@sectester/runner 0.38.0 → 0.40.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/LICENSE +1 -1
  2. package/README.md +17 -18
  3. package/package.json +1 -1
package/LICENSE CHANGED
@@ -1,6 +1,6 @@
1
1
  MIT License
2
2
 
3
- Copyright (c) 2024 Bright Security
3
+ Copyright (c) 2025 Bright Security
4
4
 
5
5
  Permission is hereby granted, free of charge, to any person obtaining a copy
6
6
  of this software and associated documentation files (the "Software"), to deal
package/README.md CHANGED
@@ -23,12 +23,12 @@ Then put obtained token into `BRIGHT_TOKEN` environment variable to make it acce
23
23
 
24
24
  > Refer to `@sectester/core` package [documentation](https://github.com/NeuraLegion/sectester-js/tree/master/packages/core#credentials) for the details on alternative ways of configuring credential providers.
25
25
 
26
- Once it is done, create a configuration object. Single required option is Bright `hostname` domain you are going to use, e.g. `app.neuralegion.com` as the main one:
26
+ Once it is done, create a configuration object. Single required option is Bright `hostname` domain you are going to use, e.g. `app.brightsec.com` as the main one:
27
27
 
28
28
  ```ts
29
29
  import { Configuration } from '@sectester/core';
30
30
 
31
- const configuration = new Configuration({ hostname: 'app.neuralegion.com' });
31
+ const configuration = new Configuration({ hostname: 'app.brightsec.com' });
32
32
  ```
33
33
 
34
34
  ### Setup runner
@@ -40,7 +40,7 @@ import { Configuration } from '@sectester/core';
40
40
  import { SecRunner } from '@sectester/runner';
41
41
 
42
42
  const configuration = new Configuration({
43
- hostname: 'app.neuralegion.com',
43
+ hostname: 'app.brightsec.com',
44
44
  projectId: 'your project ID'
45
45
  });
46
46
  const runner = new SecRunner(configuration);
@@ -48,7 +48,7 @@ const runner = new SecRunner(configuration);
48
48
  // or
49
49
 
50
50
  const runner2 = new SecRunner({
51
- hostname: 'app.neuralegion.com',
51
+ hostname: 'app.brightsec.com',
52
52
  projectId: 'your project ID'
53
53
  });
54
54
  ```
@@ -72,19 +72,19 @@ await runner.clear();
72
72
  To start scanning your application, first you have to create a `SecScan` instance, as shown below:
73
73
 
74
74
  ```ts
75
- const scan = runner.createScan({ tests: [TestType.CROSS_SITE_SCRIPTING] });
75
+ const scan = runner.createScan({ tests: ['xss'] });
76
76
  ```
77
77
 
78
78
  Below you will find a list of parameters that can be used to configure a `Scan`:
79
79
 
80
- | Option | Description |
81
- | ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
82
- | `tests` | The list of tests to be performed against the target application. [Learn more about tests](https://docs.brightsec.com/docs/vulnerability-guide). To retrieve the list of available tests, send a request to the [API](https://app.brightsec.com/api/v1/scans/tests). |
83
- | `smart` | Minimize scan time by using automatic smart decisions regarding parameter skipping, detection phases, etc. Enabled by default. |
84
- | `skipStaticParams` | Use an advanced algorithm to automatically determine if a parameter has any effect on the target system's behavior when changed, and skip testing such static parameters. Enabled by default. |
85
- | `poolSize` | Sets the maximum concurrent requests for the scan, to control the load on your server. By default, `10`. |
86
- | `attackParamLocations` | Defines which part of the request to attack. By default, `body`, `query`, and `fragment`. |
87
- | `name` | The scan name. The method and hostname by default, e.g. `GET example.com`. |
80
+ | Option | Description |
81
+ | ---------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
82
+ | `tests` | The list of tests to be performed against the target application. To retrieve the complete list, send a request to the [API](https://app.brightsec.com/api/v1/scans/tests). [Learn more about tests](https://docs.brightsec.com/docs/vulnerability-guide). |
83
+ | `smart` | Minimize scan time by using automatic smart decisions regarding parameter skipping, detection phases, etc. Enabled by default. |
84
+ | `skipStaticParams` | Use an advanced algorithm to automatically determine if a parameter has any effect on the target system's behavior when changed, and skip testing such static parameters. Enabled by default. |
85
+ | `poolSize` | Sets the maximum concurrent requests for the scan, to control the load on your server. By default, `10`. |
86
+ | `attackParamLocations` | Defines which part of the request to attack. By default, `body`, `query`, and `fragment`. |
87
+ | `name` | The scan name. The method and hostname by default, e.g. `GET example.com`. |
88
88
 
89
89
  #### Endpoint scan
90
90
 
@@ -116,7 +116,7 @@ const inputSample = {
116
116
  // assuming `calculateWeekdays` is your function under test
117
117
  const fn = ({ from, to }) => calculateWeekdays(from, to);
118
118
 
119
- const scan = runner.createScan({ tests: [TestType.DATE_MANIPULATION] });
119
+ const scan = runner.createScan({ tests: ['date_manipulation'] });
120
120
  await scan.run({ inputSample, fn });
121
121
  ```
122
122
 
@@ -148,7 +148,6 @@ The default timeout value for `SecScan` is 10 minutes.
148
148
 
149
149
  ```ts
150
150
  import { SecRunner, SecScan } from '@sectester/runner';
151
- import { Severity, TestType } from '@sectester/scan';
152
151
 
153
152
  describe('/api', () => {
154
153
  let runner!: SecRunner;
@@ -156,14 +155,14 @@ describe('/api', () => {
156
155
 
157
156
  beforeEach(async () => {
158
157
  runner = new SecRunner({
159
- hostname: 'app.neuralegion.com',
158
+ hostname: 'app.brightsec.com',
160
159
  projectId: 'your project ID'
161
160
  });
162
161
 
163
162
  await runner.init();
164
163
 
165
164
  scan = runner
166
- .createScan({ tests: [TestType.CROSS_SITE_SCRIPTING] })
165
+ .createScan({ tests: ['xss'] })
167
166
  .threshold(Severity.MEDIUM) // i. e. ignore LOW severity issues
168
167
  .timeout(300000); // i. e. fail if last longer than 5 minutes
169
168
  });
@@ -195,6 +194,6 @@ describe('/api', () => {
195
194
 
196
195
  ## License
197
196
 
198
- Copyright © 2024 [Bright Security](https://brightsec.com/).
197
+ Copyright © 2025 [Bright Security](https://brightsec.com/).
199
198
 
200
199
  This project is licensed under the MIT License - see the [LICENSE file](LICENSE) for details.
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sectester/runner",
3
- "version": "0.38.0",
3
+ "version": "0.40.0",
4
4
  "description": "Run scanning for vulnerabilities just from your unit tests on CI phase.",
5
5
  "repository": {
6
6
  "type": "git",