npm - @j3r3my/scan-orchestrator - Versions diffs - 1.0.0 - Mend

@j3r3my/scan-orchestrator 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (347) hide show

package/dist/src/workers/attack/__tests__/sqliStacked.worker.test.js ADDED Viewed

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const sqliStacked_worker_1 = require("../sqliStacked.worker");
+const core_1 = require("@/types/core");
+describe("sqliStacked.worker", () => {
+    const base = {
+        url: "https://example.com",
+        method: "GET",
+        headers: {},
+        body: {},
+        query: {},
+    };
+    it("détecte un ; DROP TABLE", async () => {
+        const payload = {
+            ...base,
+            query: { q: "1; DROP TABLE users;" },
+            response: null,
+        };
+        const result = await (0, sqliStacked_worker_1.worker)(payload);
+        expect(result.findings.length).toBe(1);
+        expect(result.findings[0].taskType).toBe(core_1.TaskType.ATTACK_SQLI_STACKED);
+    });
+    it("détecte un ; SELECT obfusqué", async () => {
+        const payload = {
+            ...base,
+            query: { q: "1;%20SELECT%201" },
+            response: null,
+        };
+        const result = await (0, sqliStacked_worker_1.worker)(payload);
+        expect(result.findings.length).toBe(1);
+    });
+    it("ne détecte rien sur une requête normale", async () => {
+        const payload = {
+            ...base,
+            query: { q: "hello world" },
+            response: null,
+        };
+        const result = await (0, sqliStacked_worker_1.worker)(payload);
+        expect(result.findings.length).toBe(0);
+    });
+});
+//# sourceMappingURL=sqliStacked.worker.test.js.map

package/dist/src/workers/attack/__tests__/sqliStacked.worker.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sqliStacked.worker.test.js","sourceRoot":"","sources":["../../../../../src/workers/attack/__tests__/sqliStacked.worker.test.ts"],"names":[],"mappings":";;AAAA,8DAA+C;AAE/C,uCAAwC;AAExC,QAAQ,CAAC,oBAAoB,EAAE,GAAG,EAAE;IAClC,MAAM,IAAI,GAAqC;QAC7C,GAAG,EAAE,qBAAqB;QAC1B,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,EAAE;QACX,IAAI,EAAE,EAAE;QACR,KAAK,EAAE,EAAE;KACV,CAAC;IAEF,EAAE,CAAC,yBAAyB,EAAE,KAAK,IAAI,EAAE;QACvC,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,KAAK,EAAE,EAAE,CAAC,EAAE,sBAAsB,EAAE;YACpC,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,2BAAM,EAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,eAAQ,CAAC,mBAAmB,CAAC,CAAC;IAC1E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,8BAA8B,EAAE,KAAK,IAAI,EAAE;QAC5C,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,KAAK,EAAE,EAAE,CAAC,EAAE,iBAAiB,EAAE;YAC/B,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,2BAAM,EAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,yCAAyC,EAAE,KAAK,IAAI,EAAE;QACvD,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,KAAK,EAAE,EAAE,CAAC,EAAE,aAAa,EAAE;YAC3B,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,2BAAM,EAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/workers/attack/__tests__/sqliTime.worker.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=sqliTime.worker.test.d.ts.map

package/dist/src/workers/attack/__tests__/sqliTime.worker.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"sqliTime.worker.test.d.ts","sourceRoot":"","sources":["../../../../../src/workers/attack/__tests__/sqliTime.worker.test.ts"],"names":[],"mappings":""}

package/dist/src/workers/attack/__tests__/sqliTime.worker.test.js ADDED Viewed

@@ -0,0 +1,43 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const sqliTime_worker_1 = require("../sqliTime.worker");
+const core_1 = require("@/types/core");
+describe("sqliTime.worker", () => {
+    const base = {
+        url: "https://example.com",
+        method: "GET",
+        headers: {},
+        body: {},
+        query: {},
+    };
+    it("détecte un délai anormal (SQLi Time-Based)", async () => {
+        const payload = {
+            ...base,
+            response: null,
+            responseTime: 3500,
+            baselineTime: 200,
+        };
+        const result = await (0, sqliTime_worker_1.worker)(payload);
+        expect(result.findings.length).toBe(1);
+        expect(result.findings[0].taskType).toBe(core_1.TaskType.ATTACK_SQLI_TIME);
+    });
+    it("ne détecte rien si le délai est normal", async () => {
+        const payload = {
+            ...base,
+            response: null,
+            responseTime: 150,
+            baselineTime: 100,
+        };
+        const result = await (0, sqliTime_worker_1.worker)(payload);
+        expect(result.findings.length).toBe(0);
+    });
+    it("ne détecte rien si responseTime est absent", async () => {
+        const payload = {
+            ...base,
+            response: null,
+        };
+        const result = await (0, sqliTime_worker_1.worker)(payload);
+        expect(result.findings.length).toBe(0);
+    });
+});
+//# sourceMappingURL=sqliTime.worker.test.js.map

package/dist/src/workers/attack/__tests__/sqliTime.worker.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sqliTime.worker.test.js","sourceRoot":"","sources":["../../../../../src/workers/attack/__tests__/sqliTime.worker.test.ts"],"names":[],"mappings":";;AAAA,wDAA4C;AAE5C,uCAAwC;AAExC,QAAQ,CAAC,iBAAiB,EAAE,GAAG,EAAE;IAC/B,MAAM,IAAI,GAAqC;QAC7C,GAAG,EAAE,qBAAqB;QAC1B,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,EAAE;QACX,IAAI,EAAE,EAAE;QACR,KAAK,EAAE,EAAE;KACV,CAAC;IAEF,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;QAC1D,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,QAAQ,EAAE,IAAI;YACd,YAAY,EAAE,IAAI;YAClB,YAAY,EAAE,GAAG;SACX,CAAC;QAET,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,eAAQ,CAAC,gBAAgB,CAAC,CAAC;IACvE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,wCAAwC,EAAE,KAAK,IAAI,EAAE;QACtD,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,QAAQ,EAAE,IAAI;YACd,YAAY,EAAE,GAAG;YACjB,YAAY,EAAE,GAAG;SACX,CAAC;QAET,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4CAA4C,EAAE,KAAK,IAAI,EAAE;QAC1D,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,QAAQ,EAAE,IAAI;SACR,CAAC;QAET,MAAM,MAAM,GAAG,MAAM,IAAA,wBAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/workers/attack/__tests__/sqliUnion.worker.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=sqliUnion.worker.test.d.ts.map

package/dist/src/workers/attack/__tests__/sqliUnion.worker.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"sqliUnion.worker.test.d.ts","sourceRoot":"","sources":["../../../../../src/workers/attack/__tests__/sqliUnion.worker.test.ts"],"names":[],"mappings":""}

package/dist/src/workers/attack/__tests__/sqliUnion.worker.test.js ADDED Viewed

@@ -0,0 +1,51 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const sqliUnion_worker_1 = require("../sqliUnion.worker");
+const core_1 = require("@/types/core");
+describe("sqliUnion.worker", () => {
+    const base = {
+        url: "https://example.com",
+        method: "GET",
+        headers: {},
+        body: {},
+        query: {},
+    };
+    it("détecte un UNION SELECT classique", async () => {
+        const payload = {
+            ...base,
+            query: { q: "UNION SELECT username, password FROM users" },
+            response: null,
+        };
+        const result = await (0, sqliUnion_worker_1.worker)(payload);
+        expect(result.findings.length).toBe(1);
+        expect(result.findings[0].taskType).toBe(core_1.TaskType.ATTACK_SQLI_UNION);
+    });
+    it("détecte un UNION SELECT obfusqué", async () => {
+        const payload = {
+            ...base,
+            query: { q: "UNION/**/SELECT 1,2" },
+            response: null,
+        };
+        const result = await (0, sqliUnion_worker_1.worker)(payload);
+        expect(result.findings.length).toBe(1);
+    });
+    it("détecte un UNION SELECT encodé", async () => {
+        const payload = {
+            ...base,
+            query: { q: "UNION%20SELECT%201,2" },
+            response: null,
+        };
+        const result = await (0, sqliUnion_worker_1.worker)(payload);
+        expect(result.findings.length).toBe(1);
+    });
+    it("ne détecte rien si aucun pattern n'est présent", async () => {
+        const payload = {
+            ...base,
+            query: { q: "hello world" },
+            response: null,
+        };
+        const result = await (0, sqliUnion_worker_1.worker)(payload);
+        expect(result.findings.length).toBe(0);
+    });
+});
+//# sourceMappingURL=sqliUnion.worker.test.js.map

package/dist/src/workers/attack/__tests__/sqliUnion.worker.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sqliUnion.worker.test.js","sourceRoot":"","sources":["../../../../../src/workers/attack/__tests__/sqliUnion.worker.test.ts"],"names":[],"mappings":";;AAAA,0DAA6C;AAE7C,uCAAwC;AAExC,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,MAAM,IAAI,GAAqC;QAC7C,GAAG,EAAE,qBAAqB;QAC1B,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,EAAE;QACX,IAAI,EAAE,EAAE;QACR,KAAK,EAAE,EAAE;KACV,CAAC;IAEF,EAAE,CAAC,mCAAmC,EAAE,KAAK,IAAI,EAAE;QACjD,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,KAAK,EAAE,EAAE,CAAC,EAAE,4CAA4C,EAAE;YAC1D,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,yBAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,eAAQ,CAAC,iBAAiB,CAAC,CAAC;IACxE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,kCAAkC,EAAE,KAAK,IAAI,EAAE;QAChD,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,KAAK,EAAE,EAAE,CAAC,EAAE,qBAAqB,EAAE;YACnC,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,yBAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gCAAgC,EAAE,KAAK,IAAI,EAAE;QAC9C,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,KAAK,EAAE,EAAE,CAAC,EAAE,sBAAsB,EAAE;YACpC,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,yBAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,gDAAgD,EAAE,KAAK,IAAI,EAAE;QAC9D,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,KAAK,EAAE,EAAE,CAAC,EAAE,aAAa,EAAE;YAC3B,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,yBAAM,EAAC,OAAO,CAAC,CAAC;QAErC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/workers/attack/__tests__/xssReflected.worker.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=xssReflected.worker.test.d.ts.map

package/dist/src/workers/attack/__tests__/xssReflected.worker.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"xssReflected.worker.test.d.ts","sourceRoot":"","sources":["../../../../../src/workers/attack/__tests__/xssReflected.worker.test.ts"],"names":[],"mappings":""}

package/dist/src/workers/attack/__tests__/xssReflected.worker.test.js ADDED Viewed

@@ -0,0 +1,42 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const xssReflected_worker_1 = require("../xssReflected.worker");
+const core_1 = require("@/types/core");
+describe("xssReflected.worker", () => {
+    const base = {
+        url: "https://example.com",
+        method: "GET",
+        headers: {},
+        body: {},
+        query: {},
+    };
+    it("détecte un <script>alert(1)</script>", async () => {
+        const payload = {
+            ...base,
+            query: { q: "<script>alert(1)</script>" },
+            response: null,
+        };
+        const result = await (0, xssReflected_worker_1.worker)(payload);
+        expect(result.findings.length).toBe(1);
+        expect(result.findings[0].taskType).toBe(core_1.TaskType.ATTACK_XSS_REFLECTED);
+    });
+    it("détecte un XSS via onerror", async () => {
+        const payload = {
+            ...base,
+            query: { q: "<img src=x onerror=alert(1)>" },
+            response: null,
+        };
+        const result = await (0, xssReflected_worker_1.worker)(payload);
+        expect(result.findings.length).toBe(1);
+    });
+    it("ne détecte rien sur une valeur safe", async () => {
+        const payload = {
+            ...base,
+            query: { q: "hello world" },
+            response: null,
+        };
+        const result = await (0, xssReflected_worker_1.worker)(payload);
+        expect(result.findings.length).toBe(0);
+    });
+});
+//# sourceMappingURL=xssReflected.worker.test.js.map

package/dist/src/workers/attack/__tests__/xssReflected.worker.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"xssReflected.worker.test.js","sourceRoot":"","sources":["../../../../../src/workers/attack/__tests__/xssReflected.worker.test.ts"],"names":[],"mappings":";;AAAA,gEAAgD;AAEhD,uCAAwC;AAExC,QAAQ,CAAC,qBAAqB,EAAE,GAAG,EAAE;IACnC,MAAM,IAAI,GAAqC;QAC7C,GAAG,EAAE,qBAAqB;QAC1B,MAAM,EAAE,KAAK;QACb,OAAO,EAAE,EAAE;QACX,IAAI,EAAE,EAAE;QACR,KAAK,EAAE,EAAE;KACV,CAAC;IAEF,EAAE,CAAC,sCAAsC,EAAE,KAAK,IAAI,EAAE;QACpD,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,KAAK,EAAE,EAAE,CAAC,EAAE,2BAA2B,EAAE;YACzC,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,4BAAM,EAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,eAAQ,CAAC,oBAAoB,CAAC,CAAC;IAC3E,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,4BAA4B,EAAE,KAAK,IAAI,EAAE;QAC1C,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,KAAK,EAAE,EAAE,CAAC,EAAE,8BAA8B,EAAE;YAC5C,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,4BAAM,EAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;QACnD,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,KAAK,EAAE,EAAE,CAAC,EAAE,aAAa,EAAE;YAC3B,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,4BAAM,EAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/workers/attack/__tests__/xssStored.worker.test.d.ts ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ export {};
2	+ //# sourceMappingURL=xssStored.worker.test.d.ts.map

package/dist/src/workers/attack/__tests__/xssStored.worker.test.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"xssStored.worker.test.d.ts","sourceRoot":"","sources":["../../../../../src/workers/attack/__tests__/xssStored.worker.test.ts"],"names":[],"mappings":""}

package/dist/src/workers/attack/__tests__/xssStored.worker.test.js ADDED Viewed

@@ -0,0 +1,33 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const xssStored_worker_1 = require("../xssStored.worker");
+const core_1 = require("@/types/core");
+describe("xssStored.worker", () => {
+    const base = {
+        url: "https://example.com",
+        method: "POST",
+        headers: {},
+        body: {},
+        query: {},
+    };
+    it("détecte un XSS stocké", async () => {
+        const payload = {
+            ...base,
+            body: { comment: "<script>alert(1)</script>" },
+            response: null,
+        };
+        const result = await (0, xssStored_worker_1.worker)(payload);
+        expect(result.findings.length).toBe(1);
+        expect(result.findings[0].taskType).toBe(core_1.TaskType.ATTACK_XSS_STORED);
+    });
+    it("ne détecte rien sur un contenu safe", async () => {
+        const payload = {
+            ...base,
+            body: { comment: "Nice article!" },
+            response: null,
+        };
+        const result = await (0, xssStored_worker_1.worker)(payload);
+        expect(result.findings.length).toBe(0);
+    });
+});
+//# sourceMappingURL=xssStored.worker.test.js.map

package/dist/src/workers/attack/__tests__/xssStored.worker.test.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"xssStored.worker.test.js","sourceRoot":"","sources":["../../../../../src/workers/attack/__tests__/xssStored.worker.test.ts"],"names":[],"mappings":";;AAAA,0DAA6C;AAE7C,uCAAwC;AAExC,QAAQ,CAAC,kBAAkB,EAAE,GAAG,EAAE;IAChC,MAAM,IAAI,GAAqC;QAC7C,GAAG,EAAE,qBAAqB;QAC1B,MAAM,EAAE,MAAM;QACd,OAAO,EAAE,EAAE;QACX,IAAI,EAAE,EAAE;QACR,KAAK,EAAE,EAAE;KACV,CAAC;IAEF,EAAE,CAAC,uBAAuB,EAAE,KAAK,IAAI,EAAE;QACrC,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,IAAI,EAAE,EAAE,OAAO,EAAE,2BAA2B,EAAE;YAC9C,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,yBAAM,EAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;QACxC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAC,IAAI,CAAC,eAAQ,CAAC,iBAAiB,CAAC,CAAC;IACxE,CAAC,CAAC,CAAC;IAEH,EAAE,CAAC,qCAAqC,EAAE,KAAK,IAAI,EAAE;QACnD,MAAM,OAAO,GAAmB;YAC9B,GAAG,IAAI;YACP,IAAI,EAAE,EAAE,OAAO,EAAE,eAAe,EAAE;YAClC,QAAQ,EAAE,IAAI;SACf,CAAC;QAEF,MAAM,MAAM,GAAG,MAAM,IAAA,yBAAM,EAAC,OAAO,CAAC,CAAC;QACrC,MAAM,CAAC,MAAM,CAAC,QAAS,CAAC,MAAM,CAAC,CAAC,IAAI,CAAC,CAAC,CAAC,CAAC;IAC1C,CAAC,CAAC,CAAC;AACL,CAAC,CAAC,CAAC"}

package/dist/src/workers/attack/headers.worker.d.ts ADDED Viewed

@@ -0,0 +1,5 @@
+import { TaskPayloadMap } from "@/types/core";
+import { WorkerResult } from "@/types/core";
+import { TaskType } from "@/types/core";
+export declare function worker(payload: TaskPayloadMap[TaskType.ATTACK_HEADERS]): Promise<WorkerResult>;
+//# sourceMappingURL=headers.worker.d.ts.map

package/dist/src/workers/attack/headers.worker.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"headers.worker.d.ts","sourceRoot":"","sources":["../../../../src/workers/attack/headers.worker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,cAAc,CAAC;AAC9C,OAAO,EAAiB,YAAY,EAAE,MAAM,cAAc,CAAC;AAC3D,OAAO,EAAE,QAAQ,EAAE,MAAM,cAAc,CAAC;AAExC,wBAAsB,MAAM,CAC1B,OAAO,EAAE,cAAc,CAAC,QAAQ,CAAC,cAAc,CAAC,GAC/C,OAAO,CAAC,YAAY,CAAC,CAuCvB"}

package/dist/src/workers/attack/headers.worker.js ADDED Viewed

@@ -0,0 +1,38 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.worker = worker;
+const core_1 = require("@/types/core");
+async function worker(payload) {
+    const { url, method, headers } = payload;
+    const findings = [];
+    if (!headers["content-security-policy"]) {
+        findings.push({
+            message: "Missing Content-Security-Policy header",
+            severity: "medium",
+            taskType: core_1.TaskType.ATTACK_HEADERS,
+        });
+    }
+    if (headers["x-powered-by"]) {
+        findings.push({
+            message: `Leaking technology via X-Powered-By: ${headers["x-powered-by"]}`,
+            severity: "low",
+            taskType: core_1.TaskType.ATTACK_HEADERS,
+        });
+    }
+    if (headers["server"]) {
+        findings.push({
+            message: `Server header exposed: ${headers["server"]}`,
+            severity: "low",
+            taskType: core_1.TaskType.ATTACK_HEADERS,
+        });
+    }
+    return {
+        taskType: core_1.TaskType.ATTACK_HEADERS,
+        status: "success",
+        output: {
+            analyzedHeaders: Object.keys(headers),
+        },
+        findings,
+    };
+}
+//# sourceMappingURL=headers.worker.js.map

package/dist/src/workers/attack/headers.worker.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"headers.worker.js","sourceRoot":"","sources":["../../../../src/workers/attack/headers.worker.ts"],"names":[],"mappings":";;AAIA,wBAyCC;AA3CD,uCAAwC;AAEjC,KAAK,UAAU,MAAM,CAC1B,OAAgD;IAEhD,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IAEzC,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,IAAI,CAAC,OAAO,CAAC,yBAAyB,CAAC,EAAE,CAAC;QACxC,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,wCAAwC;YACjD,QAAQ,EAAE,QAAQ;YAClB,QAAQ,EAAE,eAAQ,CAAC,cAAc;SAClC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,OAAO,CAAC,cAAc,CAAC,EAAE,CAAC;QAC5B,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,wCAAwC,OAAO,CAAC,cAAc,CAAC,EAAE;YAC1E,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,eAAQ,CAAC,cAAc;SAClC,CAAC,CAAC;IACL,CAAC;IAED,IAAI,OAAO,CAAC,QAAQ,CAAC,EAAE,CAAC;QACtB,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,0BAA0B,OAAO,CAAC,QAAQ,CAAC,EAAE;YACtD,QAAQ,EAAE,KAAK;YACf,QAAQ,EAAE,eAAQ,CAAC,cAAc;SAClC,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,eAAQ,CAAC,cAAc;QACjC,MAAM,EAAE,SAAS;QAEjB,MAAM,EAAE;YACN,eAAe,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,CAAC;SACtC;QAED,QAAQ;KACT,CAAC;AACJ,CAAC"}

package/dist/src/workers/attack/lfi.worker.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import { WorkerResult } from "@/types/core";
+import { AnalyzePayload } from "@/types/analyze";
+export declare function worker(payload: AnalyzePayload): Promise<WorkerResult>;
+//# sourceMappingURL=lfi.worker.d.ts.map

package/dist/src/workers/attack/lfi.worker.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"lfi.worker.d.ts","sourceRoot":"","sources":["../../../../src/workers/attack/lfi.worker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAiB,YAAY,EAAY,MAAM,cAAc,CAAC;AAErE,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AAoBjD,wBAAsB,MAAM,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,YAAY,CAAC,CAoD3E"}

package/dist/src/workers/attack/lfi.worker.js ADDED Viewed

@@ -0,0 +1,68 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.worker = worker;
+const core_1 = require("@/types/core");
+const LFI_PATTERNS = [
+    /\.\.\/\.\.\//i, // ../../
+    /\.\.\//i, // ../
+    /\/etc\/passwd/i,
+    /\/etc\/shadow/i,
+    /windows\/win\.ini/i,
+    /php:\/\/filter/i,
+    /file:\/\//i,
+];
+function detectLfi(value) {
+    if (!value)
+        return false;
+    const str = String(value);
+    return LFI_PATTERNS.some((regex) => regex.test(str));
+}
+async function worker(payload) {
+    const findings = [];
+    const { url, method, headers, body, query } = payload;
+    // 1. Scan query parameters
+    for (const [key, val] of Object.entries(query ?? {})) {
+        if (detectLfi(val)) {
+            findings.push({
+                message: `Possible LFI detected in query parameter "${key}"`,
+                severity: "high",
+                taskType: core_1.TaskType.ATTACK_LFI,
+            });
+        }
+    }
+    // 2. Scan body
+    for (const [key, val] of Object.entries(body ?? {})) {
+        if (detectLfi(val)) {
+            findings.push({
+                message: `Possible LFI detected in body field "${key}"`,
+                severity: "high",
+                taskType: core_1.TaskType.ATTACK_LFI,
+            });
+        }
+    }
+    // 3. Scan headers
+    for (const [key, val] of Object.entries(headers ?? {})) {
+        if (detectLfi(val)) {
+            findings.push({
+                message: `Possible LFI detected in header "${key}"`,
+                severity: "medium",
+                taskType: core_1.TaskType.ATTACK_LFI,
+            });
+        }
+    }
+    return {
+        taskType: core_1.TaskType.ATTACK_LFI,
+        status: "success",
+        findings,
+        output: {
+            url,
+            method,
+            scannedFields: {
+                query: Object.keys(query ?? {}),
+                body: Object.keys(body ?? {}),
+                headers: Object.keys(headers ?? {}),
+            },
+        },
+    };
+}
+//# sourceMappingURL=lfi.worker.js.map

package/dist/src/workers/attack/lfi.worker.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"lfi.worker.js","sourceRoot":"","sources":["../../../../src/workers/attack/lfi.worker.ts"],"names":[],"mappings":";;AAsBA,wBAoDC;AA1ED,uCAAqE;AAIrE,MAAM,YAAY,GAAG;IACnB,eAAe,EAAE,SAAS;IAC1B,SAAS,EAAE,MAAM;IACjB,gBAAgB;IAChB,gBAAgB;IAChB,oBAAoB;IACpB,iBAAiB;IACjB,YAAY;CACb,CAAC;AAEF,SAAS,SAAS,CAAC,KAAc;IAC/B,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IAEzB,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAE1B,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AACvD,CAAC;AAEM,KAAK,UAAU,MAAM,CAAC,OAAuB;IAClD,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;IAEtD,2BAA2B;IAC3B,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,CAAC;QACrD,IAAI,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;YACnB,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,6CAA6C,GAAG,GAAG;gBAC5D,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,eAAQ,CAAC,UAAU;aAC9B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,eAAe;IACf,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE,CAAC;QACpD,IAAI,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;YACnB,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,wCAAwC,GAAG,GAAG;gBACvD,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,eAAQ,CAAC,UAAU;aAC9B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,kBAAkB;IAClB,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC,EAAE,CAAC;QACvD,IAAI,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;YACnB,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,oCAAoC,GAAG,GAAG;gBACnD,QAAQ,EAAE,QAAQ;gBAClB,QAAQ,EAAE,eAAQ,CAAC,UAAU;aAC9B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,eAAQ,CAAC,UAAU;QAC7B,MAAM,EAAE,SAAS;QACjB,QAAQ;QACR,MAAM,EAAE;YACN,GAAG;YACH,MAAM;YACN,aAAa,EAAE;gBACb,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC/B,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;gBAC7B,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC;aACpC;SACF;KACF,CAAC;AACJ,CAAC"}

package/dist/src/workers/attack/openRedirect.worker.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import { AnalyzePayload } from "@/types/analyze";
+import { WorkerResult } from "@/types/core";
+export declare function worker(payload: AnalyzePayload): Promise<WorkerResult>;
+//# sourceMappingURL=openRedirect.worker.d.ts.map

package/dist/src/workers/attack/openRedirect.worker.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"openRedirect.worker.d.ts","sourceRoot":"","sources":["../../../../src/workers/attack/openRedirect.worker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAA2B,YAAY,EAAE,MAAM,cAAc,CAAC;AA0BrE,wBAAsB,MAAM,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,YAAY,CAAC,CA4B3E"}

package/dist/src/workers/attack/openRedirect.worker.js ADDED Viewed

@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.worker = worker;
+const core_1 = require("@/types/core");
+const REDIRECT_KEYS = ["redirect", "next", "url", "continue", "return", "goto"];
+const EVIL_PATTERNS = [
+    /^https?:\/\//i,
+    /^\/\//i,
+    /%2f%2f/i,
+    /%68%74%74%70%3a%2f%2f/i, // http:// encodé
+];
+function normalize(value) {
+    if (!value)
+        return "";
+    try {
+        return decodeURIComponent(String(value)).toLowerCase();
+    }
+    catch {
+        return String(value).toLowerCase();
+    }
+}
+function detectOpenRedirect(key, value) {
+    const val = normalize(value);
+    if (!REDIRECT_KEYS.includes(key.toLowerCase()))
+        return false;
+    return EVIL_PATTERNS.some((regex) => regex.test(val));
+}
+async function worker(payload) {
+    const findings = [];
+    const { query } = payload;
+    const entries = Object.entries(query ?? {});
+    const hasRedirect = entries.some(([key, value]) => detectOpenRedirect(key, value));
+    if (hasRedirect) {
+        findings.push({
+            message: "Possible Open Redirect detected in request parameters",
+            severity: "high",
+            taskType: core_1.TaskType.ATTACK_OPEN_REDIRECT,
+        });
+    }
+    return {
+        taskType: core_1.TaskType.ATTACK_OPEN_REDIRECT,
+        status: "success",
+        findings,
+        output: {
+            scannedParams: entries.length,
+            detected: hasRedirect,
+        },
+    };
+}
+//# sourceMappingURL=openRedirect.worker.js.map

package/dist/src/workers/attack/openRedirect.worker.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"openRedirect.worker.js","sourceRoot":"","sources":["../../../../src/workers/attack/openRedirect.worker.ts"],"names":[],"mappings":";;AA2BA,wBA4BC;AAtDD,uCAAqE;AAErE,MAAM,aAAa,GAAG,CAAC,UAAU,EAAE,MAAM,EAAE,KAAK,EAAE,UAAU,EAAE,QAAQ,EAAE,MAAM,CAAC,CAAC;AAEhF,MAAM,aAAa,GAAG;IACpB,eAAe;IACf,QAAQ;IACR,SAAS;IACT,wBAAwB,EAAE,iBAAiB;CAC5C,CAAC;AAEF,SAAS,SAAS,CAAC,KAAc;IAC/B,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IACtB,IAAI,CAAC;QACH,OAAO,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;IACrC,CAAC;AACH,CAAC;AAED,SAAS,kBAAkB,CAAC,GAAW,EAAE,KAAc;IACrD,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAC7B,IAAI,CAAC,aAAa,CAAC,QAAQ,CAAC,GAAG,CAAC,WAAW,EAAE,CAAC;QAAE,OAAO,KAAK,CAAC;IAC7D,OAAO,aAAa,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AACxD,CAAC;AAEM,KAAK,UAAU,MAAM,CAAC,OAAuB;IAClD,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,MAAM,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;IAE1B,MAAM,OAAO,GAAG,MAAM,CAAC,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC,CAAC;IAE5C,MAAM,WAAW,GAAG,OAAO,CAAC,IAAI,CAAC,CAAC,CAAC,GAAG,EAAE,KAAK,CAAC,EAAE,EAAE,CAChD,kBAAkB,CAAC,GAAG,EAAE,KAAK,CAAC,CAC/B,CAAC;IAEF,IAAI,WAAW,EAAE,CAAC;QAChB,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,uDAAuD;YAChE,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,eAAQ,CAAC,oBAAoB;SACxC,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,eAAQ,CAAC,oBAAoB;QACvC,MAAM,EAAE,SAAS;QACjB,QAAQ;QACR,MAAM,EAAE;YACN,aAAa,EAAE,OAAO,CAAC,MAAM;YAC7B,QAAQ,EAAE,WAAW;SACtB;KACF,CAAC;AACJ,CAAC"}

package/dist/src/workers/attack/rfi.worker.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import { AnalyzePayload } from "@/types/analyze";
+import { WorkerResult } from "@/types/core";
+export declare function worker(payload: AnalyzePayload): Promise<WorkerResult>;
+//# sourceMappingURL=rfi.worker.d.ts.map

package/dist/src/workers/attack/rfi.worker.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"rfi.worker.d.ts","sourceRoot":"","sources":["../../../../src/workers/attack/rfi.worker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAA2B,YAAY,EAAE,MAAM,cAAc,CAAC;AAgBrE,wBAAsB,MAAM,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,YAAY,CAAC,CAoD3E"}

package/dist/src/workers/attack/rfi.worker.js ADDED Viewed

@@ -0,0 +1,66 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.worker = worker;
+const core_1 = require("@/types/core");
+const RFI_PATTERNS = [
+    /^https?:\/\//i,
+    /^ftp:\/\//i,
+    /^smb:\/\//i,
+    /^php:\/\/input/i,
+    /^data:\/\//i,
+];
+function detectRfi(value) {
+    if (!value)
+        return false;
+    const str = String(value);
+    return RFI_PATTERNS.some((regex) => regex.test(str));
+}
+async function worker(payload) {
+    const findings = [];
+    const { url, method, headers, body, query } = payload;
+    // 1. Query parameters
+    for (const [key, val] of Object.entries(query ?? {})) {
+        if (detectRfi(val)) {
+            findings.push({
+                message: `Possible RFI detected in query parameter "${key}"`,
+                severity: "critical",
+                taskType: core_1.TaskType.ATTACK_RFI,
+            });
+        }
+    }
+    // 2. Body fields
+    for (const [key, val] of Object.entries(body ?? {})) {
+        if (detectRfi(val)) {
+            findings.push({
+                message: `Possible RFI detected in body field "${key}"`,
+                severity: "critical",
+                taskType: core_1.TaskType.ATTACK_RFI,
+            });
+        }
+    }
+    // 3. Headers
+    for (const [key, val] of Object.entries(headers ?? {})) {
+        if (detectRfi(val)) {
+            findings.push({
+                message: `Possible RFI detected in header "${key}"`,
+                severity: "high",
+                taskType: core_1.TaskType.ATTACK_RFI,
+            });
+        }
+    }
+    return {
+        taskType: core_1.TaskType.ATTACK_RFI,
+        status: "success",
+        findings,
+        output: {
+            url,
+            method,
+            scannedFields: {
+                query: Object.keys(query ?? {}),
+                body: Object.keys(body ?? {}),
+                headers: Object.keys(headers ?? {}),
+            },
+        },
+    };
+}
+//# sourceMappingURL=rfi.worker.js.map

package/dist/src/workers/attack/rfi.worker.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"rfi.worker.js","sourceRoot":"","sources":["../../../../src/workers/attack/rfi.worker.ts"],"names":[],"mappings":";;AAiBA,wBAoDC;AApED,uCAAqE;AAErE,MAAM,YAAY,GAAG;IACnB,eAAe;IACf,YAAY;IACZ,YAAY;IACZ,iBAAiB;IACjB,aAAa;CACd,CAAC;AAEF,SAAS,SAAS,CAAC,KAAc;IAC/B,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IACzB,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1B,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AACvD,CAAC;AAEM,KAAK,UAAU,MAAM,CAAC,OAAuB;IAClD,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,MAAM,EAAE,GAAG,EAAE,MAAM,EAAE,OAAO,EAAE,IAAI,EAAE,KAAK,EAAE,GAAG,OAAO,CAAC;IAEtD,sBAAsB;IACtB,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,KAAK,IAAI,EAAE,CAAC,EAAE,CAAC;QACrD,IAAI,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;YACnB,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,6CAA6C,GAAG,GAAG;gBAC5D,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,eAAQ,CAAC,UAAU;aAC9B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,iBAAiB;IACjB,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,IAAI,IAAI,EAAE,CAAC,EAAE,CAAC;QACpD,IAAI,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;YACnB,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,wCAAwC,GAAG,GAAG;gBACvD,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,eAAQ,CAAC,UAAU;aAC9B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,aAAa;IACb,KAAK,MAAM,CAAC,GAAG,EAAE,GAAG,CAAC,IAAI,MAAM,CAAC,OAAO,CAAC,OAAO,IAAI,EAAE,CAAC,EAAE,CAAC;QACvD,IAAI,SAAS,CAAC,GAAG,CAAC,EAAE,CAAC;YACnB,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EAAE,oCAAoC,GAAG,GAAG;gBACnD,QAAQ,EAAE,MAAM;gBAChB,QAAQ,EAAE,eAAQ,CAAC,UAAU;aAC9B,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,eAAQ,CAAC,UAAU;QAC7B,MAAM,EAAE,SAAS;QACjB,QAAQ;QACR,MAAM,EAAE;YACN,GAAG;YACH,MAAM;YACN,aAAa,EAAE;gBACb,KAAK,EAAE,MAAM,CAAC,IAAI,CAAC,KAAK,IAAI,EAAE,CAAC;gBAC/B,IAAI,EAAE,MAAM,CAAC,IAAI,CAAC,IAAI,IAAI,EAAE,CAAC;gBAC7B,OAAO,EAAE,MAAM,CAAC,IAAI,CAAC,OAAO,IAAI,EAAE,CAAC;aACpC;SACF;KACF,CAAC;AACJ,CAAC"}

package/dist/src/workers/attack/sqliBoolean.worker.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import { AnalyzePayload } from "@/types/analyze";
+import { WorkerResult } from "@/types/core";
+export declare function worker(payload: AnalyzePayload): Promise<WorkerResult>;
+//# sourceMappingURL=sqliBoolean.worker.d.ts.map

package/dist/src/workers/attack/sqliBoolean.worker.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"sqliBoolean.worker.d.ts","sourceRoot":"","sources":["../../../../src/workers/attack/sqliBoolean.worker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAA2B,YAAY,EAAE,MAAM,cAAc,CAAC;AA0BrE,wBAAsB,MAAM,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,YAAY,CAAC,CA+B3E"}

package/dist/src/workers/attack/sqliBoolean.worker.js ADDED Viewed

@@ -0,0 +1,54 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.worker = worker;
+const core_1 = require("@/types/core");
+const BOOLEAN_PATTERNS = [
+    /'\s*or\s*'1'\s*=\s*'1/i,
+    /"\s*or\s*"1"\s*=\s*"1/i,
+    /\sor\s1=1/i,
+    /\sand\s1=1/i,
+    /\sand\s1=2/i,
+    /\sor\s'[^']*'\s*=\s*'[^']*'/i,
+    /\sor\strue--/i,
+];
+function normalize(value) {
+    if (!value)
+        return "";
+    try {
+        return decodeURIComponent(String(value)).toLowerCase();
+    }
+    catch {
+        return String(value).toLowerCase();
+    }
+}
+function detectBooleanSqli(value) {
+    const str = normalize(value);
+    return BOOLEAN_PATTERNS.some((regex) => regex.test(str));
+}
+async function worker(payload) {
+    const findings = [];
+    const { query, body, headers } = payload;
+    const allValues = [
+        ...Object.values(query ?? {}),
+        ...Object.values(body ?? {}),
+        ...Object.values(headers ?? {}),
+    ];
+    const hasBoolean = allValues.some((v) => detectBooleanSqli(v));
+    if (hasBoolean) {
+        findings.push({
+            message: "Possible SQL Injection (Boolean-Based) detected in request parameters",
+            severity: "critical",
+            taskType: core_1.TaskType.ATTACK_SQLI_BOOLEAN,
+        });
+    }
+    return {
+        taskType: core_1.TaskType.ATTACK_SQLI_BOOLEAN,
+        status: "success",
+        findings,
+        output: {
+            scannedValues: allValues.length,
+            detected: hasBoolean,
+        },
+    };
+}
+//# sourceMappingURL=sqliBoolean.worker.js.map

package/dist/src/workers/attack/sqliBoolean.worker.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sqliBoolean.worker.js","sourceRoot":"","sources":["../../../../src/workers/attack/sqliBoolean.worker.ts"],"names":[],"mappings":";;AA2BA,wBA+BC;AAzDD,uCAAqE;AAErE,MAAM,gBAAgB,GAAG;IACvB,wBAAwB;IACxB,wBAAwB;IACxB,YAAY;IACZ,aAAa;IACb,aAAa;IACb,8BAA8B;IAC9B,eAAe;CAChB,CAAC;AAEF,SAAS,SAAS,CAAC,KAAc;IAC/B,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IACtB,IAAI,CAAC;QACH,OAAO,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;IACrC,CAAC;AACH,CAAC;AAED,SAAS,iBAAiB,CAAC,KAAc;IACvC,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAC7B,OAAO,gBAAgB,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAC3D,CAAC;AAEM,KAAK,UAAU,MAAM,CAAC,OAAuB;IAClD,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IAEzC,MAAM,SAAS,GAAG;QAChB,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC;QAC7B,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QAC5B,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;KAChC,CAAC;IAEF,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,iBAAiB,CAAC,CAAC,CAAC,CAAC,CAAC;IAE/D,IAAI,UAAU,EAAE,CAAC;QACf,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EACL,uEAAuE;YACzE,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE,eAAQ,CAAC,mBAAmB;SACvC,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,eAAQ,CAAC,mBAAmB;QACtC,MAAM,EAAE,SAAS;QACjB,QAAQ;QACR,MAAM,EAAE;YACN,aAAa,EAAE,SAAS,CAAC,MAAM;YAC/B,QAAQ,EAAE,UAAU;SACrB;KACF,CAAC;AACJ,CAAC"}

package/dist/src/workers/attack/sqliError.worker.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import { AnalyzePayload } from "@/types/analyze";
+import { WorkerResult } from "@/types/core";
+export declare function worker(payload: AnalyzePayload): Promise<WorkerResult>;
+//# sourceMappingURL=sqliError.worker.d.ts.map