crawls/CrawlApiPayload.d.ts +6 -0
- package/dist/src/types/crawls/CrawlApiPayload.d.ts.map +1 -0
- package/dist/src/types/crawls/CrawlApiPayload.js +3 -0
- package/dist/src/types/crawls/CrawlApiPayload.js.map +1 -0
- package/dist/src/types/crawls/CrawlAssetsPayload.d.ts +10 -0
- package/dist/src/types/crawls/CrawlAssetsPayload.d.ts.map +1 -0
- package/dist/src/types/crawls/CrawlAssetsPayload.js +3 -0
- package/dist/src/types/crawls/CrawlAssetsPayload.js.map +1 -0
- package/dist/src/types/crawls/CrawlFormPayload.d.ts +9 -0
- package/dist/src/types/crawls/CrawlFormPayload.d.ts.map +1 -0
- package/dist/src/types/crawls/CrawlFormPayload.js +3 -0
- package/dist/src/types/crawls/CrawlFormPayload.js.map +1 -0
- package/dist/src/types/crawls/CrawlPagePayload.d.ts +6 -0
- package/dist/src/types/crawls/CrawlPagePayload.d.ts.map +1 -0
- package/dist/src/types/crawls/CrawlPagePayload.js +3 -0
- package/dist/src/types/crawls/CrawlPagePayload.js.map +1 -0
- package/dist/src/types/crawls/index.d.ts +5 -0
- package/dist/src/types/crawls/index.d.ts.map +1 -0
- package/dist/src/types/crawls/index.js +21 -0
- package/dist/src/types/crawls/index.js.map +1 -0
- package/dist/src/types/index.d.ts +6 -0
- package/dist/src/types/index.d.ts.map +1 -0
- package/dist/src/types/index.js +22 -0
- package/dist/src/types/index.js.map +1 -0
- package/dist/src/types/normalize/NormalizeAssetsPayload.d.ts +5 -0
- package/dist/src/types/normalize/NormalizeAssetsPayload.d.ts.map +1 -0
- package/dist/src/types/normalize/NormalizeAssetsPayload.js +3 -0
- package/dist/src/types/normalize/NormalizeAssetsPayload.js.map +1 -0
- package/dist/src/types/normalize/NormalizeAttackPayload.d.ts +5 -0
- package/dist/src/types/normalize/NormalizeAttackPayload.d.ts.map +1 -0
- package/dist/src/types/normalize/NormalizeAttackPayload.js +3 -0
- package/dist/src/types/normalize/NormalizeAttackPayload.js.map +1 -0
- package/dist/src/types/normalize/NormalizeContextPayload.d.ts +4 -0
- package/dist/src/types/normalize/NormalizeContextPayload.d.ts.map +1 -0
- package/dist/src/types/normalize/NormalizeContextPayload.js +3 -0
- package/dist/src/types/normalize/NormalizeContextPayload.js.map +1 -0
- package/dist/src/types/normalize/index.d.ts +4 -0
- package/dist/src/types/normalize/index.d.ts.map +1 -0
- package/dist/src/types/normalize/index.js +20 -0
- package/dist/src/types/normalize/index.js.map +1 -0
- package/dist/src/workers/analyze/domAnalyze.worker.d.ts +1 -0
- package/dist/src/workers/analyze/domAnalyze.worker.d.ts.map +1 -0
- package/dist/src/workers/analyze/domAnalyze.worker.js +2 -0
- package/dist/src/workers/analyze/domAnalyze.worker.js.map +1 -0
- package/dist/src/workers/analyze/httpAnalyze.worker.d.ts +1 -0
- package/dist/src/workers/analyze/httpAnalyze.worker.d.ts.map +1 -0
- package/dist/src/workers/analyze/httpAnalyze.worker.js +2 -0
- package/dist/src/workers/analyze/httpAnalyze.worker.js.map +1 -0
- package/dist/src/workers/attack/__tests__/headers.worker.test.d.ts +2 -0
- package/dist/src/workers/attack/__tests__/headers.worker.test.d.ts.map +1 -0
- package/dist/src/workers/attack/__tests__/headers.worker.test.js +68 -0
- package/dist/src/workers/attack/__tests__/headers.worker.test.js.map +1 -0
- package/dist/src/workers/attack/__tests__/lfi.worker.test.d.ts +2 -0
- package/dist/src/workers/attack/__tests__/lfi.worker.test.d.ts.map +1 -0
- package/dist/src/workers/attack/__tests__/lfi.worker.test.js +65 -0
- package/dist/src/workers/attack/__tests__/lfi.worker.test.js.map +1 -0
- package/dist/src/workers/attack/__tests__/openRedirect.worker.test.d.ts +2 -0
- package/dist/src/workers/attack/__tests__/openRedirect.worker.test.d.ts.map +1 -0
- package/dist/src/workers/attack/__tests__/openRedirect.worker.test.js +42 -0
- package/dist/src/workers/attack/__tests__/openRedirect.worker.test.js.map +1 -0
- package/dist/src/workers/attack/__tests__/rfi.worker.test.d.ts +2 -0
- package/dist/src/workers/attack/__tests__/rfi.worker.test.d.ts.map +1 -0
- package/dist/src/workers/attack/__tests__/rfi.worker.test.js +75 -0
- package/dist/src/workers/attack/__tests__/rfi.worker.test.js.map +1 -0
- package/dist/src/workers/attack/__tests__/sqliBoolean.worker.test.d.ts +2 -0
- package/dist/src/workers/attack/__tests__/sqliBoolean.worker.test.d.ts.map +1 -0
- package/dist/src/workers/attack/__tests__/sqliBoolean.worker.test.js +51 -0
- package/dist/src/workers/attack/__tests__/sqliBoolean.worker.test.js.map +1 -0
- package/dist/src/workers/attack/__tests__/sqliError.worker.test.d.ts +2 -0
- package/dist/src/workers/attack/__tests__/sqliError.worker.test.d.ts.map +1 -0
- package/dist/src/workers/attack/__tests__/sqliError.worker.test.js +60 -0
- package/dist/src/workers/attack/__tests__/sqliError.worker.test.js.map +1 -0
- package/dist/src/workers/attack/__tests__/sqliStacked.worker.test.d.ts +2 -0
- package/dist/src/workers/attack/__tests__/sqliStacked.worker.test.d.ts.map +1 -0
- package/dist/src/workers/attack/__tests__/sqliStacked.worker.test.js +42 -0
- package/dist/src/workers/attack/__tests__/sqliStacked.worker.test.js.map +1 -0
- package/dist/src/workers/attack/__tests__/sqliTime.worker.test.d.ts +2 -0
- package/dist/src/workers/attack/__tests__/sqliTime.worker.test.d.ts.map +1 -0
- package/dist/src/workers/attack/__tests__/sqliTime.worker.test.js +43 -0
- package/dist/src/workers/attack/__tests__/sqliTime.worker.test.js.map +1 -0
- package/dist/src/workers/attack/__tests__/sqliUnion.worker.test.d.ts +2 -0
- package/dist/src/workers/attack/__tests__/sqliUnion.worker.test.d.ts.map +1 -0
- package/dist/src/workers/attack/__tests__/sqliUnion.worker.test.js +51 -0
- package/dist/src/workers/attack/__tests__/sqliUnion.worker.test.js.map +1 -0
- package/dist/src/workers/attack/__tests__/xssReflected.worker.test.d.ts +2 -0
- package/dist/src/workers/attack/__tests__/xssReflected.worker.test.d.ts.map +1 -0
- package/dist/src/workers/attack/__tests__/xssReflected.worker.test.js +42 -0
- package/dist/src/workers/attack/__tests__/xssReflected.worker.test.js.map +1 -0
- package/dist/src/workers/attack/__tests__/xssStored.worker.test.d.ts +2 -0
- package/dist/src/workers/attack/__tests__/xssStored.worker.test.d.ts.map +1 -0
- package/dist/src/workers/attack/__tests__/xssStored.worker.test.js +33 -0
- package/dist/src/workers/attack/__tests__/xssStored.worker.test.js.map +1 -0
- package/dist/src/workers/attack/headers.worker.d.ts +5 -0
- package/dist/src/workers/attack/headers.worker.d.ts.map +1 -0
- package/dist/src/workers/attack/headers.worker.js +38 -0
- package/dist/src/workers/attack/headers.worker.js.map +1 -0
- package/dist/src/workers/attack/lfi.worker.d.ts +4 -0
- package/dist/src/workers/attack/lfi.worker.d.ts.map +1 -0
- package/dist/src/workers/attack/lfi.worker.js +68 -0
- package/dist/src/workers/attack/lfi.worker.js.map +1 -0
- package/dist/src/workers/attack/openRedirect.worker.d.ts +4 -0
- package/dist/src/workers/attack/openRedirect.worker.d.ts.map +1 -0
- package/dist/src/workers/attack/openRedirect.worker.js +50 -0
- package/dist/src/workers/attack/openRedirect.worker.js.map +1 -0
- package/dist/src/workers/attack/rfi.worker.d.ts +4 -0
- package/dist/src/workers/attack/rfi.worker.d.ts.map +1 -0
- package/dist/src/workers/attack/rfi.worker.js +66 -0
- package/dist/src/workers/attack/rfi.worker.js.map +1 -0
- package/dist/src/workers/attack/sqliBoolean.worker.d.ts +4 -0
- package/dist/src/workers/attack/sqliBoolean.worker.d.ts.map +1 -0
- package/dist/src/workers/attack/sqliBoolean.worker.js +54 -0
- package/dist/src/workers/attack/sqliBoolean.worker.js.map +1 -0
- package/dist/src/workers/attack/sqliError.worker.d.ts +4 -0
- package/dist/src/workers/attack/sqliError.worker.d.ts.map +1 -0
- package/dist/src/workers/attack/sqliError.worker.js +44 -0
- package/dist/src/workers/attack/sqliError.worker.js.map +1 -0
- package/dist/src/workers/attack/sqliStacked.worker.d.ts +4 -0
- package/dist/src/workers/attack/sqliStacked.worker.d.ts.map +1 -0
- package/dist/src/workers/attack/sqliStacked.worker.js +57 -0
- package/dist/src/workers/attack/sqliStacked.worker.js.map +1 -0
- package/dist/src/workers/attack/sqliTime.worker.d.ts +4 -0
- package/dist/src/workers/attack/sqliTime.worker.d.ts.map +1 -0
- package/dist/src/workers/attack/sqliTime.worker.js +31 -0
- package/dist/src/workers/attack/sqliTime.worker.js.map +1 -0
- package/dist/src/workers/attack/sqliUnion.worker.d.ts +4 -0
- package/dist/src/workers/attack/sqliUnion.worker.d.ts.map +1 -0
- package/dist/src/workers/attack/sqliUnion.worker.js +48 -0
- package/dist/src/workers/attack/sqliUnion.worker.js.map +1 -0
- package/dist/src/workers/attack/xssReflected.worker.d.ts +4 -0
- package/dist/src/workers/attack/xssReflected.worker.d.ts.map +1 -0
- package/dist/src/workers/attack/xssReflected.worker.js +52 -0
- package/dist/src/workers/attack/xssReflected.worker.js.map +1 -0
- package/dist/src/workers/attack/xssStored.worker.d.ts +4 -0
- package/dist/src/workers/attack/xssStored.worker.d.ts.map +1 -0
- package/dist/src/workers/attack/xssStored.worker.js +49 -0
- package/dist/src/workers/attack/xssStored.worker.js.map +1 -0
- package/dist/src/workers/crawl/crawlApi.worker.d.ts +1 -0
- package/dist/src/workers/crawl/crawlApi.worker.d.ts.map +1 -0
- package/dist/src/workers/crawl/crawlApi.worker.js +2 -0
- package/dist/src/workers/crawl/crawlApi.worker.js.map +1 -0
- package/dist/src/workers/crawl/crawlAssets.worker.d.ts +1 -0
- package/dist/src/workers/crawl/crawlAssets.worker.d.ts.map +1 -0
- package/dist/src/workers/crawl/crawlAssets.worker.js +2 -0
- package/dist/src/workers/crawl/crawlAssets.worker.js.map +1 -0
- package/dist/src/workers/crawl/crawlForm.worker.d.ts +1 -0
- package/dist/src/workers/crawl/crawlForm.worker.d.ts.map +1 -0
- package/dist/src/workers/crawl/crawlForm.worker.js +2 -0
- package/dist/src/workers/crawl/crawlForm.worker.js.map +1 -0
- package/dist/src/workers/crawl/crawlPage.worker.d.ts +1 -0
- package/dist/src/workers/crawl/crawlPage.worker.d.ts.map +1 -0
- package/dist/src/workers/crawl/crawlPage.worker.js +2 -0
- package/dist/src/workers/crawl/crawlPage.worker.js.map +1 -0
- package/dist/src/workers/normalize/normalizeAttack.worker.d.ts +1 -0
- package/dist/src/workers/normalize/normalizeAttack.worker.d.ts.map +1 -0
- package/dist/src/workers/normalize/normalizeAttack.worker.js +2 -0
- package/dist/src/workers/normalize/normalizeAttack.worker.js.map +1 -0
- package/dist/src/workers/normalize/normalizeContext.worker.d.ts +1 -0
- package/dist/src/workers/normalize/normalizeContext.worker.d.ts.map +1 -0
- package/dist/src/workers/normalize/normalizeContext.worker.js +2 -0
- package/dist/src/workers/normalize/normalizeContext.worker.js.map +1 -0
- package/package.json +33 -0
|
@@ -0,0 +1,22 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./core"), exports);
|
|
18
|
+
__exportStar(require("./attack"), exports);
|
|
19
|
+
__exportStar(require("./analyze"), exports);
|
|
20
|
+
__exportStar(require("./crawls"), exports);
|
|
21
|
+
__exportStar(require("./normalize"), exports);
|
|
22
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../src/types/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,yCAAuB;AACvB,2CAAyB;AACzB,4CAA0B;AAC1B,2CAAyB;AACzB,8CAA4B"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"NormalizeAssetsPayload.d.ts","sourceRoot":"","sources":["../../../../src/types/normalize/NormalizeAssetsPayload.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,sBAAsB;IACrC,SAAS,EAAE,OAAO,EAAE,CAAC;IACrB,OAAO,CAAC,EAAE,MAAM,CAAC,MAAM,EAAE,GAAG,CAAC,CAAC;CAC/B"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"NormalizeAssetsPayload.js","sourceRoot":"","sources":["../../../../src/types/normalize/NormalizeAssetsPayload.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"NormalizeAttackPayload.d.ts","sourceRoot":"","sources":["../../../../src/types/normalize/NormalizeAttackPayload.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,sBAAsB;IACrC,OAAO,EAAE,OAAO,CAAC;IACjB,WAAW,EAAE,OAAO,EAAE,CAAC;CACxB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"NormalizeAttackPayload.js","sourceRoot":"","sources":["../../../../src/types/normalize/NormalizeAttackPayload.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"NormalizeContextPayload.d.ts","sourceRoot":"","sources":["../../../../src/types/normalize/NormalizeContextPayload.ts"],"names":[],"mappings":"AAAA,MAAM,WAAW,uBAAuB;IACtC,OAAO,EAAE,OAAO,CAAC;CAClB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"NormalizeContextPayload.js","sourceRoot":"","sources":["../../../../src/types/normalize/NormalizeContextPayload.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.d.ts","sourceRoot":"","sources":["../../../../src/types/normalize/index.ts"],"names":[],"mappings":"AAAA,cAAc,0BAA0B,CAAC;AACzC,cAAc,0BAA0B,CAAC;AACzC,cAAc,2BAA2B,CAAC"}
|
|
@@ -0,0 +1,20 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
|
|
3
|
+
if (k2 === undefined) k2 = k;
|
|
4
|
+
var desc = Object.getOwnPropertyDescriptor(m, k);
|
|
5
|
+
if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
|
|
6
|
+
desc = { enumerable: true, get: function() { return m[k]; } };
|
|
7
|
+
}
|
|
8
|
+
Object.defineProperty(o, k2, desc);
|
|
9
|
+
}) : (function(o, m, k, k2) {
|
|
10
|
+
if (k2 === undefined) k2 = k;
|
|
11
|
+
o[k2] = m[k];
|
|
12
|
+
}));
|
|
13
|
+
var __exportStar = (this && this.__exportStar) || function(m, exports) {
|
|
14
|
+
for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
|
|
15
|
+
};
|
|
16
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
17
|
+
__exportStar(require("./NormalizeAssetsPayload"), exports);
|
|
18
|
+
__exportStar(require("./NormalizeAttackPayload"), exports);
|
|
19
|
+
__exportStar(require("./NormalizeContextPayload"), exports);
|
|
20
|
+
//# sourceMappingURL=index.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../src/types/normalize/index.ts"],"names":[],"mappings":";;;;;;;;;;;;;;;;AAAA,2DAAyC;AACzC,2DAAyC;AACzC,4DAA0C"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
//# sourceMappingURL=domAnalyze.worker.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"domAnalyze.worker.d.ts","sourceRoot":"","sources":["../../../../src/workers/analyze/domAnalyze.worker.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"domAnalyze.worker.js","sourceRoot":"","sources":["../../../../src/workers/analyze/domAnalyze.worker.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
//# sourceMappingURL=httpAnalyze.worker.d.ts.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"httpAnalyze.worker.d.ts","sourceRoot":"","sources":["../../../../src/workers/analyze/httpAnalyze.worker.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"httpAnalyze.worker.js","sourceRoot":"","sources":["../../../../src/workers/analyze/httpAnalyze.worker.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"headers.worker.test.d.ts","sourceRoot":"","sources":["../../../../../src/workers/attack/__tests__/headers.worker.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,68 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const headers_worker_1 = require("../headers.worker");
|
|
4
|
+
describe("headers.worker", () => {
|
|
5
|
+
it("détecte l'absence de Content-Security-Policy", async () => {
|
|
6
|
+
const payload = {
|
|
7
|
+
url: "https://example.com",
|
|
8
|
+
method: "GET",
|
|
9
|
+
headers: {
|
|
10
|
+
"x-powered-by": "Express",
|
|
11
|
+
server: "nginx",
|
|
12
|
+
},
|
|
13
|
+
body: {},
|
|
14
|
+
query: {},
|
|
15
|
+
};
|
|
16
|
+
const result = await (0, headers_worker_1.worker)(payload);
|
|
17
|
+
const finding = result.findings?.find((f) => f.message.includes("Content-Security-Policy"));
|
|
18
|
+
expect(finding).toBeDefined();
|
|
19
|
+
expect(finding?.severity).toBe("medium");
|
|
20
|
+
});
|
|
21
|
+
it("détecte la présence de X-Powered-By", async () => {
|
|
22
|
+
const payload = {
|
|
23
|
+
url: "https://example.com",
|
|
24
|
+
method: "GET",
|
|
25
|
+
headers: {
|
|
26
|
+
"x-powered-by": "PHP/8.1",
|
|
27
|
+
},
|
|
28
|
+
body: {},
|
|
29
|
+
query: {},
|
|
30
|
+
};
|
|
31
|
+
const result = await (0, headers_worker_1.worker)(payload);
|
|
32
|
+
const finding = result.findings?.find((f) => f.message.includes("X-Powered-By"));
|
|
33
|
+
expect(finding).toBeDefined();
|
|
34
|
+
expect(finding?.severity).toBe("low");
|
|
35
|
+
});
|
|
36
|
+
it("détecte la présence du header Server", async () => {
|
|
37
|
+
const payload = {
|
|
38
|
+
url: "https://example.com",
|
|
39
|
+
method: "GET",
|
|
40
|
+
headers: {
|
|
41
|
+
server: "Apache",
|
|
42
|
+
},
|
|
43
|
+
body: {},
|
|
44
|
+
query: {},
|
|
45
|
+
};
|
|
46
|
+
const result = await (0, headers_worker_1.worker)(payload);
|
|
47
|
+
const finding = result.findings?.find((f) => f.message.includes("Server header exposed"));
|
|
48
|
+
expect(finding).toBeDefined();
|
|
49
|
+
expect(finding?.severity).toBe("low");
|
|
50
|
+
});
|
|
51
|
+
it("retourne la liste des headers analysés", async () => {
|
|
52
|
+
const payload = {
|
|
53
|
+
url: "https://example.com",
|
|
54
|
+
method: "GET",
|
|
55
|
+
headers: {
|
|
56
|
+
server: "nginx",
|
|
57
|
+
"x-powered-by": "Express",
|
|
58
|
+
},
|
|
59
|
+
body: {},
|
|
60
|
+
query: {},
|
|
61
|
+
};
|
|
62
|
+
const result = await (0, headers_worker_1.worker)(payload);
|
|
63
|
+
expect(result.output).toBeDefined();
|
|
64
|
+
expect(result.output.analyzedHeaders).toContain("server");
|
|
65
|
+
expect(result.output.analyzedHeaders).toContain("x-powered-by");
|
|
66
|
+
});
|
|
67
|
+
});
|
|
68
|
+
//# sourceMappingURL=headers.worker.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"headers.worker.test.js","sourceRoot":"","sources":["../../../../../src/workers/attack/__tests__/headers.worker.test.ts"],"names":[],"mappings":";;AAAA,sDAA2C;AAQ3C,QAAQ,CAAC,gBAAgB,EAAE,GAAG,EAAE;IAC9B,EAAE,CAAC,8CAA8C,EAAE,KAAK,IAAI,EAAE;QAC5D,MAAM,OAAO,GAA2B;YACtC,GAAG,EAAE,qBAAqB;YAC1B,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,cAAc,EAAE,SAAS;gBACzB,MAAM,EAAE,OAAO;aAChB;YACD,IAAI,EAAE,EAAE;YACR,KAAK,EAAE,EAAE;SACV,CAAC;QAEF,MAAM,MAAM,GAAiB,MAAM,IAAA,uBAAM,EAAC,OAAO,CAAC,CAAC;QAEnD,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC1C,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,yBAAyB,CAAC,CAC9C,CAAC;QAEF,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;QAC9B,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,QAAQ,CAAC,CAAC;IAC3C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;QACnD,MAAM,OAAO,GAA2B;YACtC,GAAG,EAAE,qBAAqB;YAC1B,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,cAAc,EAAE,SAAS;aAC1B;YACD,IAAI,EAAE,EAAE;YACR,KAAK,EAAE,EAAE;SACV,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,uBAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC1C,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,cAAc,CAAC,CACnC,CAAC;QAEF,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;QAC9B,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;QACpD,MAAM,OAAO,GAA2B;YACtC,GAAG,EAAE,qBAAqB;YAC1B,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,MAAM,EAAE,QAAQ;aACjB;YACD,IAAI,EAAE,EAAE;YACR,KAAK,EAAE,EAAE;SACV,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,uBAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,OAAO,GAAG,MAAM,CAAC,QAAQ,EAAE,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAC1C,CAAC,CAAC,OAAO,CAAC,QAAQ,CAAC,uBAAuB,CAAC,CAC5C,CAAC;QAEF,MAAM,CAAC,OAAO,CAAC,CAAC,WAAW,EAAE,CAAC;QAC9B,MAAM,CAAC,OAAO,EAAE,QAAQ,CAAC,CAAC,IAAI,CAAC,KAAK,CAAC,CAAC;IACxC,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;QACtD,MAAM,OAAO,GAA2B;YACtC,GAAG,EAAE,qBAAqB;YAC1B,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,MAAM,EAAE,OAAO;gBACf,cAAc,EAAE,SAAS;aAC1B;YACD,IAAI,EAAE,EAAE;YACR,KAAK,EAAE,EAAE;SACV,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,uBAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,CAAC,MAAM,CAAC,MAAM,CAAC,CAAC,WAAW,EAAE,CAAC;QACpC,MAAM,CAAE,MAAM,CAAC,MAAc,CAAC,eAAe,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;QACnE,MAAM,CAAE,MAAM,CAAC,MAAc,CAAC,eAAe,CAAC,CAAC,SAAS,CAAC,cAAc,CAAC,CAAC;IAC3E,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"lfi.worker.test.d.ts","sourceRoot":"","sources":["../../../../../src/workers/attack/__tests__/lfi.worker.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,65 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const lfi_worker_1 = require("../lfi.worker");
|
|
4
|
+
const core_1 = require("@/types/core");
|
|
5
|
+
describe("lfi.worker", () => {
|
|
6
|
+
it("détecte un LFI dans les query params", async () => {
|
|
7
|
+
const payload = {
|
|
8
|
+
url: "https://example.com",
|
|
9
|
+
method: "GET",
|
|
10
|
+
headers: {},
|
|
11
|
+
body: {},
|
|
12
|
+
query: { file: "../../etc/passwd" },
|
|
13
|
+
response: null,
|
|
14
|
+
};
|
|
15
|
+
const result = await (0, lfi_worker_1.worker)(payload);
|
|
16
|
+
expect(result.findings).toBeDefined();
|
|
17
|
+
expect(result.findings.length).toBe(1);
|
|
18
|
+
expect(result.findings[0].taskType).toBe(core_1.TaskType.ATTACK_LFI);
|
|
19
|
+
expect(result.findings[0].message).toContain("query parameter");
|
|
20
|
+
});
|
|
21
|
+
it("détecte un LFI dans le body", async () => {
|
|
22
|
+
const payload = {
|
|
23
|
+
url: "https://example.com",
|
|
24
|
+
method: "POST",
|
|
25
|
+
headers: {},
|
|
26
|
+
body: { path: "../windows/win.ini" },
|
|
27
|
+
query: {},
|
|
28
|
+
response: null,
|
|
29
|
+
};
|
|
30
|
+
const result = await (0, lfi_worker_1.worker)(payload);
|
|
31
|
+
expect(result.findings).toBeDefined();
|
|
32
|
+
expect(result.findings.length).toBe(1);
|
|
33
|
+
expect(result.findings[0].message).toContain("body field");
|
|
34
|
+
});
|
|
35
|
+
it("détecte un LFI dans les headers", async () => {
|
|
36
|
+
const payload = {
|
|
37
|
+
url: "https://example.com",
|
|
38
|
+
method: "GET",
|
|
39
|
+
headers: {
|
|
40
|
+
"x-custom-path": "php://filter/convert.base64-encode/resource=index.php",
|
|
41
|
+
},
|
|
42
|
+
body: {},
|
|
43
|
+
query: {},
|
|
44
|
+
response: null,
|
|
45
|
+
};
|
|
46
|
+
const result = await (0, lfi_worker_1.worker)(payload);
|
|
47
|
+
expect(result.findings).toBeDefined();
|
|
48
|
+
expect(result.findings.length).toBe(1);
|
|
49
|
+
expect(result.findings[0].message).toContain("header");
|
|
50
|
+
});
|
|
51
|
+
it("ne détecte rien si aucune valeur n'est suspecte", async () => {
|
|
52
|
+
const payload = {
|
|
53
|
+
url: "https://example.com",
|
|
54
|
+
method: "GET",
|
|
55
|
+
headers: { "x-header": "hello" },
|
|
56
|
+
body: { name: "test" },
|
|
57
|
+
query: { id: "123" },
|
|
58
|
+
response: null,
|
|
59
|
+
};
|
|
60
|
+
const result = await (0, lfi_worker_1.worker)(payload);
|
|
61
|
+
expect(result.findings).toBeDefined();
|
|
62
|
+
expect(result.findings.length).toBe(0);
|
|
63
|
+
});
|
|
64
|
+
});
|
|
65
|
+
//# sourceMappingURL=lfi.worker.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"lfi.worker.test.js","sourceRoot":"","sources":["../../../../../src/workers/attack/__tests__/lfi.worker.test.ts"],"names":[],"mappings":";;AAAA,8CAAuC;AAEvC,uCAAsD;AAEtD,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;IAC1B,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;QACpD,MAAM,OAAO,GAAmB;YAC9B,GAAG,EAAE,qBAAqB;YAC1B,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE;YACX,IAAI,EAAE,EAAE;YACR,KAAK,EAAE,EAAE,IAAI,EAAE,kBAAkB,EAAE;YACnC,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAiB,MAAM,IAAA,mBAAM,EAAC,OAAO,CAAC,CAAC;QAEnD,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,eAAQ,CAAC,UAAU,CAAC,CAAC;QAC/D,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;QAC3C,MAAM,OAAO,GAAmB;YAC9B,GAAG,EAAE,qBAAqB;YAC1B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE;YACX,IAAI,EAAE,EAAE,IAAI,EAAE,oBAAoB,EAAE;YACpC,KAAK,EAAE,EAAE;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,mBAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;QAC/C,MAAM,OAAO,GAAmB;YAC9B,GAAG,EAAE,qBAAqB;YAC1B,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,eAAe,EACb,uDAAuD;aAC1D;YACD,IAAI,EAAE,EAAE;YACR,KAAK,EAAE,EAAE;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,mBAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/D,MAAM,OAAO,GAAmB;YAC9B,GAAG,EAAE,qBAAqB;YAC1B,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE,UAAU,EAAE,OAAO,EAAE;YAChC,IAAI,EAAE,EAAE,IAAI,EAAE,MAAM,EAAE;YACtB,KAAK,EAAE,EAAE,EAAE,EAAE,KAAK,EAAE;YACpB,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,mBAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"openRedirect.worker.test.d.ts","sourceRoot":"","sources":["../../../../../src/workers/attack/__tests__/openRedirect.worker.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const openRedirect_worker_1 = require("../openRedirect.worker");
|
|
4
|
+
const core_1 = require("@/types/core");
|
|
5
|
+
describe("openRedirect.worker", () => {
|
|
6
|
+
const base = {
|
|
7
|
+
url: "https://example.com",
|
|
8
|
+
method: "GET",
|
|
9
|
+
headers: {},
|
|
10
|
+
body: {},
|
|
11
|
+
query: {},
|
|
12
|
+
};
|
|
13
|
+
it("détecte un redirect=http://evil.com", async () => {
|
|
14
|
+
const payload = {
|
|
15
|
+
...base,
|
|
16
|
+
query: { redirect: "http://evil.com" },
|
|
17
|
+
response: null,
|
|
18
|
+
};
|
|
19
|
+
const result = await (0, openRedirect_worker_1.worker)(payload);
|
|
20
|
+
expect(result.findings.length).toBe(1);
|
|
21
|
+
expect(result.findings[0].taskType).toBe(core_1.TaskType.ATTACK_OPEN_REDIRECT);
|
|
22
|
+
});
|
|
23
|
+
it("détecte un redirect encodé", async () => {
|
|
24
|
+
const payload = {
|
|
25
|
+
...base,
|
|
26
|
+
query: { redirect: "%2f%2fevil.com" },
|
|
27
|
+
response: null,
|
|
28
|
+
};
|
|
29
|
+
const result = await (0, openRedirect_worker_1.worker)(payload);
|
|
30
|
+
expect(result.findings.length).toBe(1);
|
|
31
|
+
});
|
|
32
|
+
it("ne détecte rien sur un redirect interne", async () => {
|
|
33
|
+
const payload = {
|
|
34
|
+
...base,
|
|
35
|
+
query: { redirect: "/dashboard" },
|
|
36
|
+
response: null,
|
|
37
|
+
};
|
|
38
|
+
const result = await (0, openRedirect_worker_1.worker)(payload);
|
|
39
|
+
expect(result.findings.length).toBe(0);
|
|
40
|
+
});
|
|
41
|
+
});
|
|
42
|
+
//# sourceMappingURL=openRedirect.worker.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"openRedirect.worker.test.js","sourceRoot":"","sources":["../../../../../src/workers/attack/__tests__/openRedirect.worker.test.ts"],"names":[],"mappings":";;AAAA,gEAAgD;AAEhD,uCAAwC;AAExC,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;IACnC,MAAM,IAAI,GAAqC;QAC7C,GAAG,EAAE,qBAAqB;QAC1B,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,EAAE;QACX,IAAI,EAAE,EAAE;QACR,KAAK,EAAE,EAAE;KACV,CAAC;IAEF,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;QACnD,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,KAAK,EAAE,EAAE,QAAQ,EAAE,iBAAiB,EAAE;YACtC,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,4BAAM,EAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,eAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4BAA4B,EAAE,KAAK,IAAI,EAAE;QAC1C,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,KAAK,EAAE,EAAE,QAAQ,EAAE,gBAAgB,EAAE;YACrC,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,4BAAM,EAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;QACvD,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,KAAK,EAAE,EAAE,QAAQ,EAAE,YAAY,EAAE;YACjC,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,4BAAM,EAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rfi.worker.test.d.ts","sourceRoot":"","sources":["../../../../../src/workers/attack/__tests__/rfi.worker.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,75 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const rfi_worker_1 = require("../rfi.worker");
|
|
4
|
+
const core_1 = require("@/types/core");
|
|
5
|
+
describe("rfi.worker", () => {
|
|
6
|
+
it("détecte un RFI dans les query params", async () => {
|
|
7
|
+
const payload = {
|
|
8
|
+
url: "https://example.com",
|
|
9
|
+
method: "GET",
|
|
10
|
+
headers: {},
|
|
11
|
+
body: {},
|
|
12
|
+
query: {
|
|
13
|
+
include: "http://evil.com/shell.txt",
|
|
14
|
+
},
|
|
15
|
+
response: null,
|
|
16
|
+
};
|
|
17
|
+
const result = await (0, rfi_worker_1.worker)(payload);
|
|
18
|
+
expect(result.findings).toBeDefined();
|
|
19
|
+
expect(result.findings.length).toBe(1);
|
|
20
|
+
expect(result.findings[0].taskType).toBe(core_1.TaskType.ATTACK_RFI);
|
|
21
|
+
expect(result.findings[0].message).toContain("query parameter");
|
|
22
|
+
});
|
|
23
|
+
it("détecte un RFI dans le body", async () => {
|
|
24
|
+
const payload = {
|
|
25
|
+
url: "https://example.com",
|
|
26
|
+
method: "POST",
|
|
27
|
+
headers: {},
|
|
28
|
+
body: {
|
|
29
|
+
template: "https://attacker.net/backdoor.php",
|
|
30
|
+
},
|
|
31
|
+
query: {},
|
|
32
|
+
response: null,
|
|
33
|
+
};
|
|
34
|
+
const result = await (0, rfi_worker_1.worker)(payload);
|
|
35
|
+
expect(result.findings).toBeDefined();
|
|
36
|
+
expect(result.findings.length).toBe(1);
|
|
37
|
+
expect(result.findings[0].message).toContain("body field");
|
|
38
|
+
});
|
|
39
|
+
it("détecte un RFI dans les headers", async () => {
|
|
40
|
+
const payload = {
|
|
41
|
+
url: "https://example.com",
|
|
42
|
+
method: "GET",
|
|
43
|
+
headers: {
|
|
44
|
+
"x-forwarded-host": "ftp://malicious.site/payload",
|
|
45
|
+
},
|
|
46
|
+
body: {},
|
|
47
|
+
query: {},
|
|
48
|
+
response: null,
|
|
49
|
+
};
|
|
50
|
+
const result = await (0, rfi_worker_1.worker)(payload);
|
|
51
|
+
expect(result.findings).toBeDefined();
|
|
52
|
+
expect(result.findings.length).toBe(1);
|
|
53
|
+
expect(result.findings[0].message).toContain("header");
|
|
54
|
+
});
|
|
55
|
+
it("ne détecte rien si aucune valeur n'est suspecte", async () => {
|
|
56
|
+
const payload = {
|
|
57
|
+
url: "https://example.com",
|
|
58
|
+
method: "GET",
|
|
59
|
+
headers: {
|
|
60
|
+
"x-header": "hello",
|
|
61
|
+
},
|
|
62
|
+
body: {
|
|
63
|
+
name: "test",
|
|
64
|
+
},
|
|
65
|
+
query: {
|
|
66
|
+
id: "123",
|
|
67
|
+
},
|
|
68
|
+
response: null,
|
|
69
|
+
};
|
|
70
|
+
const result = await (0, rfi_worker_1.worker)(payload);
|
|
71
|
+
expect(result.findings).toBeDefined();
|
|
72
|
+
expect(result.findings.length).toBe(0);
|
|
73
|
+
});
|
|
74
|
+
});
|
|
75
|
+
//# sourceMappingURL=rfi.worker.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"rfi.worker.test.js","sourceRoot":"","sources":["../../../../../src/workers/attack/__tests__/rfi.worker.test.ts"],"names":[],"mappings":";;AAAA,8CAAuC;AAEvC,uCAAsD;AAEtD,QAAQ,CAAC,YAAY,EAAE,GAAG,EAAE;IAC1B,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;QACpD,MAAM,OAAO,GAAmB;YAC9B,GAAG,EAAE,qBAAqB;YAC1B,MAAM,EAAE,KAAK;YACb,OAAO,EAAE,EAAE;YACX,IAAI,EAAE,EAAE;YACR,KAAK,EAAE;gBACL,OAAO,EAAE,2BAA2B;aACrC;YACD,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAiB,MAAM,IAAA,mBAAM,EAAC,OAAO,CAAC,CAAC;QAEnD,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,eAAQ,CAAC,UAAU,CAAC,CAAC;QAC/D,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,iBAAiB,CAAC,CAAC;IACnE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,6BAA6B,EAAE,KAAK,IAAI,EAAE;QAC3C,MAAM,OAAO,GAAmB;YAC9B,GAAG,EAAE,qBAAqB;YAC1B,MAAM,EAAE,MAAM;YACd,OAAO,EAAE,EAAE;YACX,IAAI,EAAE;gBACJ,QAAQ,EAAE,mCAAmC;aAC9C;YACD,KAAK,EAAE,EAAE;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,mBAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,YAAY,CAAC,CAAC;IAC9D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iCAAiC,EAAE,KAAK,IAAI,EAAE;QAC/C,MAAM,OAAO,GAAmB;YAC9B,GAAG,EAAE,qBAAqB;YAC1B,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,kBAAkB,EAAE,8BAA8B;aACnD;YACD,IAAI,EAAE,EAAE;YACR,KAAK,EAAE,EAAE;YACT,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,mBAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC,SAAS,CAAC,QAAQ,CAAC,CAAC;IAC1D,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/D,MAAM,OAAO,GAAmB;YAC9B,GAAG,EAAE,qBAAqB;YAC1B,MAAM,EAAE,KAAK;YACb,OAAO,EAAE;gBACP,UAAU,EAAE,OAAO;aACpB;YACD,IAAI,EAAE;gBACJ,IAAI,EAAE,MAAM;aACb;YACD,KAAK,EAAE;gBACL,EAAE,EAAE,KAAK;aACV;YACD,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,mBAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,CAAC,MAAM,CAAC,QAAQ,CAAC,CAAC,WAAW,EAAE,CAAC;QACtC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sqliBoolean.worker.test.d.ts","sourceRoot":"","sources":["../../../../../src/workers/attack/__tests__/sqliBoolean.worker.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,51 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const sqliBoolean_worker_1 = require("../sqliBoolean.worker");
|
|
4
|
+
const core_1 = require("@/types/core");
|
|
5
|
+
describe("sqliBoolean.worker", () => {
|
|
6
|
+
const base = {
|
|
7
|
+
url: "https://example.com",
|
|
8
|
+
method: "GET",
|
|
9
|
+
headers: {},
|
|
10
|
+
body: {},
|
|
11
|
+
query: {},
|
|
12
|
+
};
|
|
13
|
+
it("détecte un payload classique ' OR '1'='1", async () => {
|
|
14
|
+
const payload = {
|
|
15
|
+
...base,
|
|
16
|
+
query: { q: "' OR '1'='1" },
|
|
17
|
+
response: null,
|
|
18
|
+
};
|
|
19
|
+
const result = await (0, sqliBoolean_worker_1.worker)(payload);
|
|
20
|
+
expect(result.findings.length).toBe(1);
|
|
21
|
+
expect(result.findings[0].taskType).toBe(core_1.TaskType.ATTACK_SQLI_BOOLEAN);
|
|
22
|
+
});
|
|
23
|
+
it("détecte un payload OR 1=1", async () => {
|
|
24
|
+
const payload = {
|
|
25
|
+
...base,
|
|
26
|
+
query: { q: "test' or 1=1--" },
|
|
27
|
+
response: null,
|
|
28
|
+
};
|
|
29
|
+
const result = await (0, sqliBoolean_worker_1.worker)(payload);
|
|
30
|
+
expect(result.findings.length).toBe(1);
|
|
31
|
+
});
|
|
32
|
+
it("détecte un payload encodé", async () => {
|
|
33
|
+
const payload = {
|
|
34
|
+
...base,
|
|
35
|
+
query: { q: "%27%20OR%20%271%27%3D%271" },
|
|
36
|
+
response: null,
|
|
37
|
+
};
|
|
38
|
+
const result = await (0, sqliBoolean_worker_1.worker)(payload);
|
|
39
|
+
expect(result.findings.length).toBe(1);
|
|
40
|
+
});
|
|
41
|
+
it("ne détecte rien sur une requête légitime", async () => {
|
|
42
|
+
const payload = {
|
|
43
|
+
...base,
|
|
44
|
+
query: { q: "hello world" },
|
|
45
|
+
response: null,
|
|
46
|
+
};
|
|
47
|
+
const result = await (0, sqliBoolean_worker_1.worker)(payload);
|
|
48
|
+
expect(result.findings.length).toBe(0);
|
|
49
|
+
});
|
|
50
|
+
});
|
|
51
|
+
//# sourceMappingURL=sqliBoolean.worker.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sqliBoolean.worker.test.js","sourceRoot":"","sources":["../../../../../src/workers/attack/__tests__/sqliBoolean.worker.test.ts"],"names":[],"mappings":";;AAAA,8DAA+C;AAE/C,uCAAwC;AAExC,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,MAAM,IAAI,GAAqC;QAC7C,GAAG,EAAE,qBAAqB;QAC1B,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,EAAE;QACX,IAAI,EAAE,EAAE;QACR,KAAK,EAAE,EAAE;KACV,CAAC;IAEF,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;QACxD,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,KAAK,EAAE,EAAE,CAAC,EAAE,aAAa,EAAE;YAC3B,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,2BAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,eAAQ,CAAC,mBAAmB,CAAC,CAAC;IAC1E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2BAA2B,EAAE,KAAK,IAAI,EAAE;QACzC,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,KAAK,EAAE,EAAE,CAAC,EAAE,gBAAgB,EAAE;YAC9B,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,2BAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,2BAA2B,EAAE,KAAK,IAAI,EAAE;QACzC,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,KAAK,EAAE,EAAE,CAAC,EAAE,2BAA2B,EAAE;YACzC,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,2BAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;QACxD,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,KAAK,EAAE,EAAE,CAAC,EAAE,aAAa,EAAE;YAC3B,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,2BAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sqliError.worker.test.d.ts","sourceRoot":"","sources":["../../../../../src/workers/attack/__tests__/sqliError.worker.test.ts"],"names":[],"mappings":""}
|
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
const sqliError_worker_1 = require("../sqliError.worker");
|
|
4
|
+
const core_1 = require("@/types/core");
|
|
5
|
+
describe("sqliError.worker", () => {
|
|
6
|
+
const base = {
|
|
7
|
+
url: "https://example.com",
|
|
8
|
+
method: "GET",
|
|
9
|
+
headers: {},
|
|
10
|
+
body: {},
|
|
11
|
+
query: {},
|
|
12
|
+
};
|
|
13
|
+
it("détecte une erreur SQL classique", async () => {
|
|
14
|
+
const payload = {
|
|
15
|
+
...base,
|
|
16
|
+
response: {
|
|
17
|
+
status: 500,
|
|
18
|
+
headers: {},
|
|
19
|
+
body: "You have an error in your SQL syntax near 'FROM'",
|
|
20
|
+
},
|
|
21
|
+
};
|
|
22
|
+
const result = await (0, sqliError_worker_1.worker)(payload);
|
|
23
|
+
expect(result.findings.length).toBe(1);
|
|
24
|
+
expect(result.findings[0].taskType).toBe(core_1.TaskType.ATTACK_SQLI_ERROR);
|
|
25
|
+
});
|
|
26
|
+
it("détecte une erreur PostgreSQL (pg::SyntaxError)", async () => {
|
|
27
|
+
const payload = {
|
|
28
|
+
...base,
|
|
29
|
+
response: {
|
|
30
|
+
status: 500,
|
|
31
|
+
headers: {},
|
|
32
|
+
body: 'PG::SyntaxError: ERROR: syntax error at or near "SELECT"',
|
|
33
|
+
},
|
|
34
|
+
};
|
|
35
|
+
const result = await (0, sqliError_worker_1.worker)(payload);
|
|
36
|
+
expect(result.findings.length).toBe(1);
|
|
37
|
+
expect(result.findings[0].taskType).toBe(core_1.TaskType.ATTACK_SQLI_ERROR);
|
|
38
|
+
});
|
|
39
|
+
it("ne détecte rien si la réponse est propre", async () => {
|
|
40
|
+
const payload = {
|
|
41
|
+
...base,
|
|
42
|
+
response: {
|
|
43
|
+
status: 200,
|
|
44
|
+
headers: {},
|
|
45
|
+
body: "Hello world",
|
|
46
|
+
},
|
|
47
|
+
};
|
|
48
|
+
const result = await (0, sqliError_worker_1.worker)(payload);
|
|
49
|
+
expect(result.findings.length).toBe(0);
|
|
50
|
+
});
|
|
51
|
+
it("ne détecte rien si aucune réponse n'est fournie", async () => {
|
|
52
|
+
const payload = {
|
|
53
|
+
...base,
|
|
54
|
+
response: null,
|
|
55
|
+
};
|
|
56
|
+
const result = await (0, sqliError_worker_1.worker)(payload);
|
|
57
|
+
expect(result.findings.length).toBe(0);
|
|
58
|
+
});
|
|
59
|
+
});
|
|
60
|
+
//# sourceMappingURL=sqliError.worker.test.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sqliError.worker.test.js","sourceRoot":"","sources":["../../../../../src/workers/attack/__tests__/sqliError.worker.test.ts"],"names":[],"mappings":";;AAAA,0DAA6C;AAE7C,uCAAwC;AAExC,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,MAAM,IAAI,GAAqC;QAC7C,GAAG,EAAE,qBAAqB;QAC1B,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,EAAE;QACX,IAAI,EAAE,EAAE;QACR,KAAK,EAAE,EAAE;KACV,CAAC;IAEF,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,QAAQ,EAAE;gBACR,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE;gBACX,IAAI,EAAE,kDAAkD;aACzD;SACF,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,yBAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,eAAQ,CAAC,iBAAiB,CAAC,CAAC;IACxE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/D,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,QAAQ,EAAE;gBACR,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE;gBACX,IAAI,EAAE,0DAA0D;aACjE;SACF,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,yBAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,eAAQ,CAAC,iBAAiB,CAAC,CAAC;IACxE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,0CAA0C,EAAE,KAAK,IAAI,EAAE;QACxD,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,QAAQ,EAAE;gBACR,MAAM,EAAE,GAAG;gBACX,OAAO,EAAE,EAAE;gBACX,IAAI,EAAE,aAAa;aACpB;SACF,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,yBAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,iDAAiD,EAAE,KAAK,IAAI,EAAE;QAC/D,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,yBAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"sqliStacked.worker.test.d.ts","sourceRoot":"","sources":["../../../../../src/workers/attack/__tests__/sqliStacked.worker.test.ts"],"names":[],"mappings":""}
|