npm - @j3r3my/scan-orchestrator - Versions diffs - 1.0.0 - Mend

@j3r3my/scan-orchestrator 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (347) hide show

package/dist/src/workers/attack/sqliError.worker.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"sqliError.worker.d.ts","sourceRoot":"","sources":["../../../../src/workers/attack/sqliError.worker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAA2B,YAAY,EAAE,MAAM,cAAc,CAAC;AAsBrE,wBAAsB,MAAM,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,YAAY,CAAC,CAuB3E"}

package/dist/src/workers/attack/sqliError.worker.js ADDED Viewed

@@ -0,0 +1,44 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.worker = worker;
+const core_1 = require("@/types/core");
+const SQL_ERROR_PATTERNS = [
+    /you have an error in your sql syntax/i,
+    /warning: mysql/i,
+    /mysql_fetch/i,
+    /unclosed quotation mark after the character string/i,
+    /odbc sql server driver/i,
+    /sql syntax error/i,
+    /pg::syntaxerror/i,
+    /sqlite3::sqlexception/i,
+    /ora-\d{5}/i,
+    /syntax error/i,
+    /unexpected end of SQL command/i,
+];
+function detectSqlError(value) {
+    if (!value)
+        return false;
+    const str = String(value);
+    return SQL_ERROR_PATTERNS.some((regex) => regex.test(str));
+}
+async function worker(payload) {
+    const findings = [];
+    const { response } = payload;
+    if (response && detectSqlError(response.body)) {
+        findings.push({
+            message: "Possible SQL Injection (Error-Based) detected in server response",
+            severity: "critical",
+            taskType: core_1.TaskType.ATTACK_SQLI_ERROR,
+        });
+    }
+    return {
+        taskType: core_1.TaskType.ATTACK_SQLI_ERROR,
+        status: "success",
+        findings,
+        output: {
+            scanned: !!response,
+            responseSnippet: response?.body?.slice(0, 200) ?? null,
+        },
+    };
+}
+//# sourceMappingURL=sqliError.worker.js.map

package/dist/src/workers/attack/sqliError.worker.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sqliError.worker.js","sourceRoot":"","sources":["../../../../src/workers/attack/sqliError.worker.ts"],"names":[],"mappings":";;AAuBA,wBAuBC;AA7CD,uCAAqE;AAErE,MAAM,kBAAkB,GAAG;IACzB,uCAAuC;IACvC,iBAAiB;IACjB,cAAc;IACd,qDAAqD;IACrD,yBAAyB;IACzB,mBAAmB;IACnB,kBAAkB;IAClB,wBAAwB;IACxB,YAAY;IACZ,eAAe;IACf,gCAAgC;CACjC,CAAC;AAEF,SAAS,cAAc,CAAC,KAAc;IACpC,IAAI,CAAC,KAAK;QAAE,OAAO,KAAK,CAAC;IACzB,MAAM,GAAG,GAAG,MAAM,CAAC,KAAK,CAAC,CAAC;IAC1B,OAAO,kBAAkB,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAC7D,CAAC;AAEM,KAAK,UAAU,MAAM,CAAC,OAAuB;IAClD,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,MAAM,EAAE,QAAQ,EAAE,GAAG,OAAO,CAAC;IAE7B,IAAI,QAAQ,IAAI,cAAc,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC;QAC9C,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EACL,kEAAkE;YACpE,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE,eAAQ,CAAC,iBAAiB;SACrC,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,eAAQ,CAAC,iBAAiB;QACpC,MAAM,EAAE,SAAS;QACjB,QAAQ;QACR,MAAM,EAAE;YACN,OAAO,EAAE,CAAC,CAAC,QAAQ;YACnB,eAAe,EAAE,QAAQ,EAAE,IAAI,EAAE,KAAK,CAAC,CAAC,EAAE,GAAG,CAAC,IAAI,IAAI;SACvD;KACF,CAAC;AACJ,CAAC"}

package/dist/src/workers/attack/sqliStacked.worker.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import { AnalyzePayload } from "@/types/analyze";
+import { WorkerResult } from "@/types/core";
+export declare function worker(payload: AnalyzePayload): Promise<WorkerResult>;
+//# sourceMappingURL=sqliStacked.worker.d.ts.map

package/dist/src/workers/attack/sqliStacked.worker.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"sqliStacked.worker.d.ts","sourceRoot":"","sources":["../../../../src/workers/attack/sqliStacked.worker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAA2B,YAAY,EAAE,MAAM,cAAc,CAAC;AA6BrE,wBAAsB,MAAM,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,YAAY,CAAC,CA8B3E"}

package/dist/src/workers/attack/sqliStacked.worker.js ADDED Viewed

@@ -0,0 +1,57 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.worker = worker;
+const core_1 = require("@/types/core");
+const STACKED_PATTERNS = [
+    /;\s*select/i,
+    /;\s*insert/i,
+    /;\s*update/i,
+    /;\s*delete/i,
+    /;\s*drop/i,
+    /;\s*create/i,
+    /;\s*alter/i,
+    /;\s*exec/i,
+    /;%20select/i,
+    /;%0aselect/i,
+];
+function normalize(value) {
+    if (!value)
+        return "";
+    try {
+        return decodeURIComponent(String(value)).toLowerCase();
+    }
+    catch {
+        return String(value).toLowerCase();
+    }
+}
+function detectStacked(value) {
+    const str = normalize(value);
+    return STACKED_PATTERNS.some((regex) => regex.test(str));
+}
+async function worker(payload) {
+    const findings = [];
+    const { query, body, headers } = payload;
+    const allValues = [
+        ...Object.values(query ?? {}),
+        ...Object.values(body ?? {}),
+        ...Object.values(headers ?? {}),
+    ];
+    const hasStacked = allValues.some((v) => detectStacked(v));
+    if (hasStacked) {
+        findings.push({
+            message: "Possible SQL Injection (Stacked Queries) detected",
+            severity: "critical",
+            taskType: core_1.TaskType.ATTACK_SQLI_STACKED,
+        });
+    }
+    return {
+        taskType: core_1.TaskType.ATTACK_SQLI_STACKED,
+        status: "success",
+        findings,
+        output: {
+            scannedValues: allValues.length,
+            detected: hasStacked,
+        },
+    };
+}
+//# sourceMappingURL=sqliStacked.worker.js.map

package/dist/src/workers/attack/sqliStacked.worker.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sqliStacked.worker.js","sourceRoot":"","sources":["../../../../src/workers/attack/sqliStacked.worker.ts"],"names":[],"mappings":";;AA8BA,wBA8BC;AA3DD,uCAAqE;AAErE,MAAM,gBAAgB,GAAG;IACvB,aAAa;IACb,aAAa;IACb,aAAa;IACb,aAAa;IACb,WAAW;IACX,aAAa;IACb,YAAY;IACZ,WAAW;IACX,aAAa;IACb,aAAa;CACd,CAAC;AAEF,SAAS,SAAS,CAAC,KAAc;IAC/B,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IACtB,IAAI,CAAC;QACH,OAAO,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;IACrC,CAAC;AACH,CAAC;AAED,SAAS,aAAa,CAAC,KAAc;IACnC,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAC7B,OAAO,gBAAgB,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAC3D,CAAC;AAEM,KAAK,UAAU,MAAM,CAAC,OAAuB;IAClD,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IAEzC,MAAM,SAAS,GAAG;QAChB,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC;QAC7B,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QAC5B,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;KAChC,CAAC;IAEF,MAAM,UAAU,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,aAAa,CAAC,CAAC,CAAC,CAAC,CAAC;IAE3D,IAAI,UAAU,EAAE,CAAC;QACf,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,mDAAmD;YAC5D,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE,eAAQ,CAAC,mBAAmB;SACvC,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,eAAQ,CAAC,mBAAmB;QACtC,MAAM,EAAE,SAAS;QACjB,QAAQ;QACR,MAAM,EAAE;YACN,aAAa,EAAE,SAAS,CAAC,MAAM;YAC/B,QAAQ,EAAE,UAAU;SACrB;KACF,CAAC;AACJ,CAAC"}

package/dist/src/workers/attack/sqliTime.worker.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import { AnalyzePayload } from "@/types/analyze";
+import { WorkerResult } from "@/types/core";
+export declare function worker(payload: AnalyzePayload): Promise<WorkerResult>;
+//# sourceMappingURL=sqliTime.worker.d.ts.map

package/dist/src/workers/attack/sqliTime.worker.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"sqliTime.worker.d.ts","sourceRoot":"","sources":["../../../../src/workers/attack/sqliTime.worker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAA2B,YAAY,EAAE,MAAM,cAAc,CAAC;AAIrE,wBAAsB,MAAM,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,YAAY,CAAC,CA+B3E"}

package/dist/src/workers/attack/sqliTime.worker.js ADDED Viewed

@@ -0,0 +1,31 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.worker = worker;
+const core_1 = require("@/types/core");
+const TIME_THRESHOLD_MS = 2000; // 2 secondes
+async function worker(payload) {
+    const findings = [];
+    const { responseTime, baselineTime } = payload;
+    if (typeof responseTime === "number") {
+        const baseline = typeof baselineTime === "number" ? baselineTime : 300;
+        const isSlow = responseTime > baseline * 3 || responseTime > TIME_THRESHOLD_MS;
+        if (isSlow) {
+            findings.push({
+                message: "Possible SQL Injection (Time-Based) detected due to abnormal response delay",
+                severity: "critical",
+                taskType: core_1.TaskType.ATTACK_SQLI_TIME,
+            });
+        }
+    }
+    return {
+        taskType: core_1.TaskType.ATTACK_SQLI_TIME,
+        status: "success",
+        findings,
+        output: {
+            responseTime,
+            baselineTime,
+            isSlow: findings.length > 0,
+        },
+    };
+}
+//# sourceMappingURL=sqliTime.worker.js.map

package/dist/src/workers/attack/sqliTime.worker.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sqliTime.worker.js","sourceRoot":"","sources":["../../../../src/workers/attack/sqliTime.worker.ts"],"names":[],"mappings":";;AAKA,wBA+BC;AAnCD,uCAAqE;AAErE,MAAM,iBAAiB,GAAG,IAAI,CAAC,CAAC,aAAa;AAEtC,KAAK,UAAU,MAAM,CAAC,OAAuB;IAClD,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,MAAM,EAAE,YAAY,EAAE,YAAY,EAAE,GAAG,OAAc,CAAC;IAEtD,IAAI,OAAO,YAAY,KAAK,QAAQ,EAAE,CAAC;QACrC,MAAM,QAAQ,GAAG,OAAO,YAAY,KAAK,QAAQ,CAAC,CAAC,CAAC,YAAY,CAAC,CAAC,CAAC,GAAG,CAAC;QAEvE,MAAM,MAAM,GACV,YAAY,GAAG,QAAQ,GAAG,CAAC,IAAI,YAAY,GAAG,iBAAiB,CAAC;QAElE,IAAI,MAAM,EAAE,CAAC;YACX,QAAQ,CAAC,IAAI,CAAC;gBACZ,OAAO,EACL,6EAA6E;gBAC/E,QAAQ,EAAE,UAAU;gBACpB,QAAQ,EAAE,eAAQ,CAAC,gBAAgB;aACpC,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,eAAQ,CAAC,gBAAgB;QACnC,MAAM,EAAE,SAAS;QACjB,QAAQ;QACR,MAAM,EAAE;YACN,YAAY;YACZ,YAAY;YACZ,MAAM,EAAE,QAAQ,CAAC,MAAM,GAAG,CAAC;SAC5B;KACF,CAAC;AACJ,CAAC"}

package/dist/src/workers/attack/sqliUnion.worker.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import { AnalyzePayload } from "@/types/analyze";
+import { WorkerResult } from "@/types/core";
+export declare function worker(payload: AnalyzePayload): Promise<WorkerResult>;
+//# sourceMappingURL=sqliUnion.worker.d.ts.map

package/dist/src/workers/attack/sqliUnion.worker.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"sqliUnion.worker.d.ts","sourceRoot":"","sources":["../../../../src/workers/attack/sqliUnion.worker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAA2B,YAAY,EAAE,MAAM,cAAc,CAAC;AAqBrE,wBAAsB,MAAM,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,YAAY,CAAC,CA+B3E"}

package/dist/src/workers/attack/sqliUnion.worker.js ADDED Viewed

@@ -0,0 +1,48 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.worker = worker;
+const core_1 = require("@/types/core");
+const UNION_PATTERNS = [
+    /union\s+select/i,
+    /union\s+all\s+select/i,
+    /union\/\*.*?\*\/\s*select/i,
+    /union%20select/i,
+    /union%0aselect/i,
+    /union%09select/i,
+];
+function normalize(value) {
+    if (!value)
+        return "";
+    return decodeURIComponent(String(value)).toLowerCase();
+}
+function detectUnion(value) {
+    const str = normalize(value);
+    return UNION_PATTERNS.some((regex) => regex.test(str));
+}
+async function worker(payload) {
+    const findings = [];
+    const { query, body, headers } = payload;
+    const allValues = [
+        ...Object.values(query ?? {}),
+        ...Object.values(body ?? {}),
+        ...Object.values(headers ?? {}),
+    ];
+    const hasUnion = allValues.some((v) => detectUnion(v));
+    if (hasUnion) {
+        findings.push({
+            message: "Possible SQL Injection (UNION-Based) detected in request parameters",
+            severity: "critical",
+            taskType: core_1.TaskType.ATTACK_SQLI_UNION,
+        });
+    }
+    return {
+        taskType: core_1.TaskType.ATTACK_SQLI_UNION,
+        status: "success",
+        findings,
+        output: {
+            scannedValues: allValues.length,
+            detected: hasUnion,
+        },
+    };
+}
+//# sourceMappingURL=sqliUnion.worker.js.map

package/dist/src/workers/attack/sqliUnion.worker.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"sqliUnion.worker.js","sourceRoot":"","sources":["../../../../src/workers/attack/sqliUnion.worker.ts"],"names":[],"mappings":";;AAsBA,wBA+BC;AApDD,uCAAqE;AAErE,MAAM,cAAc,GAAG;IACrB,iBAAiB;IACjB,uBAAuB;IACvB,4BAA4B;IAC5B,iBAAiB;IACjB,iBAAiB;IACjB,iBAAiB;CAClB,CAAC;AAEF,SAAS,SAAS,CAAC,KAAc;IAC/B,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IACtB,OAAO,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;AACzD,CAAC;AAED,SAAS,WAAW,CAAC,KAAc;IACjC,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAC7B,OAAO,cAAc,CAAC,IAAI,CAAC,CAAC,KAAK,EAAE,EAAE,CAAC,KAAK,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AACzD,CAAC;AAEM,KAAK,UAAU,MAAM,CAAC,OAAuB;IAClD,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,OAAO,EAAE,GAAG,OAAO,CAAC;IAEzC,MAAM,SAAS,GAAG;QAChB,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC;QAC7B,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;QAC5B,GAAG,MAAM,CAAC,MAAM,CAAC,OAAO,IAAI,EAAE,CAAC;KAChC,CAAC;IAEF,MAAM,QAAQ,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,WAAW,CAAC,CAAC,CAAC,CAAC,CAAC;IAEvD,IAAI,QAAQ,EAAE,CAAC;QACb,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EACL,qEAAqE;YACvE,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE,eAAQ,CAAC,iBAAiB;SACrC,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,eAAQ,CAAC,iBAAiB;QACpC,MAAM,EAAE,SAAS;QACjB,QAAQ;QACR,MAAM,EAAE;YACN,aAAa,EAAE,SAAS,CAAC,MAAM;YAC/B,QAAQ,EAAE,QAAQ;SACnB;KACF,CAAC;AACJ,CAAC"}

package/dist/src/workers/attack/xssReflected.worker.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import { AnalyzePayload } from "@/types/analyze";
+import { WorkerResult } from "@/types/core";
+export declare function worker(payload: AnalyzePayload): Promise<WorkerResult>;
+//# sourceMappingURL=xssReflected.worker.d.ts.map

package/dist/src/workers/attack/xssReflected.worker.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"xssReflected.worker.d.ts","sourceRoot":"","sources":["../../../../src/workers/attack/xssReflected.worker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAA2B,YAAY,EAAE,MAAM,cAAc,CAAC;AAyBrE,wBAAsB,MAAM,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,YAAY,CAAC,CA6B3E"}

package/dist/src/workers/attack/xssReflected.worker.js ADDED Viewed

@@ -0,0 +1,52 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.worker = worker;
+const core_1 = require("@/types/core");
+const XSS_PATTERNS = [
+    /<script.*?>/i,
+    /onerror\s*=/i,
+    /onload\s*=/i,
+    /javascript:/i,
+    /<img[^>]+onerror/i,
+    /<svg[^>]+onload/i,
+];
+function normalize(value) {
+    if (!value)
+        return "";
+    try {
+        return decodeURIComponent(String(value)).toLowerCase();
+    }
+    catch {
+        return String(value).toLowerCase();
+    }
+}
+function detectXss(value) {
+    const str = normalize(value);
+    return XSS_PATTERNS.some((r) => r.test(str));
+}
+async function worker(payload) {
+    const findings = [];
+    const { query, body } = payload;
+    const allValues = [
+        ...Object.values(query ?? {}),
+        ...Object.values(body ?? {}),
+    ];
+    const hasXss = allValues.some((v) => detectXss(v));
+    if (hasXss) {
+        findings.push({
+            message: "Possible Reflected XSS detected",
+            severity: "high",
+            taskType: core_1.TaskType.ATTACK_XSS_REFLECTED,
+        });
+    }
+    return {
+        taskType: core_1.TaskType.ATTACK_XSS_REFLECTED,
+        status: "success",
+        findings,
+        output: {
+            scannedValues: allValues.length,
+            detected: hasXss,
+        },
+    };
+}
+//# sourceMappingURL=xssReflected.worker.js.map

package/dist/src/workers/attack/xssReflected.worker.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"xssReflected.worker.js","sourceRoot":"","sources":["../../../../src/workers/attack/xssReflected.worker.ts"],"names":[],"mappings":";;AA0BA,wBA6BC;AAtDD,uCAAqE;AAErE,MAAM,YAAY,GAAG;IACnB,cAAc;IACd,cAAc;IACd,aAAa;IACb,cAAc;IACd,mBAAmB;IACnB,kBAAkB;CACnB,CAAC;AAEF,SAAS,SAAS,CAAC,KAAc;IAC/B,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IACtB,IAAI,CAAC;QACH,OAAO,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;IACrC,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAC,KAAc;IAC/B,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAC7B,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAC/C,CAAC;AAEM,KAAK,UAAU,MAAM,CAAC,OAAuB;IAClD,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,MAAM,EAAE,KAAK,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IAEhC,MAAM,SAAS,GAAG;QAChB,GAAG,MAAM,CAAC,MAAM,CAAC,KAAK,IAAI,EAAE,CAAC;QAC7B,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC;KAC7B,CAAC;IAEF,MAAM,MAAM,GAAG,SAAS,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;IAEnD,IAAI,MAAM,EAAE,CAAC;QACX,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,iCAAiC;YAC1C,QAAQ,EAAE,MAAM;YAChB,QAAQ,EAAE,eAAQ,CAAC,oBAAoB;SACxC,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,eAAQ,CAAC,oBAAoB;QACvC,MAAM,EAAE,SAAS;QACjB,QAAQ;QACR,MAAM,EAAE;YACN,aAAa,EAAE,SAAS,CAAC,MAAM;YAC/B,QAAQ,EAAE,MAAM;SACjB;KACF,CAAC;AACJ,CAAC"}

package/dist/src/workers/attack/xssStored.worker.d.ts ADDED Viewed

@@ -0,0 +1,4 @@
+import { AnalyzePayload } from "@/types/analyze";
+import { WorkerResult } from "@/types/core";
+export declare function worker(payload: AnalyzePayload): Promise<WorkerResult>;
+//# sourceMappingURL=xssStored.worker.d.ts.map

package/dist/src/workers/attack/xssStored.worker.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"xssStored.worker.d.ts","sourceRoot":"","sources":["../../../../src/workers/attack/xssStored.worker.ts"],"names":[],"mappings":"AAAA,OAAO,EAAE,cAAc,EAAE,MAAM,iBAAiB,CAAC;AACjD,OAAO,EAA2B,YAAY,EAAE,MAAM,cAAc,CAAC;AAyBrE,wBAAsB,MAAM,CAAC,OAAO,EAAE,cAAc,GAAG,OAAO,CAAC,YAAY,CAAC,CA0B3E"}

package/dist/src/workers/attack/xssStored.worker.js ADDED Viewed

@@ -0,0 +1,49 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.worker = worker;
+const core_1 = require("@/types/core");
+const XSS_PATTERNS = [
+    /<script.*?>/i,
+    /onerror\s*=/i,
+    /onload\s*=/i,
+    /javascript:/i,
+    /<img[^>]+onerror/i,
+    /<svg[^>]+onload/i,
+];
+function normalize(value) {
+    if (!value)
+        return "";
+    try {
+        return decodeURIComponent(String(value)).toLowerCase();
+    }
+    catch {
+        return String(value).toLowerCase();
+    }
+}
+function detectXss(value) {
+    const str = normalize(value);
+    return XSS_PATTERNS.some((r) => r.test(str));
+}
+async function worker(payload) {
+    const findings = [];
+    const { body } = payload;
+    const values = Object.values(body ?? {});
+    const hasXss = values.some((v) => detectXss(v));
+    if (hasXss) {
+        findings.push({
+            message: "Possible Stored XSS detected",
+            severity: "critical",
+            taskType: core_1.TaskType.ATTACK_XSS_STORED,
+        });
+    }
+    return {
+        taskType: core_1.TaskType.ATTACK_XSS_STORED,
+        status: "success",
+        findings,
+        output: {
+            scannedValues: values.length,
+            detected: hasXss,
+        },
+    };
+}
+//# sourceMappingURL=xssStored.worker.js.map

package/dist/src/workers/attack/xssStored.worker.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"xssStored.worker.js","sourceRoot":"","sources":["../../../../src/workers/attack/xssStored.worker.ts"],"names":[],"mappings":";;AA0BA,wBA0BC;AAnDD,uCAAqE;AAErE,MAAM,YAAY,GAAG;IACnB,cAAc;IACd,cAAc;IACd,aAAa;IACb,cAAc;IACd,mBAAmB;IACnB,kBAAkB;CACnB,CAAC;AAEF,SAAS,SAAS,CAAC,KAAc;IAC/B,IAAI,CAAC,KAAK;QAAE,OAAO,EAAE,CAAC;IACtB,IAAI,CAAC;QACH,OAAO,kBAAkB,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,WAAW,EAAE,CAAC;IACzD,CAAC;IAAC,MAAM,CAAC;QACP,OAAO,MAAM,CAAC,KAAK,CAAC,CAAC,WAAW,EAAE,CAAC;IACrC,CAAC;AACH,CAAC;AAED,SAAS,SAAS,CAAC,KAAc;IAC/B,MAAM,GAAG,GAAG,SAAS,CAAC,KAAK,CAAC,CAAC;IAC7B,OAAO,YAAY,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,CAAC,CAAC,IAAI,CAAC,GAAG,CAAC,CAAC,CAAC;AAC/C,CAAC;AAEM,KAAK,UAAU,MAAM,CAAC,OAAuB;IAClD,MAAM,QAAQ,GAAoB,EAAE,CAAC;IAErC,MAAM,EAAE,IAAI,EAAE,GAAG,OAAO,CAAC;IAEzB,MAAM,MAAM,GAAG,MAAM,CAAC,MAAM,CAAC,IAAI,IAAI,EAAE,CAAC,CAAC;IAEzC,MAAM,MAAM,GAAG,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,EAAE,CAAC,SAAS,CAAC,CAAC,CAAC,CAAC,CAAC;IAEhD,IAAI,MAAM,EAAE,CAAC;QACX,QAAQ,CAAC,IAAI,CAAC;YACZ,OAAO,EAAE,8BAA8B;YACvC,QAAQ,EAAE,UAAU;YACpB,QAAQ,EAAE,eAAQ,CAAC,iBAAiB;SACrC,CAAC,CAAC;IACL,CAAC;IAED,OAAO;QACL,QAAQ,EAAE,eAAQ,CAAC,iBAAiB;QACpC,MAAM,EAAE,SAAS;QACjB,QAAQ;QACR,MAAM,EAAE;YACN,aAAa,EAAE,MAAM,CAAC,MAAM;YAC5B,QAAQ,EAAE,MAAM;SACjB;KACF,CAAC;AACJ,CAAC"}

package/dist/src/workers/crawl/crawlApi.worker.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ //# sourceMappingURL=crawlApi.worker.d.ts.map

package/dist/src/workers/crawl/crawlApi.worker.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"crawlApi.worker.d.ts","sourceRoot":"","sources":["../../../../src/workers/crawl/crawlApi.worker.ts"],"names":[],"mappings":""}

package/dist/src/workers/crawl/crawlApi.worker.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ //# sourceMappingURL=crawlApi.worker.js.map

package/dist/src/workers/crawl/crawlApi.worker.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"crawlApi.worker.js","sourceRoot":"","sources":["../../../../src/workers/crawl/crawlApi.worker.ts"],"names":[],"mappings":""}

package/dist/src/workers/crawl/crawlAssets.worker.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ //# sourceMappingURL=crawlAssets.worker.d.ts.map

package/dist/src/workers/crawl/crawlAssets.worker.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"crawlAssets.worker.d.ts","sourceRoot":"","sources":["../../../../src/workers/crawl/crawlAssets.worker.ts"],"names":[],"mappings":""}

package/dist/src/workers/crawl/crawlAssets.worker.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ //# sourceMappingURL=crawlAssets.worker.js.map

package/dist/src/workers/crawl/crawlAssets.worker.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"crawlAssets.worker.js","sourceRoot":"","sources":["../../../../src/workers/crawl/crawlAssets.worker.ts"],"names":[],"mappings":""}

package/dist/src/workers/crawl/crawlForm.worker.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ //# sourceMappingURL=crawlForm.worker.d.ts.map

package/dist/src/workers/crawl/crawlForm.worker.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"crawlForm.worker.d.ts","sourceRoot":"","sources":["../../../../src/workers/crawl/crawlForm.worker.ts"],"names":[],"mappings":""}

package/dist/src/workers/crawl/crawlForm.worker.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ //# sourceMappingURL=crawlForm.worker.js.map

package/dist/src/workers/crawl/crawlForm.worker.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"crawlForm.worker.js","sourceRoot":"","sources":["../../../../src/workers/crawl/crawlForm.worker.ts"],"names":[],"mappings":""}

package/dist/src/workers/crawl/crawlPage.worker.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ //# sourceMappingURL=crawlPage.worker.d.ts.map

package/dist/src/workers/crawl/crawlPage.worker.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"crawlPage.worker.d.ts","sourceRoot":"","sources":["../../../../src/workers/crawl/crawlPage.worker.ts"],"names":[],"mappings":""}

package/dist/src/workers/crawl/crawlPage.worker.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ //# sourceMappingURL=crawlPage.worker.js.map

package/dist/src/workers/crawl/crawlPage.worker.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"crawlPage.worker.js","sourceRoot":"","sources":["../../../../src/workers/crawl/crawlPage.worker.ts"],"names":[],"mappings":""}

package/dist/src/workers/normalize/normalizeAttack.worker.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ //# sourceMappingURL=normalizeAttack.worker.d.ts.map

package/dist/src/workers/normalize/normalizeAttack.worker.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"normalizeAttack.worker.d.ts","sourceRoot":"","sources":["../../../../src/workers/normalize/normalizeAttack.worker.ts"],"names":[],"mappings":""}

package/dist/src/workers/normalize/normalizeAttack.worker.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ //# sourceMappingURL=normalizeAttack.worker.js.map

package/dist/src/workers/normalize/normalizeAttack.worker.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"normalizeAttack.worker.js","sourceRoot":"","sources":["../../../../src/workers/normalize/normalizeAttack.worker.ts"],"names":[],"mappings":""}

package/dist/src/workers/normalize/normalizeContext.worker.d.ts ADDED Viewed

	@@ -0,0 +1 @@
1	+ //# sourceMappingURL=normalizeContext.worker.d.ts.map

package/dist/src/workers/normalize/normalizeContext.worker.d.ts.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"normalizeContext.worker.d.ts","sourceRoot":"","sources":["../../../../src/workers/normalize/normalizeContext.worker.ts"],"names":[],"mappings":""}

package/dist/src/workers/normalize/normalizeContext.worker.js ADDED Viewed

	@@ -0,0 +1,2 @@
1	+ "use strict";
2	+ //# sourceMappingURL=normalizeContext.worker.js.map

package/dist/src/workers/normalize/normalizeContext.worker.js.map ADDED Viewed

	@@ -0,0 +1 @@
1	+ {"version":3,"file":"normalizeContext.worker.js","sourceRoot":"","sources":["../../../../src/workers/normalize/normalizeContext.worker.ts"],"names":[],"mappings":""}

package/package.json ADDED Viewed

@@ -0,0 +1,33 @@
+{
+  "name": "@j3r3my/scan-orchestrator",
+  "version": "1.0.0",
+  "description": "Modular security scan orchestrator with typed workers and normalization pipeline.",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "files": [
+    "dist"
+  ],
+  "scripts": {
+    "clean": "rimraf dist",
+    "build": "npm run clean && tsc -p tsconfig.json",
+    "test": "jest --passWithNoTests"
+  },
+  "devDependencies": {
+    "@types/jest": "^30.0.0",
+    "@types/node": "^25.9.1",
+    "jest": "^30.4.2",
+    "rimraf": "^6.1.3",
+    "ts-jest": "^29.4.11",
+    "ts-node": "^10.9.2",
+    "typescript": "^6.0.3"
+  },
+  "keywords": [
+    "security",
+    "scanner",
+    "orchestrator",
+    "waf",
+    "typescript"
+  ],
+  "author": "Jérémy",
+  "license": "MIT"
+}