@sectester/scan 0.16.1

package/LICENSE

@@ -0,0 +1,21 @@
+MIT License
+
+Copyright (c) 2022 Bright Security
+
+Permission is hereby granted, free of charge, to any person obtaining a copy
+of this software and associated documentation files (the "Software"), to deal
+in the Software without restriction, including without limitation the rights
+to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
+copies of the Software, and to permit persons to whom the Software is
+furnished to do so, subject to the following conditions:
+
+The above copyright notice and this permission notice shall be included in all
+copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
+IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
+FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
+AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
+LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
+OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE
+SOFTWARE.

package/README.md

@@ -0,0 +1,301 @@
+# @sectester/scan
+
+[![Maintainability](https://api.codeclimate.com/v1/badges/a5f72ececc9b0f402802/maintainability)](https://codeclimate.com/github/NeuraLegion/sectester-js/maintainability)
+[![Test Coverage](https://api.codeclimate.com/v1/badges/a5f72ececc9b0f402802/test_coverage)](https://codeclimate.com/github/NeuraLegion/sectester-js/test_coverage)
+![Build Status](https://github.com/NeuraLegion/sectester-js/actions/workflows/coverage.yml/badge.svg?branch=master&event=push)
+![NPM Downloads](https://img.shields.io/npm/dw/@sectester/core)
+
+The package defines a simple public API to manage scans and their expectations.
+
+## Setup
+
+```bash
+npm i -s @sectester/scan
+```
+
+## Usage
+
+To start scanning your application, you have to create a `ScanFactory` as follows:
+
+```ts
+import { Configuration } from '@sectester/core';
+import { ScanFactory } from '@sectester/scan';
+
+const config = new Configuration({
+  hostname: 'app.neuralegion.com'
+});
+
+const scanFactory = new ScanFactory(config);
+```
+
+To create a new scan, you have to define a target first (for details, see [here](#defining-a-target-for-attack)):
+
+```ts
+import { Target } from '@sectester/scan';
+
+const target = new Target({
+  url: 'https://example.com'
+});
+```
+
+The factory exposes the `createScan` method that returns a new [Scan instance](#managing-a-scan):
+
+```ts
+import { TestType } from '@sectester/scan';
+
+const scan = await scanFactory.createScan({
+  target,
+  tests: [TestType.HEADER_SECURITY]
+});
+```
+
+Below you will find a list of parameters that can be used to configure a `Scan`:
+
+| Option                 | Description                                                                                                                                                                                        |
+| ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
+| `target`               | The target that will be attacked. For details, see [here](#defining-a-target-for-attack).                                                                                                          |
+| `tests`                | The list of tests to be performed against the target application. [Learn more about tests](https://docs.brightsec.com/docs/vulnerability-guide)                                                    |
+| `repeaterId`           | Connects the scan to a Repeater agent, which provides secure access to local networks.                                                                                                             |
+| `smart`                | Minimize scan time by using automatic smart decisions regarding parameter skipping, detection phases, etc. Enabled by default.                                                                     |
+| `skipStaticParams`     | Use an advanced algorithm to automatically determine if a parameter has any effect on the target system's behavior when changed, and skip testing such static parameters. Enabled by default.      |
+| `poolSize`             | Sets the maximum concurrent requests for the scan, to control the load on your server. By default, `10`.                                                                                           |
+| `attackParamLocations` | Defines which part of the request to attack. By default, `body`, `query`, and `fragment`.                                                                                                          |
+| `slowEpTimeout`        | Automatically validate entry-point response time before initiating the vulnerability testing, and reduce scan time by skipping any entry-points that take too long to respond. By default, 1000ms. |
+| `targetTimeout`        | Measure timeout responses from the target application globally, and stop the scan if the target is unresponsive for longer than the specified time. By default, 5min.                              |
+| `name`                 | The scan name. The method and hostname by default, e.g. `GET example.com`.                                                                                                                         |
+
+### Defining a target for attack
+
+The target can accept the following options:
+
+#### url
+
+- type: `string`
+
+The server URL that will be used for the request. Usually the `url` represents a WHATWG URL:
+
+```ts
+import { Target } from '@sectester/scan';
+
+const target = new Target({
+  url: 'https://example.com'
+});
+```
+
+If `url` contains a query string, they will be parsed as search params:
+
+```ts
+import { Target } from '@sectester/scan';
+
+const target = new Target({
+  url: 'https://example.com?foo=bar'
+});
+
+console.log(target.queryString); // foo=bar
+```
+
+If you pass a `query` parameter, it will override these which obtained from `url`:
+
+```ts
+import { Target } from '@sectester/scan';
+
+const target = new Target({
+  url: 'https://example.com?foo=bar',
+  query: '?bar=foo'
+});
+
+console.log(target.queryString); // bar=foo
+```
+
+#### method
+
+- type: `string | HttpMethod`
+
+The request method to be used when making the request, `GET` by default:
+
+```ts
+import { Target, HttpMethod } from '@sectester/scan';
+
+const target = new Target({
+  url: 'https://example.com',
+  method: HttpMethod.DELETE
+});
+```
+
+#### query
+
+- type: `string | URLSearchParams | Record<string, string | string[]>`
+
+The query parameters to be sent with the request:
+
+```ts
+import { Target } from '@sectester/scan';
+
+const target = new Target({
+  url: 'https://example.com',
+  query: {
+    hello: 'world',
+    foo: '123'
+  }
+});
+
+console.log(target.queryString); // hello=world&foo=123
+```
+
+If you need to pass an array, you can do it using a `URLSearchParams` instance:
+
+```ts
+import { Target } from '@sectester/scan';
+
+const target = new Target({
+  url: 'https://example.com',
+  query: new URLSearchParams([
+    ['key', 'a'],
+    ['key', 'b']
+  ])
+});
+
+console.log(target.queryString); // key=a&key=b
+```
+
+> This will override the query string in url.
+
+It is possible to define a custom serializer for query parameters:
+
+```ts
+import { Target } from '@sectester/scan';
+import { stringify } from 'qs';
+
+const target = new Target({
+  url: 'https://example.com',
+  query: { a: ['b', 'c', 'd'] },
+  serializeQuery(params: Record<string, string | string[]>): string {
+    return stringify(params);
+  }
+});
+
+console.log(target.queryString); // a[0]=b&a[1]=c&a[2]=d
+```
+
+#### headers
+
+- type: `Record<string, string | string[]>`
+
+The HTTP headers to be sent:
+
+```ts
+import { Target } from '@sectester/scan';
+
+const target = new Target({
+  url: 'https://example.com',
+  headers: {
+    'content-type': 'application/json'
+  }
+});
+```
+
+#### body
+
+- type: `unknown`
+
+The data to be sent as the request body. Makes sense only for `POST`, `PUT`, `PATCH`, and `DELETE`:
+
+```ts
+import { Target } from '@sectester/scan';
+
+const target = new Target({
+  url: 'https://example.com',
+  body: {
+    foo: 'bar'
+  }
+});
+```
+
+You can use `FormData` objects, such as [form-data](https://www.npmjs.com/package/form-data), as request body as well:
+
+```ts
+import { Target } from '@sectester/scan';
+import FormData from 'form-data';
+
+const form = new FormData();
+form.append('greeting', 'Hello, world!');
+
+const target = new Target({
+  url: 'https://example.com',
+  body: form
+});
+```
+
+It is possible to set a form as body using an instance of `URLSearchParams`:
+
+```ts
+import { Target } from '@sectester/scan';
+
+const target = new Target({
+  url: 'https://example.com',
+  body: new URLSearchParams('foo=bar')
+});
+```
+
+### Managing a scan
+
+The `Scan` provides a lightweight API to revise and control the status of test execution.
+
+For instance, to get a list of found issues, you can use the `issues` method:
+
+```ts
+const issues = await scan.issues();
+```
+
+To wait for certain conditions you can use the `expect` method:
+
+```ts
+await scan.expect(Severity.HIGH);
+const issues = await scan.issues();
+```
+
+> It returns control as soon as a scan is done, timeout is gone, or an expectation is satisfied.
+
+You can also define a custom expectation passing a function that accepts an instance of `Scan` as follows:
+
+```ts
+await scan.expect((scan: Scan) => scan.done);
+```
+
+It might return a `Promise` instance as well:
+
+```ts
+await scan.expect(async (scan: Scan) => {
+  const issues = await scan.issues();
+
+  return issues.length > 3;
+});
+```
+
+You can use the `status` method to obtain scan status, to ensure that the scan is done and nothing prevents the user to check for issues, or for other reasons:
+
+```ts
+for await (const state of scan.status()) {
+  // your code
+}
+```
+
+> This `for...of` will work while a scan is active.
+
+To stop scan, use the `stop` method:
+
+```ts
+await scan.stop();
+```
+
+To dispose a scan, you just need to call the `dispose` method:
+
+```ts
+await scan.dispose();
+```
+
+## License
+
+Copyright © 2022 [Bright Security](https://brightsec.com/).
+
+This project is licensed under the MIT License - see the [LICENSE file](LICENSE) for details.

package/package.json

@@ -0,0 +1,56 @@
+{
+  "name": "@sectester/scan",
+  "version": "0.16.1",
+  "description": "The package defines a simple public API to manage scans and their expectations.",
+  "repository": {
+    "type": "git",
+    "url": "git+https://github.com/NeuraLegion/sectester-js.git"
+  },
+  "engines": {
+    "node": ">=16",
+    "npm": "^8.1.0"
+  },
+  "author": {
+    "name": "Artem Derevnjuk",
+    "email": "artem.derevnjuk@brightsec.com"
+  },
+  "license": "MIT",
+  "bugs": {
+    "url": "https://github.com/NeuraLegion/sectester-js/issues"
+  },
+  "publishConfig": {
+    "access": "public"
+  },
+  "keywords": [
+    "security",
+    "testing",
+    "e2e",
+    "test",
+    "typescript",
+    "appsec",
+    "pentesting",
+    "qa",
+    "brightsec",
+    "scan",
+    "dast"
+  ],
+  "peerDependencies": {
+    "@sectester/bus": ">=0.16.0 <1.0.0",
+    "@sectester/core": ">=0.16.0 <1.0.0"
+  },
+  "main": "./src/index.js",
+  "typings": "./src/index.d.ts",
+  "dependencies": {
+    "reflect-metadata": "^0.1.13",
+    "uuid": "^8.3.2",
+    "tsyringe": "^4.6.0",
+    "chalk": "^4.1.2",
+    "form-data": "^4.0.0",
+    "axios": "^0.26.1",
+    "axios-rate-limit": "^1.3.0",
+    "amqp-connection-manager": "^4.1.1",
+    "amqplib": "^0.8.0",
+    "@har-sdk/core": "^1.4.3",
+    "ci-info": "^3.3.0"
+  }
+}

package/src/DefaultScans.d.ts

@@ -0,0 +1,20 @@
+import { Scans, UploadHarOptions } from './Scans';
+import { Issue, ScanConfig, ScanState } from './models';
+import { CommandDispatcher, Configuration } from '@sectester/core';
+export declare class DefaultScans implements Scans {
+    private readonly configuration;
+    private readonly commandDispatcher;
+    constructor(configuration: Configuration, commandDispatcher: CommandDispatcher);
+    createScan(config: ScanConfig): Promise<{
+        id: string;
+    }>;
+    listIssues(id: string): Promise<Issue[]>;
+    stopScan(id: string): Promise<void>;
+    deleteScan(id: string): Promise<void>;
+    getScan(id: string): Promise<ScanState>;
+    uploadHar(options: UploadHarOptions): Promise<{
+        id: string;
+    }>;
+    private sendCommand;
+    private assertReply;
+}

package/src/DefaultScans.js

@@ -0,0 +1,63 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.DefaultScans = void 0;
+const tslib_1 = require("tslib");
+const commands_1 = require("./commands");
+const tsyringe_1 = require("tsyringe");
+const core_1 = require("@sectester/core");
+const ci_info_1 = (0, tslib_1.__importDefault)(require("ci-info"));
+let DefaultScans = class DefaultScans {
+    constructor(configuration, commandDispatcher) {
+        this.configuration = configuration;
+        this.commandDispatcher = commandDispatcher;
+    }
+    createScan(config) {
+        return this.sendCommand(new commands_1.CreateScan({
+            ...config,
+            info: {
+                source: 'utlib',
+                provider: ci_info_1.default.name,
+                client: {
+                    name: this.configuration.name,
+                    version: this.configuration.version
+                }
+            }
+        }));
+    }
+    async listIssues(id) {
+        const issues = await this.sendCommand(new commands_1.ListIssues(id));
+        return issues.map(x => ({
+            ...x,
+            link: `${this.configuration.api}/scans/${id}/issues/${x.id}`
+        }));
+    }
+    async stopScan(id) {
+        await this.commandDispatcher.execute(new commands_1.StopScan(id));
+    }
+    async deleteScan(id) {
+        await this.commandDispatcher.execute(new commands_1.DeleteScan(id));
+    }
+    getScan(id) {
+        return this.sendCommand(new commands_1.GetScan(id));
+    }
+    uploadHar(options) {
+        return this.sendCommand(new commands_1.UploadHar(options));
+    }
+    async sendCommand(command) {
+        const result = await this.commandDispatcher.execute(command);
+        this.assertReply(result);
+        return result;
+    }
+    assertReply(result) {
+        if (!result) {
+            throw new Error('Something went wrong. Please try again later.');
+        }
+    }
+};
+DefaultScans = (0, tslib_1.__decorate)([
+    (0, tsyringe_1.injectable)(),
+    (0, tslib_1.__param)(1, (0, tsyringe_1.inject)(core_1.CommandDispatcher)),
+    (0, tslib_1.__metadata)("design:paramtypes", [core_1.Configuration, Object])
+], DefaultScans);
+exports.DefaultScans = DefaultScans;
+//# sourceMappingURL=DefaultScans.js.map

package/src/DefaultScans.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"DefaultScans.js","sourceRoot":"","sources":["../../../../packages/scan/src/DefaultScans.ts"],"names":[],"mappings":";;;;AACA,yCAOoB;AAEpB,uCAA8C;AAC9C,0CAA4E;AAC5E,mEAAyB;AAGzB,IAAa,YAAY,GAAzB,MAAa,YAAY;IACvB,YACmB,aAA4B,EAE5B,iBAAoC;QAFpC,kBAAa,GAAb,aAAa,CAAe;QAE5B,sBAAiB,GAAjB,iBAAiB,CAAmB;IACpD,CAAC;IAEG,UAAU,CAAC,MAAkB;QAClC,OAAO,IAAI,CAAC,WAAW,CACrB,IAAI,qBAAU,CAAC;YACb,GAAG,MAAM;YACT,IAAI,EAAE;gBACJ,MAAM,EAAE,OAAO;gBACf,QAAQ,EAAE,iBAAE,CAAC,IAAI;gBACjB,MAAM,EAAE;oBACN,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI;oBAC7B,OAAO,EAAE,IAAI,CAAC,aAAa,CAAC,OAAO;iBACpC;aACF;SACF,CAAC,CACH,CAAC;IACJ,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,EAAU;QAChC,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,IAAI,qBAAU,CAAC,EAAE,CAAC,CAAC,CAAC;QAE1D,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACtB,GAAG,CAAC;YACJ,IAAI,EAAE,GAAG,IAAI,CAAC,aAAa,CAAC,GAAG,UAAU,EAAE,WAAW,CAAC,CAAC,EAAE,EAAE;SAC7D,CAAC,CAAC,CAAC;IACN,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,EAAU;QAC9B,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,IAAI,mBAAQ,CAAC,EAAE,CAAC,CAAC,CAAC;IACzD,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,EAAU;QAChC,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,IAAI,qBAAU,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3D,CAAC;IAEM,OAAO,CAAC,EAAU;QACvB,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,kBAAO,CAAC,EAAE,CAAC,CAAC,CAAC;IAC3C,CAAC;IAEM,SAAS,CAAC,OAAyB;QACxC,OAAO,IAAI,CAAC,WAAW,CAAC,IAAI,oBAAS,CAAC,OAAO,CAAC,CAAC,CAAC;IAClD,CAAC;IAEO,KAAK,CAAC,WAAW,CAAO,OAAsB;QACpD,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,iBAAiB,CAAC,OAAO,CAAC,OAAO,CAAC,CAAC;QAE7D,IAAI,CAAC,WAAW,CAAC,MAAM,CAAC,CAAC;QAEzB,OAAO,MAAM,CAAC;IAChB,CAAC;IAEO,WAAW,CACjB,MAAqB;QAErB,IAAI,CAAC,MAAM,EAAE;YACX,MAAM,IAAI,KAAK,CAAC,+CAA+C,CAAC,CAAC;SAClE;IACH,CAAC;CACF,CAAA;AA/DY,YAAY;IADxB,IAAA,qBAAU,GAAE;IAIR,wBAAA,IAAA,iBAAM,EAAC,wBAAiB,CAAC,CAAA;kDADM,oBAAa;GAFpC,YAAY,CA+DxB;AA/DY,oCAAY"}

package/src/Scan.d.ts

@@ -0,0 +1,33 @@
+import { Scans } from './Scans';
+import { Issue, ScanState, Severity } from './models';
+import { Logger } from '@sectester/core';
+export interface ScanOptions {
+    id: string;
+    scans: Scans;
+    logger?: Logger;
+    pollingInterval?: number;
+    timeout?: number;
+}
+export declare class Scan {
+    readonly id: string;
+    private readonly ACTIVE_STATUSES;
+    private readonly DONE_STATUSES;
+    private readonly scans;
+    private readonly pollingInterval;
+    private readonly logger;
+    private readonly timeout;
+    private state;
+    constructor({ id, scans, logger, timeout, pollingInterval }: ScanOptions);
+    get active(): boolean;
+    get done(): boolean;
+    issues(): Promise<Issue[]>;
+    status(): AsyncIterableIterator<ScanState>;
+    expect(expectation: Severity | ((scan: Scan) => unknown)): Promise<void>;
+    dispose(): Promise<void>;
+    stop(): Promise<void>;
+    private assert;
+    private refreshState;
+    private changingStatus;
+    private createPredicate;
+    private satisfyExpectation;
+}

package/src/Scan.js

@@ -0,0 +1,133 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.Scan = void 0;
+const models_1 = require("./models");
+const exceptions_1 = require("./exceptions");
+const core_1 = require("@sectester/core");
+class Scan {
+    constructor({ id, scans, logger, timeout, pollingInterval = 5 * 1000 }) {
+        this.ACTIVE_STATUSES = new Set([
+            models_1.ScanStatus.PENDING,
+            models_1.ScanStatus.RUNNING,
+            models_1.ScanStatus.QUEUED
+        ]);
+        this.DONE_STATUSES = new Set([
+            models_1.ScanStatus.DISRUPTED,
+            models_1.ScanStatus.DONE,
+            models_1.ScanStatus.FAILED,
+            models_1.ScanStatus.STOPPED
+        ]);
+        this.state = { status: models_1.ScanStatus.PENDING };
+        this.scans = scans;
+        this.logger = logger;
+        this.id = id;
+        this.pollingInterval = pollingInterval;
+        this.timeout = timeout;
+    }
+    get active() {
+        return this.ACTIVE_STATUSES.has(this.state.status);
+    }
+    get done() {
+        return this.DONE_STATUSES.has(this.state.status);
+    }
+    async issues() {
+        await this.refreshState();
+        return this.scans.listIssues(this.id);
+    }
+    async *status() {
+        while (this.active) {
+            await (0, core_1.delay)(this.pollingInterval);
+            yield this.refreshState();
+        }
+        return this.state;
+    }
+    async expect(expectation) {
+        let timeoutPassed = false;
+        const timer = this.timeout
+            ? setTimeout(() => (timeoutPassed = true), this.timeout)
+            : undefined;
+        const predicate = this.createPredicate(expectation);
+        // eslint-disable-next-line @typescript-eslint/naming-convention
+        for await (const _ of this.status()) {
+            const preventFurtherPolling = (await predicate()) || this.done || timeoutPassed;
+            if (preventFurtherPolling) {
+                break;
+            }
+        }
+        if (timer) {
+            clearTimeout(timer);
+        }
+        this.assert(timeoutPassed);
+    }
+    async dispose() {
+        try {
+            await this.refreshState();
+            if (!this.active) {
+                await this.scans.deleteScan(this.id);
+            }
+        }
+        catch {
+            // noop
+        }
+    }
+    async stop() {
+        try {
+            await this.refreshState();
+            if (this.active) {
+                await this.scans.stopScan(this.id);
+            }
+        }
+        catch {
+            // noop
+        }
+    }
+    assert(timeoutPassed) {
+        var _a;
+        const { status } = this.state;
+        if (this.done && status !== models_1.ScanStatus.DONE) {
+            throw new exceptions_1.ScanAborted(status);
+        }
+        if (timeoutPassed) {
+            throw new exceptions_1.ScanTimedOut((_a = this.timeout) !== null && _a !== void 0 ? _a : 0);
+        }
+    }
+    async refreshState() {
+        if (!this.done) {
+            const lastState = this.state;
+            this.state = await this.scans.getScan(this.id);
+            this.changingStatus(lastState.status, this.state.status);
+        }
+        return this.state;
+    }
+    changingStatus(from, to) {
+        var _a, _b;
+        if (from !== models_1.ScanStatus.QUEUED && to === models_1.ScanStatus.QUEUED) {
+            (_a = this.logger) === null || _a === void 0 ? void 0 : _a.warn('The maximum amount of concurrent scans has been reached for the organization, ' +
+                'the execution will resume once a free engine will be available. ' +
+                'If you want to increase the execution concurrency, ' +
+                'please upgrade your subscription or contact your system administrator');
+        }
+        if (from === models_1.ScanStatus.QUEUED && to !== models_1.ScanStatus.QUEUED) {
+            (_b = this.logger) === null || _b === void 0 ? void 0 : _b.log('Connected to engine, resuming execution');
+        }
+    }
+    createPredicate(expectation) {
+        return () => {
+            try {
+                return typeof expectation === 'function'
+                    ? expectation(this)
+                    : this.satisfyExpectation(expectation);
+            }
+            catch {
+                // noop
+            }
+        };
+    }
+    satisfyExpectation(severity) {
+        var _a;
+        const issueGroups = (_a = this.state.issuesBySeverity) !== null && _a !== void 0 ? _a : [];
+        return issueGroups.some((x) => { var _a; return ((_a = models_1.severityRanges.get(severity)) === null || _a === void 0 ? void 0 : _a.includes(x.type)) && x.number > 0; });
+    }
+}
+exports.Scan = Scan;
+//# sourceMappingURL=Scan.js.map

package/src/Scan.js.map

@@ -0,0 +1 @@
+{"version":3,"file":"Scan.js","sourceRoot":"","sources":["../../../../packages/scan/src/Scan.ts"],"names":[],"mappings":";;;AACA,qCAOkB;AAClB,6CAAyD;AACzD,0CAAgD;AAUhD,MAAa,IAAI;IAmBf,YAAY,EACV,EAAE,EACF,KAAK,EACL,MAAM,EACN,OAAO,EACP,eAAe,GAAG,CAAC,GAAG,IAAI,EACd;QAvBG,oBAAe,GAA4B,IAAI,GAAG,CAAC;YAClE,mBAAU,CAAC,OAAO;YAClB,mBAAU,CAAC,OAAO;YAClB,mBAAU,CAAC,MAAM;SAClB,CAAC,CAAC;QACc,kBAAa,GAA4B,IAAI,GAAG,CAAC;YAChE,mBAAU,CAAC,SAAS;YACpB,mBAAU,CAAC,IAAI;YACf,mBAAU,CAAC,MAAM;YACjB,mBAAU,CAAC,OAAO;SACnB,CAAC,CAAC;QAKK,UAAK,GAAc,EAAE,MAAM,EAAE,mBAAU,CAAC,OAAO,EAAE,CAAC;QASxD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;QACb,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QACvC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACnD,CAAC;IAEM,KAAK,CAAC,MAAM;QACjB,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAE1B,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxC,CAAC;IAEM,KAAK,CAAC,CAAC,MAAM;QAClB,OAAO,IAAI,CAAC,MAAM,EAAE;YAClB,MAAM,IAAA,YAAK,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YAElC,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;SAC3B;QAED,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAEM,KAAK,CAAC,MAAM,CACjB,WAAiD;QAEjD,IAAI,aAAa,GAAG,KAAK,CAAC;QAE1B,MAAM,KAAK,GAA+B,IAAI,CAAC,OAAO;YACpD,CAAC,CAAC,UAAU,CAAC,GAAG,EAAE,CAAC,CAAC,aAAa,GAAG,IAAI,CAAC,EAAE,IAAI,CAAC,OAAO,CAAC;YACxD,CAAC,CAAC,SAAS,CAAC;QAEd,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;QAEpD,gEAAgE;QAChE,IAAI,KAAK,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE;YACnC,MAAM,qBAAqB,GACzB,CAAC,MAAM,SAAS,EAAE,CAAC,IAAI,IAAI,CAAC,IAAI,IAAI,aAAa,CAAC;YAEpD,IAAI,qBAAqB,EAAE;gBACzB,MAAM;aACP;SACF;QAED,IAAI,KAAK,EAAE;YACT,YAAY,CAAC,KAAK,CAAC,CAAC;SACrB;QAED,IAAI,CAAC,MAAM,CAAC,aAAa,CAAC,CAAC;IAC7B,CAAC;IAEM,KAAK,CAAC,OAAO;QAClB,IAAI;YACF,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;YAE1B,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE;gBAChB,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;aACtC;SACF;QAAC,MAAM;YACN,OAAO;SACR;IACH,CAAC;IAEM,KAAK,CAAC,IAAI;QACf,IAAI;YACF,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;YAE1B,IAAI,IAAI,CAAC,MAAM,EAAE;gBACf,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;aACpC;SACF;QAAC,MAAM;YACN,OAAO;SACR;IACH,CAAC;IAEO,MAAM,CAAC,aAAuB;;QACpC,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC;QAE9B,IAAI,IAAI,CAAC,IAAI,IAAI,MAAM,KAAK,mBAAU,CAAC,IAAI,EAAE;YAC3C,MAAM,IAAI,wBAAW,CAAC,MAAM,CAAC,CAAC;SAC/B;QAED,IAAI,aAAa,EAAE;YACjB,MAAM,IAAI,yBAAY,CAAC,MAAA,IAAI,CAAC,OAAO,mCAAI,CAAC,CAAC,CAAC;SAC3C;IACH,CAAC;IAEO,KAAK,CAAC,YAAY;QACxB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE;YACd,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC;YAE7B,IAAI,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAE/C,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;SAC1D;QAED,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAEO,cAAc,CAAC,IAAgB,EAAE,EAAc;;QACrD,IAAI,IAAI,KAAK,mBAAU,CAAC,MAAM,IAAI,EAAE,KAAK,mBAAU,CAAC,MAAM,EAAE;YAC1D,MAAA,IAAI,CAAC,MAAM,0CAAE,IAAI,CACf,gFAAgF;gBAC9E,kEAAkE;gBAClE,qDAAqD;gBACrD,uEAAuE,CAC1E,CAAC;SACH;QAED,IAAI,IAAI,KAAK,mBAAU,CAAC,MAAM,IAAI,EAAE,KAAK,mBAAU,CAAC,MAAM,EAAE;YAC1D,MAAA,IAAI,CAAC,MAAM,0CAAE,GAAG,CAAC,yCAAyC,CAAC,CAAC;SAC7D;IACH,CAAC;IAEO,eAAe,CACrB,WAAiD;QAEjD,OAAO,GAAG,EAAE;YACV,IAAI;gBACF,OAAO,OAAO,WAAW,KAAK,UAAU;oBACtC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC;oBACnB,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;aAC1C;YAAC,MAAM;gBACN,OAAO;aACR;QACH,CAAC,CAAC;IACJ,CAAC;IAEO,kBAAkB,CAAC,QAAkB;;QAC3C,MAAM,WAAW,GAAG,MAAA,IAAI,CAAC,KAAK,CAAC,gBAAgB,mCAAI,EAAE,CAAC;QAEtD,OAAO,WAAW,CAAC,IAAI,CACrB,CAAC,CAAa,EAAE,EAAE,WAChB,OAAA,CAAA,MAAA,uBAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,0CAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAA,EAAA,CACjE,CAAC;IACJ,CAAC;CACF;AA1KD,oBA0KC"}

package/src/ScanFactory.d.ts

@@ -0,0 +1,19 @@
+import { Scan } from './Scan';
+import { ScanSettings, ScanSettingsOptions } from './ScanSettings';
+import { Configuration } from '@sectester/core';
+export declare class ScanFactory {
+    private readonly configuration;
+    private readonly scans;
+    private readonly container;
+    private readonly logger;
+    constructor(configuration: Configuration);
+    createScan(settings: ScanSettings | ScanSettingsOptions, options?: {
+        timeout?: number;
+        pollingInterval?: number;
+    }): Promise<Scan>;
+    private buildScanConfig;
+    private createAndUploadHar;
+    private generateFilename;
+    private createHarEntry;
+    private createHar;
+}