@sectester/runner 0.16.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 Bright Security
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,166 @@
+# @sectester/runner
+
+[![Maintainability](https://api.codeclimate.com/v1/badges/a5f72ececc9b0f402802/maintainability)](https://codeclimate.com/github/NeuraLegion/sectester-js/maintainability)
+[![Test Coverage](https://api.codeclimate.com/v1/badges/a5f72ececc9b0f402802/test_coverage)](https://codeclimate.com/github/NeuraLegion/sectester-js/test_coverage)
+![Build Status](https://github.com/NeuraLegion/sectester-js/actions/workflows/coverage.yml/badge.svg?branch=master&event=push)
+![NPM Downloads](https://img.shields.io/npm/dw/@sectester/core)
+
+Run scanning for vulnerabilities just from your unit tests on CI phase.
+
+## Setup
+
+```bash
+npm i -s @sectester/runner
+```
+
+## Step-by-step guide
+
+### Configure SDK
+
+To start writing tests, first obtain a Bright token, which is required for the access to Bright API. More info about [setting up an API key](https://docs.brightsec.com/docs/manage-your-personal-account#manage-your-personal-api-keys-authentication-tokens).
+
+Then put obtained token into `BRIGHT_TOKEN` environment variable to make it accessible by default [`EnvCredentialProvider`](https://github.com/NeuraLegion/sectester-js/tree/master/packages/core#envcredentialprovider).
+
+> Refer to `@sectester/core` package [documentation](https://github.com/NeuraLegion/sectester-js/tree/master/packages/core#credentials) for the details on alternative ways of configuring credential providers.
+
+Once it is done, create a configuration object. Single required option is Bright `hostname` domain you are going to use, e.g. `app.neuralegion.com` as the main one:
+
+```ts
+import { Configuration } from '@sectester/core';
+
+const configuration = new Configuration({ hostname: 'app.neuralegion.com' });
+```
+
+### Setup runner
+
+To set up a runner, create `SecRunner` instance passing a previously created configuration as follows:
+
+```ts
+import { Configuration } from '@sectester/core';
+import { SecRunner } from '@sectester/runner';
+
+const configuration = new Configuration({ hostname: 'app.neuralegion.com' });
+const runner = new SecRunner(configuration);
+
+// or
+
+const runner2 = new SecRunner({ hostname: 'app.neuralegion.com' });
+```
+
+After that, you have to initialize a `SecRunner` instance:
+
+```ts
+await runner.init();
+```
+
+The runner is now ready to perform your tests, but you have to create a scan.
+
+To dispose a runner, you just need to call the `clear` method:
+
+```ts
+await runner.clear();
+```
+
+### Starting scan
+
+To start scanning your application, first you have to create a `SecScan` instance, as shown below:
+
+```ts
+const scan = runner.createScan({ tests: [TestType.XSS] });
+```
+
+Below you will find a list of parameters that can be used to configure a `Scan`:
+
+| Option                 | Description                                                                                                                                                                                   |
+| ---------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `tests`                | The list of tests to be performed against the target application. [Learn more about tests](https://docs.brightsec.com/docs/vulnerability-guide)                                               |
+| `smart`                | Minimize scan time by using automatic smart decisions regarding parameter skipping, detection phases, etc. Enabled by default.                                                                |
+| `skipStaticParams`     | Use an advanced algorithm to automatically determine if a parameter has any effect on the target system's behavior when changed, and skip testing such static parameters. Enabled by default. |
+| `poolSize`             | Sets the maximum concurrent requests for the scan, to control the load on your server. By default, `10`.                                                                                      |
+| `attackParamLocations` | Defines which part of the request to attack. By default, `body`, `query`, and `fragment`.                                                                                                     |
+| `slowEpTimeout`        | Skip entry-points that take longer to respond than specified ms value. By default, 1000ms.                                                                                                    |
+| `targetTimeout`        | Measure timeout responses from the target application globally, and stop the scan if the target is unresponsive for longer than the specified time. By default, 5min.                         |
+| `name`                 | The scan name. The method and hostname by default, e.g. `GET example.com`.                                                                                                                    |
+
+Finally, run a scan against your application:
+
+```ts
+await scan.run({
+  method: 'POST',
+  url: 'https://localhost:8000/api/orders',
+  body: { subject: 'Test', body: "<script>alert('xss')</script>" }
+});
+```
+
+The `run` method takes a single argument (for details, see [here](https://github.com/NeuraLegion/sectester-js/tree/master/packages/scan#defining-a-target-for-attack)), and returns promise that is resolved if scan finishes without any vulnerability found, and is rejected otherwise (on founding issue that meets threshold, on timeout, on scanning error).
+
+If any vulnerabilities are found, they will be pretty printed to stdout or stderr (depending on severity) by [reporter](https://github.com/NeuraLegion/sectester-js/tree/master/packages/reporter).
+
+By default, each found issue will cause the scan to stop. To control this behavior you can set a severity threshold using the `threshold` method:
+
+```ts
+scan.threshold(Severity.HIGH);
+```
+
+Now found issues with severity lower than `HIGH` will not cause the scan to stop.
+
+Sometimes either due to scan configuration issues or target misbehave, the scan might take much more time than you expect.
+In this case, you can provide a timeout (in milliseconds) for specifying maximum scan running time:
+
+```ts
+scan.timeout(30000);
+```
+
+In that case after 30 seconds, if the scan isn't finishing or finding any vulnerability, it will throw an error.
+
+### Usage sample
+
+```ts
+import { SecRunner, SecScan } from '@sectester/runner';
+import { Severity, TestType } from '@sectester/scan';
+
+describe('/api', () => {
+  let runner!: SecRunner;
+  let scan!: SecScan;
+
+  beforeEach(async () => {
+    runner = new SecRunner({ hostname: 'app.neuralegion.com' });
+
+    await runner.init();
+
+    scan = runner
+      .createScan({ tests: [TestType.XSS] })
+      .threshold(Severity.MEDIUM) // i. e. ignore LOW severity issues
+      .timeout(300000); // i. e. fail if last longer than 5 minutes
+  });
+
+  afterEach(async () => {
+    await runner.clear();
+  });
+
+  describe('/orders', () => {
+    it('should not have persistent xss', async () => {
+      await scan.run({
+        method: 'POST',
+        url: 'https://localhost:8000/api/orders',
+        body: { subject: 'Test', body: "<script>alert('xss')</script>" }
+      });
+    });
+
+    it('should not have reflective xss', async () => {
+      await scan.run({
+        url: 'https://localhost:8000/api/orders',
+        query: {
+          q: `<script>alert('xss')</script>`
+        }
+      });
+    });
+  });
+});
+```
+
+## License
+
+Copyright © 2022 [Bright Security](https://brightsec.com/).
+
+This project is licensed under the MIT License - see the [LICENSE file](LICENSE) for details.

package/package.json

@@ -0,0 +1,63 @@
+{
+  "name": "@sectester/runner",
+  "version": "0.16.1",
+  "description": "Run scanning for vulnerabilities just from your unit tests on CI phase.",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/NeuraLegion/sectester-js.git"
+  },
+  "engines": {
+    "node": ">=16",
+    "npm": "^8.1.0"
+  },
+  "author": {
+    "name": "Artem Derevnjuk",
+    "email": "artem.derevnjuk@brightsec.com"
+  },
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/NeuraLegion/sectester-js/issues"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "keywords": [
+    "security",
+    "testing",
+    "e2e",
+    "test",
+    "typescript",
+    "appsec",
+    "pentesting",
+    "qa",
+    "brightsec"
+  ],
+  "peerDependencies": {
+    "@sectester/bus": ">=0.16.0 <1.0.0",
+    "@sectester/core": ">=0.16.0 <1.0.0",
+    "@sectester/repeater": ">=0.16.0 <1.0.0",
+    "@sectester/reporter": ">=0.16.0 <1.0.0",
+    "@sectester/scan": ">=0.16.0 <1.0.0",
+    "reflect-metadata": "^0.1.13",
+    "uuid": "^8.3.2",
+    "tsyringe": "^4.6.0",
+    "chalk": "^4.1.2",
+    "form-data": "^4.0.0",
+    "axios": "^0.26.1",
+    "axios-rate-limit": "^1.3.0",
+    "amqp-connection-manager": "^4.1.1",
+    "amqplib": "^0.8.0",
+    "semver": "^7.3.7",
+    "socks-proxy-agent": "^6.2.0-beta.0",
+    "request-promise": "^4.2.6",
+    "request": "^2.88.2",
+    "content-type": "^1.0.4",
+    "ws": "^8.5.0",
+    "@har-sdk/core": "^1.4.3",
+    "ci-info": "^3.3.0",
+    "tty-table": "^4.1.5"
+  },
+  "main": "./src/index.js",
+  "typings": "./src/index.d.ts",
+  "dependencies": {}
+}

package/src/index.d.ts

@@ -0,0 +1 @@
+export * from './lib';

package/src/index.js

@@ -0,0 +1,5 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+const tslib_1 = require("tslib");
+(0, tslib_1.__exportStar)(require("./lib"), exports);
+//# sourceMappingURL=index.js.map

package/src/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../packages/runner/src/index.ts"],"names":[],"mappings":";;;AAAA,qDAAsB"}

package/src/lib/IssueFound.d.ts

@@ -0,0 +1,7 @@
+import { Formatter } from '@sectester/reporter';
+import { SecTesterError } from '@sectester/core';
+import { Issue } from '@sectester/scan';
+export declare class IssueFound extends SecTesterError {
+    readonly issue: Issue;
+    constructor(issue: Issue, formatter: Formatter);
+}

package/src/lib/IssueFound.js

@@ -0,0 +1,12 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.IssueFound = void 0;
+const core_1 = require("@sectester/core");
+class IssueFound extends core_1.SecTesterError {
+    constructor(issue, formatter) {
+        super(`Target is vulnerable\n\n${formatter.format(issue)}`);
+        this.issue = issue;
+    }
+}
+exports.IssueFound = IssueFound;
+//# sourceMappingURL=IssueFound.js.map

package/src/lib/IssueFound.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"IssueFound.js","sourceRoot":"","sources":["../../../../../packages/runner/src/lib/IssueFound.ts"],"names":[],"mappings":";;;AACA,0CAAiD;AAGjD,MAAa,UAAW,SAAQ,qBAAc;IAC5C,YAA4B,KAAY,EAAE,SAAoB;QAC5D,KAAK,CAAC,2BAA2B,SAAS,CAAC,MAAM,CAAC,KAAK,CAAC,EAAE,CAAC,CAAC;QADlC,UAAK,GAAL,KAAK,CAAO;IAExC,CAAC;CACF;AAJD,gCAIC"}

package/src/lib/SecRunner.d.ts

@@ -0,0 +1,15 @@
+import { SecScanOptions } from './SecScanOptions';
+import { SecScan } from './SecScan';
+import { Configuration, ConfigurationOptions } from '@sectester/core';
+export declare class SecRunner {
+    private readonly configuration;
+    private repeater;
+    private repeaterFactory;
+    private repeatersManager;
+    get repeaterId(): string | undefined;
+    constructor(config: Configuration | ConfigurationOptions);
+    init(): Promise<void>;
+    clear(): Promise<void>;
+    createScan(options: SecScanOptions): SecScan;
+    private initConfiguration;
+}

package/src/lib/SecRunner.js

@@ -0,0 +1,60 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecRunner = void 0;
+const SecScan_1 = require("./SecScan");
+const core_1 = require("@sectester/core");
+const repeater_1 = require("@sectester/repeater");
+const scan_1 = require("@sectester/scan");
+const reporter_1 = require("@sectester/reporter");
+class SecRunner {
+    constructor(config) {
+        this.configuration =
+            config instanceof core_1.Configuration ? config : new core_1.Configuration(config);
+    }
+    get repeaterId() {
+        var _a;
+        return (_a = this.repeater) === null || _a === void 0 ? void 0 : _a.repeaterId;
+    }
+    async init() {
+        if (this.repeatersManager && this.repeaterFactory) {
+            throw new Error('Already initialized.');
+        }
+        await this.initConfiguration(this.configuration);
+        this.repeatersManager =
+            this.configuration.container.resolve(repeater_1.RepeatersManager);
+        this.repeaterFactory =
+            this.configuration.container.resolve(repeater_1.RepeaterFactory);
+        this.repeater = await this.repeaterFactory.createRepeater();
+        await this.repeater.start();
+    }
+    async clear() {
+        try {
+            if (this.repeater && this.repeatersManager) {
+                await this.repeater.stop();
+                await this.repeatersManager.deleteRepeater(this.repeater.repeaterId);
+            }
+        }
+        finally {
+            delete this.repeater;
+            delete this.repeatersManager;
+            delete this.repeaterFactory;
+        }
+    }
+    createScan(options) {
+        if (!this.repeater) {
+            throw new Error('Must be initialized first.');
+        }
+        return new SecScan_1.SecScan({
+            ...options,
+            repeaterId: this.repeater.repeaterId
+        }, this.configuration.container.resolve(scan_1.ScanFactory), this.configuration.container.resolve(reporter_1.Formatter));
+    }
+    async initConfiguration(configuration) {
+        await configuration.loadCredentials();
+        configuration.container.register(reporter_1.Formatter, {
+            useClass: reporter_1.PlainTextFormatter
+        });
+    }
+}
+exports.SecRunner = SecRunner;
+//# sourceMappingURL=SecRunner.js.map

package/src/lib/SecRunner.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SecRunner.js","sourceRoot":"","sources":["../../../../../packages/runner/src/lib/SecRunner.ts"],"names":[],"mappings":";;;AACA,uCAAoC;AACpC,0CAAsE;AACtE,kDAI6B;AAC7B,0CAA8C;AAC9C,kDAAoE;AAEpE,MAAa,SAAS;IAUpB,YAAY,MAA4C;QACtD,IAAI,CAAC,aAAa;YAChB,MAAM,YAAY,oBAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,oBAAa,CAAC,MAAM,CAAC,CAAC;IACzE,CAAC;IAPD,IAAI,UAAU;;QACZ,OAAO,MAAA,IAAI,CAAC,QAAQ,0CAAE,UAAU,CAAC;IACnC,CAAC;IAOM,KAAK,CAAC,IAAI;QACf,IAAI,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC,eAAe,EAAE;YACjD,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;SACzC;QAED,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAEjD,IAAI,CAAC,gBAAgB;YACnB,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,OAAO,CAAC,2BAAgB,CAAC,CAAC;QACzD,IAAI,CAAC,eAAe;YAClB,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,OAAO,CAAC,0BAAe,CAAC,CAAC;QAExD,IAAI,CAAC,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,cAAc,EAAE,CAAC;QAC5D,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;IAC9B,CAAC;IAEM,KAAK,CAAC,KAAK;QAChB,IAAI;YACF,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,gBAAgB,EAAE;gBAC1C,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAC3B,MAAM,IAAI,CAAC,gBAAgB,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;aACtE;SACF;gBAAS;YACR,OAAO,IAAI,CAAC,QAAQ,CAAC;YACrB,OAAO,IAAI,CAAC,gBAAgB,CAAC;YAC7B,OAAO,IAAI,CAAC,eAAe,CAAC;SAC7B;IACH,CAAC;IAEM,UAAU,CAAC,OAAuB;QACvC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE;YAClB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;SAC/C;QAED,OAAO,IAAI,iBAAO,CAChB;YACE,GAAG,OAAO;YACV,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,UAAU;SACrC,EACD,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,OAAO,CAAc,kBAAW,CAAC,EAC9D,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,OAAO,CAAY,oBAAS,CAAC,CAC3D,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAAC,aAA4B;QAC1D,MAAM,aAAa,CAAC,eAAe,EAAE,CAAC;QAEtC,aAAa,CAAC,SAAS,CAAC,QAAQ,CAAC,oBAAS,EAAE;YAC1C,QAAQ,EAAE,6BAAkB;SAC7B,CAAC,CAAC;IACL,CAAC;CACF;AAlED,8BAkEC"}

package/src/lib/SecScan.d.ts

@@ -0,0 +1,15 @@
+import { Formatter } from '@sectester/reporter';
+import { ScanFactory, ScanSettingsOptions, Severity, TargetOptions } from '@sectester/scan';
+export declare class SecScan {
+    private readonly settings;
+    private readonly scanFactory;
+    private readonly formatter;
+    private _threshold;
+    private _timeout;
+    constructor(settings: Omit<ScanSettingsOptions, 'target'>, scanFactory: ScanFactory, formatter: Formatter);
+    run(target: TargetOptions): Promise<void>;
+    threshold(severity: Severity): SecScan;
+    timeout(value: number): SecScan;
+    private assert;
+    private findExpectedIssue;
+}

package/src/lib/SecScan.js

@@ -0,0 +1,50 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecScan = void 0;
+const IssueFound_1 = require("./IssueFound");
+const scan_1 = require("@sectester/scan");
+class SecScan {
+    constructor(settings, scanFactory, formatter) {
+        this.settings = settings;
+        this.scanFactory = scanFactory;
+        this.formatter = formatter;
+        this._threshold = scan_1.Severity.LOW;
+    }
+    async run(target) {
+        const scan = await this.scanFactory.createScan({
+            ...this.settings,
+            target
+        }, {
+            timeout: this._timeout
+        });
+        try {
+            await scan.expect(this._threshold);
+            await this.assert(scan);
+        }
+        finally {
+            await scan.stop();
+        }
+    }
+    threshold(severity) {
+        this._threshold = severity;
+        return this;
+    }
+    timeout(value) {
+        this._timeout = value;
+        return this;
+    }
+    async assert(scan) {
+        const issue = await this.findExpectedIssue(scan);
+        if (issue) {
+            throw new IssueFound_1.IssueFound(issue, this.formatter);
+        }
+    }
+    async findExpectedIssue(scan) {
+        const issues = await scan.issues();
+        if (this._threshold) {
+            return issues.find(x => { var _a; return (_a = scan_1.severityRanges.get(this._threshold)) === null || _a === void 0 ? void 0 : _a.includes(x.severity); });
+        }
+    }
+}
+exports.SecScan = SecScan;
+//# sourceMappingURL=SecScan.js.map

package/src/lib/SecScan.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SecScan.js","sourceRoot":"","sources":["../../../../../packages/runner/src/lib/SecScan.ts"],"names":[],"mappings":";;;AAAA,6CAA0C;AAE1C,0CAQyB;AAEzB,MAAa,OAAO;IAIlB,YACmB,QAA6C,EAC7C,WAAwB,EACxB,SAAoB;QAFpB,aAAQ,GAAR,QAAQ,CAAqC;QAC7C,gBAAW,GAAX,WAAW,CAAa;QACxB,cAAS,GAAT,SAAS,CAAW;QAN/B,eAAU,GAAG,eAAQ,CAAC,GAAG,CAAC;IAO/B,CAAC;IAEG,KAAK,CAAC,GAAG,CAAC,MAAqB;QACpC,MAAM,IAAI,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,UAAU,CAC5C;YACE,GAAG,IAAI,CAAC,QAAQ;YAChB,MAAM;SACP,EACD;YACE,OAAO,EAAE,IAAI,CAAC,QAAQ;SACvB,CACF,CAAC;QAEF,IAAI;YACF,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,UAAU,CAAC,CAAC;YAEnC,MAAM,IAAI,CAAC,MAAM,CAAC,IAAI,CAAC,CAAC;SACzB;gBAAS;YACR,MAAM,IAAI,CAAC,IAAI,EAAE,CAAC;SACnB;IACH,CAAC;IAEM,SAAS,CAAC,QAAkB;QACjC,IAAI,CAAC,UAAU,GAAG,QAAQ,CAAC;QAE3B,OAAO,IAAI,CAAC;IACd,CAAC;IAEM,OAAO,CAAC,KAAa;QAC1B,IAAI,CAAC,QAAQ,GAAG,KAAK,CAAC;QAEtB,OAAO,IAAI,CAAC;IACd,CAAC;IAEO,KAAK,CAAC,MAAM,CAAC,IAAU;QAC7B,MAAM,KAAK,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,CAAC;QAEjD,IAAI,KAAK,EAAE;YACT,MAAM,IAAI,uBAAU,CAAC,KAAK,EAAE,IAAI,CAAC,SAAS,CAAC,CAAC;SAC7C;IACH,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAAC,IAAU;QACxC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,MAAM,EAAE,CAAC;QAEnC,IAAI,IAAI,CAAC,UAAU,EAAE;YACnB,OAAO,MAAM,CAAC,IAAI,CAAC,CAAC,CAAC,EAAE,WACrB,OAAA,MAAA,qBAAc,CAAC,GAAG,CAAC,IAAI,CAAC,UAAU,CAAC,0CAAE,QAAQ,CAAC,CAAC,CAAC,QAAQ,CAAC,CAAA,EAAA,CAC1D,CAAC;SACH;IACH,CAAC;CACF;AA3DD,0BA2DC"}

package/src/lib/SecScanOptions.d.ts

@@ -0,0 +1,2 @@
+import { ScanSettingsOptions } from '@sectester/scan';
+export declare type SecScanOptions = Pick<ScanSettingsOptions, 'name' | 'tests' | 'smart' | 'poolSize' | 'skipStaticParams' | 'attackParamLocations' | 'slowEpTimeout' | 'targetTimeout'>;

package/src/lib/SecScanOptions.js

@@ -0,0 +1,3 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+//# sourceMappingURL=SecScanOptions.js.map

package/src/lib/SecScanOptions.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"SecScanOptions.js","sourceRoot":"","sources":["../../../../../packages/runner/src/lib/SecScanOptions.ts"],"names":[],"mappings":""}

package/src/lib/index.d.ts

@@ -0,0 +1,2 @@
+export { SecRunner } from './SecRunner';
+export { SecScan } from './SecScan';

package/src/lib/index.js

@@ -0,0 +1,8 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SecScan = exports.SecRunner = void 0;
+var SecRunner_1 = require("./SecRunner");
+Object.defineProperty(exports, "SecRunner", { enumerable: true, get: function () { return SecRunner_1.SecRunner; } });
+var SecScan_1 = require("./SecScan");
+Object.defineProperty(exports, "SecScan", { enumerable: true, get: function () { return SecScan_1.SecScan; } });
+//# sourceMappingURL=index.js.map

package/src/lib/index.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../packages/runner/src/lib/index.ts"],"names":[],"mappings":";;;AAAA,yCAAwC;AAA/B,sGAAA,SAAS,OAAA;AAClB,qCAAoC;AAA3B,kGAAA,OAAO,OAAA"}