@sectester/runner 0.37.2 → 0.39.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/README.md +11 -12
  2. package/package.json +1 -1
package/README.md CHANGED
@@ -72,19 +72,19 @@ await runner.clear();
72
72
  To start scanning your application, first you have to create a `SecScan` instance, as shown below:
73
73
 
74
74
  ```ts
75
- const scan = runner.createScan({ tests: [TestType.CROSS_SITE_SCRIPTING] });
75
+ const scan = runner.createScan({ tests: ['xss'] });
76
76
  ```
77
77
 
78
78
  Below you will find a list of parameters that can be used to configure a `Scan`:
79
79
 
80
- | Option | Description |
81
- | ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
82
- | `tests` | The list of tests to be performed against the target application. [Learn more about tests](https://docs.brightsec.com/docs/vulnerability-guide). To retrieve the list of available tests, send a request to the [API](https://app.brightsec.com/api/v1/scans/tests). |
83
- | `smart` | Minimize scan time by using automatic smart decisions regarding parameter skipping, detection phases, etc. Enabled by default. |
84
- | `skipStaticParams` | Use an advanced algorithm to automatically determine if a parameter has any effect on the target system's behavior when changed, and skip testing such static parameters. Enabled by default. |
85
- | `poolSize` | Sets the maximum concurrent requests for the scan, to control the load on your server. By default, `10`. |
86
- | `attackParamLocations` | Defines which part of the request to attack. By default, `body`, `query`, and `fragment`. |
87
- | `name` | The scan name. The method and hostname by default, e.g. `GET example.com`. |
80
+ | Option | Description |
81
+ | ---------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
82
+ | `tests` | The list of tests to be performed against the target application. To retrieve the complete list, send a request to the [API](https://app.brightsec.com/api/v1/scans/tests). [Learn more about tests](https://docs.brightsec.com/docs/vulnerability-guide). |
83
+ | `smart` | Minimize scan time by using automatic smart decisions regarding parameter skipping, detection phases, etc. Enabled by default. |
84
+ | `skipStaticParams` | Use an advanced algorithm to automatically determine if a parameter has any effect on the target system's behavior when changed, and skip testing such static parameters. Enabled by default. |
85
+ | `poolSize` | Sets the maximum concurrent requests for the scan, to control the load on your server. By default, `10`. |
86
+ | `attackParamLocations` | Defines which part of the request to attack. By default, `body`, `query`, and `fragment`. |
87
+ | `name` | The scan name. The method and hostname by default, e.g. `GET example.com`. |
88
88
 
89
89
  #### Endpoint scan
90
90
 
@@ -116,7 +116,7 @@ const inputSample = {
116
116
  // assuming `calculateWeekdays` is your function under test
117
117
  const fn = ({ from, to }) => calculateWeekdays(from, to);
118
118
 
119
- const scan = runner.createScan({ tests: [TestType.DATE_MANIPULATION] });
119
+ const scan = runner.createScan({ tests: ['date_manipulation'] });
120
120
  await scan.run({ inputSample, fn });
121
121
  ```
122
122
 
@@ -148,7 +148,6 @@ The default timeout value for `SecScan` is 10 minutes.
148
148
 
149
149
  ```ts
150
150
  import { SecRunner, SecScan } from '@sectester/runner';
151
- import { Severity, TestType } from '@sectester/scan';
152
151
 
153
152
  describe('/api', () => {
154
153
  let runner!: SecRunner;
@@ -163,7 +162,7 @@ describe('/api', () => {
163
162
  await runner.init();
164
163
 
165
164
  scan = runner
166
- .createScan({ tests: [TestType.CROSS_SITE_SCRIPTING] })
165
+ .createScan({ tests: ['xss'] })
167
166
  .threshold(Severity.MEDIUM) // i. e. ignore LOW severity issues
168
167
  .timeout(300000); // i. e. fail if last longer than 5 minutes
169
168
  });
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sectester/runner",
3
- "version": "0.37.2",
3
+ "version": "0.39.0",
4
4
  "description": "Run scanning for vulnerabilities just from your unit tests on CI phase.",
5
5
  "repository": {
6
6
  "type": "git",