@sectester/runner 0.36.0 → 0.36.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +20 -13
  2. package/package.json +1 -1
  3. package/src/lib/SecRunner.js +4 -1
  4. package/src/lib/SecRunner.js.map +1 -1
  5. package/src/lib/SecScanOptions.d.ts +1 -1
package/README.md CHANGED
@@ -39,12 +39,18 @@ To set up a runner, create `SecRunner` instance passing a previously created con
39
39
  import { Configuration } from '@sectester/core';
40
40
  import { SecRunner } from '@sectester/runner';
41
41
 
42
- const configuration = new Configuration({ hostname: 'app.neuralegion.com' });
42
+ const configuration = new Configuration({
43
+ hostname: 'app.neuralegion.com',
44
+ projectId: 'your project ID'
45
+ });
43
46
  const runner = new SecRunner(configuration);
44
47
 
45
48
  // or
46
49
 
47
- const runner2 = new SecRunner({ hostname: 'app.neuralegion.com' });
50
+ const runner2 = new SecRunner({
51
+ hostname: 'app.neuralegion.com',
52
+ projectId: 'your project ID'
53
+ });
48
54
  ```
49
55
 
50
56
  After that, you have to initialize a `SecRunner` instance:
@@ -71,16 +77,14 @@ const scan = runner.createScan({ tests: [TestType.CROSS_SITE_SCRIPTING] });
71
77
 
72
78
  Below you will find a list of parameters that can be used to configure a `Scan`:
73
79
 
74
- | Option | Description |
75
- | ---------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
76
- | `tests` | The list of tests to be performed against the target application. [Learn more about tests](https://docs.brightsec.com/docs/vulnerability-guide) |
77
- | `smart` | Minimize scan time by using automatic smart decisions regarding parameter skipping, detection phases, etc. Enabled by default. |
78
- | `skipStaticParams` | Use an advanced algorithm to automatically determine if a parameter has any effect on the target system's behavior when changed, and skip testing such static parameters. Enabled by default. |
79
- | `poolSize` | Sets the maximum concurrent requests for the scan, to control the load on your server. By default, `10`. |
80
- | `attackParamLocations` | Defines which part of the request to attack. By default, `body`, `query`, and `fragment`. |
81
- | `slowEpTimeout` | Skip entry-points that take longer to respond than specified ms value. By default, 1000ms. |
82
- | `targetTimeout` | Measure timeout responses from the target application globally, and stop the scan if the target is unresponsive for longer than the specified time. By default, 5min. |
83
- | `name` | The scan name. The method and hostname by default, e.g. `GET example.com`. |
80
+ | Option | Description |
81
+ | ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
82
+ | `tests` | The list of tests to be performed against the target application. [Learn more about tests](https://docs.brightsec.com/docs/vulnerability-guide). To retrieve the list of available tests, send a request to the [API](https://app.brightsec.com/api/v1/scans/tests). |
83
+ | `smart` | Minimize scan time by using automatic smart decisions regarding parameter skipping, detection phases, etc. Enabled by default. |
84
+ | `skipStaticParams` | Use an advanced algorithm to automatically determine if a parameter has any effect on the target system's behavior when changed, and skip testing such static parameters. Enabled by default. |
85
+ | `poolSize` | Sets the maximum concurrent requests for the scan, to control the load on your server. By default, `10`. |
86
+ | `attackParamLocations` | Defines which part of the request to attack. By default, `body`, `query`, and `fragment`. |
87
+ | `name` | The scan name. The method and hostname by default, e.g. `GET example.com`. |
84
88
 
85
89
  #### Endpoint scan
86
90
 
@@ -151,7 +155,10 @@ describe('/api', () => {
151
155
  let scan!: SecScan;
152
156
 
153
157
  beforeEach(async () => {
154
- runner = new SecRunner({ hostname: 'app.neuralegion.com' });
158
+ runner = new SecRunner({
159
+ hostname: 'app.neuralegion.com',
160
+ projectId: 'your project ID'
161
+ });
155
162
 
156
163
  await runner.init();
157
164
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sectester/runner",
3
- "version": "0.36.0",
3
+ "version": "0.36.1",
4
4
  "description": "Run scanning for vulnerabilities just from your unit tests on CI phase.",
5
5
  "repository": {
6
6
  "type": "git",
package/src/lib/SecRunner.js CHANGED
@@ -61,7 +61,10 @@ class SecRunner {
61
61
  }, this.configuration.container.resolve(scan_1.ScanFactory), this.configuration.container.resolve(reporter_1.Formatter), this.configuration.container.resolve(reporter_1.Reporter));
62
62
  }
63
63
  async initConfiguration(configuration) {
64
- await configuration.loadCredentials();
64
+ await Promise.all([
65
+ configuration.loadCredentials(),
66
+ configuration.fetchProjectId()
67
+ ]);
65
68
  configuration.container.register(reporter_1.Formatter, {
66
69
  useClass: reporter_1.PlainTextFormatter
67
70
  });
package/src/lib/SecRunner.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"SecRunner.js","sourceRoot":"","sources":["../../../../../packages/runner/src/lib/SecRunner.ts"],"names":[],"mappings":";;;AACA,uCAAoC;AACpC,0CAA8E;AAC9E,kDAI6B;AAC7B,0CAA8C;AAC9C,kDAM6B;AAE7B,MAAa,SAAS;IAYpB,IAAI,UAAU;;QACZ,OAAO,MAAA,IAAI,CAAC,QAAQ,0CAAE,UAAU,CAAC;IACnC,CAAC;IAED,YAAY,MAA4C;QAqFvC,gCAA2B,GAAG,KAAK,IAAI,EAAE;YACxD,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;YACrB,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC,CAAC;QA1FA,IAAI,CAAC,aAAa;YAChB,MAAM,YAAY,oBAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,oBAAa,CAAC,MAAM,CAAC,CAAC;QACvE,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,OAAO,CAAC,aAAM,CAAC,CAAC;IAC7D,CAAC;IAEM,KAAK,CAAC,IAAI;QACf,IAAI,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YAClD,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAEjD,IAAI,CAAC,gBAAgB;YACnB,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,OAAO,CAAC,2BAAgB,CAAC,CAAC;QACzD,IAAI,CAAC,eAAe;YAClB,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,OAAO,CAAC,0BAAe,CAAC,CAAC;QAExD,IAAI,CAAC,aAAa,EAAE,CAAC;QAErB,IAAI,CAAC,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,cAAc,EAAE,CAAC;QAE5D,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;IAC9B,CAAC;IAEM,KAAK,CAAC,KAAK;QAChB,IAAI,CAAC;YACH,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBAC3C,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAC3B,MAAM,IAAI,CAAC,gBAAgB,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC,QAAQ,CAAC;YACrB,OAAO,IAAI,CAAC,gBAAgB,CAAC;YAC7B,OAAO,IAAI,CAAC,eAAe,CAAC;QAC9B,CAAC;IACH,CAAC;IAEM,UAAU,CAAC,OAAuB;QACvC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QAED,OAAO,IAAI,iBAAO,CAChB;YACE,GAAG,OAAO;YACV,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,UAAU;SACrC,EACD,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,OAAO,CAAc,kBAAW,CAAC,EAC9D,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,OAAO,CAAY,oBAAS,CAAC,EAC1D,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,OAAO,CAAW,mBAAQ,CAAC,CACzD,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAAC,aAA4B;QAC1D,MAAM,aAAa,CAAC,eAAe,EAAE,CAAC;QAEtC,aAAa,CAAC,SAAS,CAAC,QAAQ,CAAC,oBAAS,EAAE;YAC1C,QAAQ,EAAE,6BAAkB;SAC7B,CAAC,CAAC;QAEH,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,MAAM,EAAE,CAAC;YAC1C,aAAa,CAAC,SAAS,CAAC,QAAQ,CAAC,mBAAQ,EAAE;gBACzC,QAAQ,EAAE,iCAAsB;aACjC,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,aAAa,CAAC,SAAS,CAAC,QAAQ,CAAC,mBAAQ,EAAE;gBACzC,QAAQ,EAAE,sBAAW;aACtB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,aAAa;QACnB,SAAS,CAAC,gBAAgB,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CACzC,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,2BAA2B,CAAC,CACtD,CAAC;IACJ,CAAC;IAEO,qBAAqB;QAC3B,SAAS,CAAC,gBAAgB,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CACzC,OAAO,CAAC,cAAc,CAAC,KAAK,EAAE,IAAI,CAAC,2BAA2B,CAAC,CAChE,CAAC;IACJ,CAAC;;AAnGH,8BA4GC;AA3GwB,0BAAgB,GAAsB;IAC3D,SAAS;IACT,QAAQ;IACR,QAAQ;CACT,AAJsC,CAIrC"}
1
+ {"version":3,"file":"SecRunner.js","sourceRoot":"","sources":["../../../../../packages/runner/src/lib/SecRunner.ts"],"names":[],"mappings":";;;AACA,uCAAoC;AACpC,0CAA8E;AAC9E,kDAI6B;AAC7B,0CAA8C;AAC9C,kDAM6B;AAE7B,MAAa,SAAS;IAYpB,IAAI,UAAU;;QACZ,OAAO,MAAA,IAAI,CAAC,QAAQ,0CAAE,UAAU,CAAC;IACnC,CAAC;IAED,YAAY,MAA4C;QAwFvC,gCAA2B,GAAG,KAAK,IAAI,EAAE;YACxD,IAAI,CAAC;gBACH,MAAM,IAAI,CAAC,KAAK,EAAE,CAAC;YACrB,CAAC;YAAC,OAAO,CAAC,EAAE,CAAC;gBACX,IAAI,CAAC,MAAM,CAAC,KAAK,CAAC,CAAC,CAAC,OAAO,CAAC,CAAC;YAC/B,CAAC;QACH,CAAC,CAAC;QA7FA,IAAI,CAAC,aAAa;YAChB,MAAM,YAAY,oBAAa,CAAC,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,IAAI,oBAAa,CAAC,MAAM,CAAC,CAAC;QACvE,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,OAAO,CAAC,aAAM,CAAC,CAAC;IAC7D,CAAC;IAEM,KAAK,CAAC,IAAI;QACf,IAAI,IAAI,CAAC,gBAAgB,IAAI,IAAI,CAAC,eAAe,EAAE,CAAC;YAClD,MAAM,IAAI,KAAK,CAAC,sBAAsB,CAAC,CAAC;QAC1C,CAAC;QAED,MAAM,IAAI,CAAC,iBAAiB,CAAC,IAAI,CAAC,aAAa,CAAC,CAAC;QAEjD,IAAI,CAAC,gBAAgB;YACnB,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,OAAO,CAAC,2BAAgB,CAAC,CAAC;QACzD,IAAI,CAAC,eAAe;YAClB,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,OAAO,CAAC,0BAAe,CAAC,CAAC;QAExD,IAAI,CAAC,aAAa,EAAE,CAAC;QAErB,IAAI,CAAC,QAAQ,GAAG,MAAM,IAAI,CAAC,eAAe,CAAC,cAAc,EAAE,CAAC;QAE5D,MAAM,IAAI,CAAC,QAAQ,CAAC,KAAK,EAAE,CAAC;IAC9B,CAAC;IAEM,KAAK,CAAC,KAAK;QAChB,IAAI,CAAC;YACH,IAAI,IAAI,CAAC,QAAQ,IAAI,IAAI,CAAC,gBAAgB,EAAE,CAAC;gBAC3C,MAAM,IAAI,CAAC,QAAQ,CAAC,IAAI,EAAE,CAAC;gBAC3B,MAAM,IAAI,CAAC,gBAAgB,CAAC,cAAc,CAAC,IAAI,CAAC,QAAQ,CAAC,UAAU,CAAC,CAAC;YACvE,CAAC;QACH,CAAC;gBAAS,CAAC;YACT,IAAI,CAAC,qBAAqB,EAAE,CAAC;YAC7B,OAAO,IAAI,CAAC,QAAQ,CAAC;YACrB,OAAO,IAAI,CAAC,gBAAgB,CAAC;YAC7B,OAAO,IAAI,CAAC,eAAe,CAAC;QAC9B,CAAC;IACH,CAAC;IAEM,UAAU,CAAC,OAAuB;QACvC,IAAI,CAAC,IAAI,CAAC,QAAQ,EAAE,CAAC;YACnB,MAAM,IAAI,KAAK,CAAC,4BAA4B,CAAC,CAAC;QAChD,CAAC;QAED,OAAO,IAAI,iBAAO,CAChB;YACE,GAAG,OAAO;YACV,UAAU,EAAE,IAAI,CAAC,QAAQ,CAAC,UAAU;SACrC,EACD,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,OAAO,CAAc,kBAAW,CAAC,EAC9D,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,OAAO,CAAY,oBAAS,CAAC,EAC1D,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,OAAO,CAAW,mBAAQ,CAAC,CACzD,CAAC;IACJ,CAAC;IAEO,KAAK,CAAC,iBAAiB,CAAC,aAA4B;QAC1D,MAAM,OAAO,CAAC,GAAG,CAAC;YAChB,aAAa,CAAC,eAAe,EAAE;YAC/B,aAAa,CAAC,cAAc,EAAE;SAC/B,CAAC,CAAC;QAEH,aAAa,CAAC,SAAS,CAAC,QAAQ,CAAC,oBAAS,EAAE;YAC1C,QAAQ,EAAE,6BAAkB;SAC7B,CAAC,CAAC;QAEH,IAAI,OAAO,CAAC,GAAG,CAAC,cAAc,KAAK,MAAM,EAAE,CAAC;YAC1C,aAAa,CAAC,SAAS,CAAC,QAAQ,CAAC,mBAAQ,EAAE;gBACzC,QAAQ,EAAE,iCAAsB;aACjC,CAAC,CAAC;QACL,CAAC;aAAM,CAAC;YACN,aAAa,CAAC,SAAS,CAAC,QAAQ,CAAC,mBAAQ,EAAE;gBACzC,QAAQ,EAAE,sBAAW;aACtB,CAAC,CAAC;QACL,CAAC;IACH,CAAC;IAEO,aAAa;QACnB,SAAS,CAAC,gBAAgB,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CACzC,OAAO,CAAC,IAAI,CAAC,KAAK,EAAE,IAAI,CAAC,2BAA2B,CAAC,CACtD,CAAC;IACJ,CAAC;IAEO,qBAAqB;QAC3B,SAAS,CAAC,gBAAgB,CAAC,OAAO,CAAC,KAAK,CAAC,EAAE,CACzC,OAAO,CAAC,cAAc,CAAC,KAAK,EAAE,IAAI,CAAC,2BAA2B,CAAC,CAChE,CAAC;IACJ,CAAC;;AAtGH,8BA+GC;AA9GwB,0BAAgB,GAAsB;IAC3D,SAAS;IACT,QAAQ;IACR,QAAQ;CACT,AAJsC,CAIrC"}
package/src/lib/SecScanOptions.d.ts CHANGED
@@ -1,2 +1,2 @@
1
1
  import { ScanSettingsOptions } from '@sectester/scan';
2
- export type SecScanOptions = Pick<ScanSettingsOptions, 'name' | 'tests' | 'smart' | 'poolSize' | 'skipStaticParams' | 'attackParamLocations' | 'slowEpTimeout' | 'targetTimeout'>;
2
+ export type SecScanOptions = Pick<ScanSettingsOptions, 'name' | 'tests' | 'smart' | 'poolSize' | 'skipStaticParams' | 'attackParamLocations'>;