@sectester/scan 0.34.0 → 0.35.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. package/README.md +1 -1
  2. package/package.json +3 -3
  3. package/src/models/TestType.d.ts +13 -24
  4. package/src/models/TestType.js +12 -23
  5. package/src/models/TestType.js.map +1 -1
package/README.md CHANGED
@@ -45,7 +45,7 @@ import { TestType } from '@sectester/scan';
45
45
 
46
46
  const scan = await scanFactory.createScan({
47
47
  target,
48
- tests: [TestType.HEADER_SECURITY]
48
+ tests: [TestType.INSECURE_OUTPUT_HANDLING]
49
49
  });
50
50
  ```
51
51
 
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "@sectester/scan",
3
- "version": "0.34.0",
3
+ "version": "0.35.0",
4
4
  "description": "The package defines a simple public API to manage scans and their expectations.",
5
5
  "repository": {
6
6
  "type": "git",
@@ -45,7 +45,7 @@
45
45
  "peerDependencies": {
46
46
  "@sectester/core": ">=0.16.0 <1.0.0"
47
47
  },
48
+ "types": "./src/index.d.ts",
48
49
  "main": "./src/index.js",
49
- "type": "commonjs",
50
- "types": "./src/index.d.ts"
50
+ "type": "commonjs"
51
51
  }
package/src/models/TestType.d.ts CHANGED
@@ -1,57 +1,46 @@
1
1
  export declare enum TestType {
2
- ANGULAR_CSTI = "angular_csti",
3
- BACKUP_LOCATIONS = "backup_locations",
2
+ AMAZON_S3_TAKEOVER = "amazon_s3_takeover",
3
+ BOPLA = "bopla",
4
+ BROKEN_ACCESS_CONTROL = "broken_access_control",
4
5
  BROKEN_SAML_AUTH = "broken_saml_auth",
6
+ JWT = "jwt",
5
7
  BRUTE_FORCE_LOGIN = "brute_force_login",
6
8
  BUSINESS_CONSTRAINT_BYPASS = "business_constraint_bypass",
7
- COMMON_FILES = "common_files",
8
9
  COOKIE_SECURITY = "cookie_security",
9
10
  CSRF = "csrf",
10
11
  CSS_INJECTION = "css_injection",
11
- CVE = "cve_test",
12
12
  DATE_MANIPULATION = "date_manipulation",
13
- DEFAULT_LOGIN_LOCATION = "default_login_location",
14
- DIRECTORY_LISTING = "directory_listing",
15
- /**
16
- * @deprecated Use TestType.XSS instead
17
- */
18
- DOM_XSS = "dom_xss",
19
13
  EMAIL_INJECTION = "email_injection",
20
- EXPOSED_COUCH_DB_APIS = "exposed_couch_db_apis",
14
+ EXCESSIVE_DATA_EXPOSURE = "excessive_data_exposure",
21
15
  FILE_UPLOAD = "file_upload",
22
16
  FULL_PATH_DISCLOSURE = "full_path_disclosure",
23
- HEADER_SECURITY = "header_security",
24
- HRS = "hrs",
17
+ GRAPHQL_INTROSPECTION = "graphql_introspection",
25
18
  HTML_INJECTION = "html_injection",
26
19
  HTTP_METHOD_FUZZING = "http_method_fuzzing",
27
- HTTP_RESPONSE_SPLITTING = "http_response_splitting",
28
20
  ID_ENUMERATION = "id_enumeration",
29
21
  IFRAME_INJECTION = "iframe_injection",
30
22
  IMPROPER_ASSET_MANAGEMENT = "improper_asset_management",
31
- INSECURE_TLS_CONFIGURATION = "insecure_tls_configuration",
32
- JWT = "jwt",
23
+ INSECURE_OUTPUT_HANDLING = "insecure_output_handling",
33
24
  LDAPI = "ldapi",
34
25
  LFI = "lfi",
26
+ LRRL = "lrrl",
35
27
  MASS_ASSIGNMENT = "mass_assignment",
36
28
  NOSQL = "nosql",
37
- OPEN_BUCKETS = "open_buckets",
29
+ OPEN_CLOUD_STORAGE = "open_cloud_storage",
38
30
  OPEN_DATABASE = "open_database",
39
31
  OSI = "osi",
32
+ PASSWORD_RESET_POISONING = "password_reset_poisoning",
40
33
  PROMPT_INJECTION = "prompt_injection",
41
34
  PROTO_POLLUTION = "proto_pollution",
42
- RETIRE_JS = "retire_js",
43
35
  RFI = "rfi",
44
- S3_TAKEOVER = "amazon_s3_takeover",
36
+ SQLI = "sqli",
45
37
  SECRET_TOKENS = "secret_tokens",
46
38
  SERVER_SIDE_JS_INJECTION = "server_side_js_injection",
47
- SQLI = "sqli",
48
39
  SSRF = "ssrf",
49
40
  SSTI = "ssti",
50
41
  STORED_XSS = "stored_xss",
51
42
  UNVALIDATED_REDIRECT = "unvalidated_redirect",
52
- VERSION_CONTROL_SYSTEMS = "version_control_systems",
53
- WORDPRESS = "wordpress",
54
43
  XPATHI = "xpathi",
55
- XSS = "xss",
56
- XXE = "xxe"
44
+ XXE = "xxe",
45
+ XSS = "xss"
57
46
  }
package/src/models/TestType.js CHANGED
@@ -3,60 +3,49 @@ Object.defineProperty(exports, "__esModule", { value: true });
3
3
  exports.TestType = void 0;
4
4
  var TestType;
5
5
  (function (TestType) {
6
- TestType["ANGULAR_CSTI"] = "angular_csti";
7
- TestType["BACKUP_LOCATIONS"] = "backup_locations";
6
+ TestType["AMAZON_S3_TAKEOVER"] = "amazon_s3_takeover";
7
+ TestType["BOPLA"] = "bopla";
8
+ TestType["BROKEN_ACCESS_CONTROL"] = "broken_access_control";
8
9
  TestType["BROKEN_SAML_AUTH"] = "broken_saml_auth";
10
+ TestType["JWT"] = "jwt";
9
11
  TestType["BRUTE_FORCE_LOGIN"] = "brute_force_login";
10
12
  TestType["BUSINESS_CONSTRAINT_BYPASS"] = "business_constraint_bypass";
11
- TestType["COMMON_FILES"] = "common_files";
12
13
  TestType["COOKIE_SECURITY"] = "cookie_security";
13
14
  TestType["CSRF"] = "csrf";
14
15
  TestType["CSS_INJECTION"] = "css_injection";
15
- TestType["CVE"] = "cve_test";
16
16
  TestType["DATE_MANIPULATION"] = "date_manipulation";
17
- TestType["DEFAULT_LOGIN_LOCATION"] = "default_login_location";
18
- TestType["DIRECTORY_LISTING"] = "directory_listing";
19
- /**
20
- * @deprecated Use TestType.XSS instead
21
- */
22
- TestType["DOM_XSS"] = "dom_xss";
23
17
  TestType["EMAIL_INJECTION"] = "email_injection";
24
- TestType["EXPOSED_COUCH_DB_APIS"] = "exposed_couch_db_apis";
18
+ TestType["EXCESSIVE_DATA_EXPOSURE"] = "excessive_data_exposure";
25
19
  TestType["FILE_UPLOAD"] = "file_upload";
26
20
  TestType["FULL_PATH_DISCLOSURE"] = "full_path_disclosure";
27
- TestType["HEADER_SECURITY"] = "header_security";
28
- TestType["HRS"] = "hrs";
21
+ TestType["GRAPHQL_INTROSPECTION"] = "graphql_introspection";
29
22
  TestType["HTML_INJECTION"] = "html_injection";
30
23
  TestType["HTTP_METHOD_FUZZING"] = "http_method_fuzzing";
31
- TestType["HTTP_RESPONSE_SPLITTING"] = "http_response_splitting";
32
24
  TestType["ID_ENUMERATION"] = "id_enumeration";
33
25
  TestType["IFRAME_INJECTION"] = "iframe_injection";
34
26
  TestType["IMPROPER_ASSET_MANAGEMENT"] = "improper_asset_management";
35
- TestType["INSECURE_TLS_CONFIGURATION"] = "insecure_tls_configuration";
36
- TestType["JWT"] = "jwt";
27
+ TestType["INSECURE_OUTPUT_HANDLING"] = "insecure_output_handling";
37
28
  TestType["LDAPI"] = "ldapi";
38
29
  TestType["LFI"] = "lfi";
30
+ TestType["LRRL"] = "lrrl";
39
31
  TestType["MASS_ASSIGNMENT"] = "mass_assignment";
40
32
  TestType["NOSQL"] = "nosql";
41
- TestType["OPEN_BUCKETS"] = "open_buckets";
33
+ TestType["OPEN_CLOUD_STORAGE"] = "open_cloud_storage";
42
34
  TestType["OPEN_DATABASE"] = "open_database";
43
35
  TestType["OSI"] = "osi";
36
+ TestType["PASSWORD_RESET_POISONING"] = "password_reset_poisoning";
44
37
  TestType["PROMPT_INJECTION"] = "prompt_injection";
45
38
  TestType["PROTO_POLLUTION"] = "proto_pollution";
46
- TestType["RETIRE_JS"] = "retire_js";
47
39
  TestType["RFI"] = "rfi";
48
- TestType["S3_TAKEOVER"] = "amazon_s3_takeover";
40
+ TestType["SQLI"] = "sqli";
49
41
  TestType["SECRET_TOKENS"] = "secret_tokens";
50
42
  TestType["SERVER_SIDE_JS_INJECTION"] = "server_side_js_injection";
51
- TestType["SQLI"] = "sqli";
52
43
  TestType["SSRF"] = "ssrf";
53
44
  TestType["SSTI"] = "ssti";
54
45
  TestType["STORED_XSS"] = "stored_xss";
55
46
  TestType["UNVALIDATED_REDIRECT"] = "unvalidated_redirect";
56
- TestType["VERSION_CONTROL_SYSTEMS"] = "version_control_systems";
57
- TestType["WORDPRESS"] = "wordpress";
58
47
  TestType["XPATHI"] = "xpathi";
59
- TestType["XSS"] = "xss";
60
48
  TestType["XXE"] = "xxe";
49
+ TestType["XSS"] = "xss";
61
50
  })(TestType || (exports.TestType = TestType = {}));
62
51
  //# sourceMappingURL=TestType.js.map
package/src/models/TestType.js.map CHANGED
@@ -1 +1 @@
1
- {"version":3,"file":"TestType.js","sourceRoot":"","sources":["../../../../../packages/scan/src/models/TestType.ts"],"names":[],"mappings":";;;AAAA,IAAY,QAwDX;AAxDD,WAAY,QAAQ;IAClB,yCAA6B,CAAA;IAC7B,iDAAqC,CAAA;IACrC,iDAAqC,CAAA;IACrC,mDAAuC,CAAA;IACvC,qEAAyD,CAAA;IACzD,yCAA6B,CAAA;IAC7B,+CAAmC,CAAA;IACnC,yBAAa,CAAA;IACb,2CAA+B,CAAA;IAC/B,4BAAgB,CAAA;IAChB,mDAAuC,CAAA;IACvC,6DAAiD,CAAA;IACjD,mDAAuC,CAAA;IACvC;;OAEG;IACH,+BAAmB,CAAA;IACnB,+CAAmC,CAAA;IACnC,2DAA+C,CAAA;IAC/C,uCAA2B,CAAA;IAC3B,yDAA6C,CAAA;IAC7C,+CAAmC,CAAA;IACnC,uBAAW,CAAA;IACX,6CAAiC,CAAA;IACjC,uDAA2C,CAAA;IAC3C,+DAAmD,CAAA;IACnD,6CAAiC,CAAA;IACjC,iDAAqC,CAAA;IACrC,mEAAuD,CAAA;IACvD,qEAAyD,CAAA;IACzD,uBAAW,CAAA;IACX,2BAAe,CAAA;IACf,uBAAW,CAAA;IACX,+CAAmC,CAAA;IACnC,2BAAe,CAAA;IACf,yCAA6B,CAAA;IAC7B,2CAA+B,CAAA;IAC/B,uBAAW,CAAA;IACX,iDAAqC,CAAA;IACrC,+CAAmC,CAAA;IACnC,mCAAuB,CAAA;IACvB,uBAAW,CAAA;IACX,8CAAkC,CAAA;IAClC,2CAA+B,CAAA;IAC/B,iEAAqD,CAAA;IACrD,yBAAa,CAAA;IACb,yBAAa,CAAA;IACb,yBAAa,CAAA;IACb,qCAAyB,CAAA;IACzB,yDAA6C,CAAA;IAC7C,+DAAmD,CAAA;IACnD,mCAAuB,CAAA;IACvB,6BAAiB,CAAA;IACjB,uBAAW,CAAA;IACX,uBAAW,CAAA;AACb,CAAC,EAxDW,QAAQ,wBAAR,QAAQ,QAwDnB"}
1
+ {"version":3,"file":"TestType.js","sourceRoot":"","sources":["../../../../../packages/scan/src/models/TestType.ts"],"names":[],"mappings":";;;AAAA,IAAY,QA6CX;AA7CD,WAAY,QAAQ;IAClB,qDAAyC,CAAA;IACzC,2BAAe,CAAA;IACf,2DAA+C,CAAA;IAC/C,iDAAqC,CAAA;IACrC,uBAAW,CAAA;IACX,mDAAuC,CAAA;IACvC,qEAAyD,CAAA;IACzD,+CAAmC,CAAA;IACnC,yBAAa,CAAA;IACb,2CAA+B,CAAA;IAC/B,mDAAuC,CAAA;IACvC,+CAAmC,CAAA;IACnC,+DAAmD,CAAA;IACnD,uCAA2B,CAAA;IAC3B,yDAA6C,CAAA;IAC7C,2DAA+C,CAAA;IAC/C,6CAAiC,CAAA;IACjC,uDAA2C,CAAA;IAC3C,6CAAiC,CAAA;IACjC,iDAAqC,CAAA;IACrC,mEAAuD,CAAA;IACvD,iEAAqD,CAAA;IACrD,2BAAe,CAAA;IACf,uBAAW,CAAA;IACX,yBAAa,CAAA;IACb,+CAAmC,CAAA;IACnC,2BAAe,CAAA;IACf,qDAAyC,CAAA;IACzC,2CAA+B,CAAA;IAC/B,uBAAW,CAAA;IACX,iEAAqD,CAAA;IACrD,iDAAqC,CAAA;IACrC,+CAAmC,CAAA;IACnC,uBAAW,CAAA;IACX,yBAAa,CAAA;IACb,2CAA+B,CAAA;IAC/B,iEAAqD,CAAA;IACrD,yBAAa,CAAA;IACb,yBAAa,CAAA;IACb,qCAAyB,CAAA;IACzB,yDAA6C,CAAA;IAC7C,6BAAiB,CAAA;IACjB,uBAAW,CAAA;IACX,uBAAW,CAAA;AACb,CAAC,EA7CW,QAAQ,wBAAR,QAAQ,QA6CnB"}