@sectester/scan 0.35.3 → 0.36.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +12 -13
- package/package.json +2 -4
- package/src/DefaultDiscoveries.d.ts +11 -0
- package/src/DefaultDiscoveries.js +43 -0
- package/src/DefaultDiscoveries.js.map +1 -0
- package/src/DefaultScans.d.ts +6 -7
- package/src/DefaultScans.js +71 -31
- package/src/DefaultScans.js.map +1 -1
- package/src/Discoveries.d.ts +7 -0
- package/src/Discoveries.js +5 -0
- package/src/Discoveries.js.map +1 -0
- package/src/Scan.js +5 -11
- package/src/Scan.js.map +1 -1
- package/src/ScanFactory.d.ts +2 -5
- package/src/ScanFactory.js +7 -64
- package/src/ScanFactory.js.map +1 -1
- package/src/ScanSettings.d.ts +1 -9
- package/src/ScanSettings.js +2 -22
- package/src/ScanSettings.js.map +1 -1
- package/src/Scans.d.ts +2 -7
- package/src/Scans.js.map +1 -1
- package/src/models/AttackParamLocation.d.ts +0 -2
- package/src/models/AttackParamLocation.js +0 -2
- package/src/models/AttackParamLocation.js.map +1 -1
- package/src/models/Issue.d.ts +1 -11
- package/src/models/ScanConfig.d.ts +2 -7
- package/src/models/TestType.d.ts +19 -20
- package/src/models/TestType.js +19 -20
- package/src/models/TestType.js.map +1 -1
- package/src/models/index.d.ts +0 -2
- package/src/models/index.js +0 -2
- package/src/models/index.js.map +1 -1
- package/src/register.js +3 -0
- package/src/register.js.map +1 -1
- package/src/commands/CreateScan.d.ts +0 -17
- package/src/commands/CreateScan.js +0 -15
- package/src/commands/CreateScan.js.map +0 -1
- package/src/commands/DeleteScan.d.ts +0 -4
- package/src/commands/DeleteScan.js +0 -16
- package/src/commands/DeleteScan.js.map +0 -1
- package/src/commands/GetScan.d.ts +0 -5
- package/src/commands/GetScan.js +0 -14
- package/src/commands/GetScan.js.map +0 -1
- package/src/commands/ListIssues.d.ts +0 -5
- package/src/commands/ListIssues.js +0 -14
- package/src/commands/ListIssues.js.map +0 -1
- package/src/commands/StopScan.d.ts +0 -4
- package/src/commands/StopScan.js +0 -15
- package/src/commands/StopScan.js.map +0 -1
- package/src/commands/UploadHar.d.ts +0 -8
- package/src/commands/UploadHar.js +0 -24
- package/src/commands/UploadHar.js.map +0 -1
- package/src/commands/index.d.ts +0 -6
- package/src/commands/index.js +0 -10
- package/src/commands/index.js.map +0 -1
- package/src/models/Discovery.d.ts +0 -5
- package/src/models/Discovery.js +0 -10
- package/src/models/Discovery.js.map +0 -1
- package/src/models/Module.d.ts +0 -4
- package/src/models/Module.js +0 -9
- package/src/models/Module.js.map +0 -1
package/README.md
CHANGED
|
@@ -22,7 +22,8 @@ import { Configuration } from '@sectester/core';
|
|
|
22
22
|
import { ScanFactory } from '@sectester/scan';
|
|
23
23
|
|
|
24
24
|
const config = new Configuration({
|
|
25
|
-
hostname: 'app.neuralegion.com'
|
|
25
|
+
hostname: 'app.neuralegion.com',
|
|
26
|
+
projectId: 'your project ID'
|
|
26
27
|
});
|
|
27
28
|
|
|
28
29
|
const scanFactory = new ScanFactory(config);
|
|
@@ -51,18 +52,16 @@ const scan = await scanFactory.createScan({
|
|
|
51
52
|
|
|
52
53
|
Below you will find a list of parameters that can be used to configure a `Scan`:
|
|
53
54
|
|
|
54
|
-
| Option | Description
|
|
55
|
-
| ---------------------- |
|
|
56
|
-
| `target` | The target that will be attacked. For details, see [here](#defining-a-target-for-attack).
|
|
57
|
-
| `tests` | The list of tests to be performed against the target application. [Learn more about tests](https://docs.brightsec.com/docs/vulnerability-guide)
|
|
58
|
-
| `repeaterId` | Connects the scan to a Repeater agent, which provides secure access to local networks.
|
|
59
|
-
| `smart` | Minimize scan time by using automatic smart decisions regarding parameter skipping, detection phases, etc. Enabled by default.
|
|
60
|
-
| `skipStaticParams` | Use an advanced algorithm to automatically determine if a parameter has any effect on the target system's behavior when changed, and skip testing such static parameters. Enabled by default.
|
|
61
|
-
| `poolSize` | Sets the maximum concurrent requests for the scan, to control the load on your server. By default, `10`.
|
|
62
|
-
| `attackParamLocations` | Defines which part of the request to attack. By default, `body`, `query`, and `fragment`.
|
|
63
|
-
| `
|
|
64
|
-
| `targetTimeout` | Measure timeout responses from the target application globally, and stop the scan if the target is unresponsive for longer than the specified time. By default, 5min. |
|
|
65
|
-
| `name` | The scan name. The method and hostname by default, e.g. `GET example.com`. |
|
|
55
|
+
| Option | Description |
|
|
56
|
+
| ---------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
|
|
57
|
+
| `target` | The target that will be attacked. For details, see [here](#defining-a-target-for-attack). |
|
|
58
|
+
| `tests` | The list of tests to be performed against the target application. [Learn more about tests](https://docs.brightsec.com/docs/vulnerability-guide) |
|
|
59
|
+
| `repeaterId` | Connects the scan to a Repeater agent, which provides secure access to local networks. |
|
|
60
|
+
| `smart` | Minimize scan time by using automatic smart decisions regarding parameter skipping, detection phases, etc. Enabled by default. |
|
|
61
|
+
| `skipStaticParams` | Use an advanced algorithm to automatically determine if a parameter has any effect on the target system's behavior when changed, and skip testing such static parameters. Enabled by default. |
|
|
62
|
+
| `poolSize` | Sets the maximum concurrent requests for the scan, to control the load on your server. By default, `10`. |
|
|
63
|
+
| `attackParamLocations` | Defines which part of the request to attack. By default, `body`, `query`, and `fragment`. |
|
|
64
|
+
| `name` | The scan name. The method and hostname by default, e.g. `GET /users/1`. |
|
|
66
65
|
|
|
67
66
|
### Defining a target for attack
|
|
68
67
|
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@sectester/scan",
|
|
3
|
-
"version": "0.
|
|
3
|
+
"version": "0.36.1",
|
|
4
4
|
"description": "The package defines a simple public API to manage scans and their expectations.",
|
|
5
5
|
"repository": {
|
|
6
6
|
"type": "git",
|
|
@@ -37,10 +37,8 @@
|
|
|
37
37
|
"dependencies": {
|
|
38
38
|
"@har-sdk/core": "~1.4.5",
|
|
39
39
|
"ci-info": "^4.0.0",
|
|
40
|
-
"form-data": "^4.0.0",
|
|
41
40
|
"tslib": "~2.6.3",
|
|
42
|
-
"tsyringe": "^4.8.0"
|
|
43
|
-
"uuid": "^10.0.0"
|
|
41
|
+
"tsyringe": "^4.8.0"
|
|
44
42
|
},
|
|
45
43
|
"peerDependencies": {
|
|
46
44
|
"@sectester/core": ">=0.16.0 <1.0.0"
|
|
@@ -0,0 +1,11 @@
|
|
|
1
|
+
import { Target } from './target';
|
|
2
|
+
import { Discoveries } from './Discoveries';
|
|
3
|
+
import { ApiClient, Configuration } from '@sectester/core';
|
|
4
|
+
export declare class DefaultDiscoveries implements Discoveries {
|
|
5
|
+
private readonly configuration;
|
|
6
|
+
private readonly client;
|
|
7
|
+
constructor(configuration: Configuration, client: ApiClient);
|
|
8
|
+
createEntrypoint(target: Target, repeaterId: string): Promise<{
|
|
9
|
+
id: string;
|
|
10
|
+
}>;
|
|
11
|
+
}
|
|
@@ -0,0 +1,43 @@
|
|
|
1
|
+
"use strict";
|
|
2
|
+
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
+
exports.DefaultDiscoveries = void 0;
|
|
4
|
+
const tslib_1 = require("tslib");
|
|
5
|
+
const tsyringe_1 = require("tsyringe");
|
|
6
|
+
const core_1 = require("@sectester/core");
|
|
7
|
+
let DefaultDiscoveries = class DefaultDiscoveries {
|
|
8
|
+
constructor(configuration, client) {
|
|
9
|
+
this.configuration = configuration;
|
|
10
|
+
this.client = client;
|
|
11
|
+
}
|
|
12
|
+
async createEntrypoint(target, repeaterId) {
|
|
13
|
+
var _a;
|
|
14
|
+
let response = await this.client.request(`/api/v2/projects/${this.configuration.projectId}/entry-points`, {
|
|
15
|
+
method: 'POST',
|
|
16
|
+
body: JSON.stringify({
|
|
17
|
+
repeaterId,
|
|
18
|
+
request: {
|
|
19
|
+
method: target.method,
|
|
20
|
+
url: target.url,
|
|
21
|
+
headers: target.headers,
|
|
22
|
+
body: (_a = target.postData) === null || _a === void 0 ? void 0 : _a.text
|
|
23
|
+
}
|
|
24
|
+
}),
|
|
25
|
+
headers: {
|
|
26
|
+
'content-type': 'application/json'
|
|
27
|
+
}
|
|
28
|
+
});
|
|
29
|
+
if (response.status === 409 && response.headers.has('location')) {
|
|
30
|
+
const location = response.headers.get('location');
|
|
31
|
+
response = await this.client.request(location);
|
|
32
|
+
}
|
|
33
|
+
const data = (await response.json());
|
|
34
|
+
return data;
|
|
35
|
+
}
|
|
36
|
+
};
|
|
37
|
+
exports.DefaultDiscoveries = DefaultDiscoveries;
|
|
38
|
+
exports.DefaultDiscoveries = DefaultDiscoveries = tslib_1.__decorate([
|
|
39
|
+
(0, tsyringe_1.injectable)(),
|
|
40
|
+
tslib_1.__param(1, (0, tsyringe_1.inject)(core_1.ApiClient)),
|
|
41
|
+
tslib_1.__metadata("design:paramtypes", [core_1.Configuration, Object])
|
|
42
|
+
], DefaultDiscoveries);
|
|
43
|
+
//# sourceMappingURL=DefaultDiscoveries.js.map
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"DefaultDiscoveries.js","sourceRoot":"","sources":["../../../../packages/scan/src/DefaultDiscoveries.ts"],"names":[],"mappings":";;;;AAEA,uCAA8C;AAC9C,0CAA2D;AAGpD,IAAM,kBAAkB,GAAxB,MAAM,kBAAkB;IAC7B,YACmB,aAA4B,EAE5B,MAAiB;QAFjB,kBAAa,GAAb,aAAa,CAAe;QAE5B,WAAM,GAAN,MAAM,CAAW;IACjC,CAAC;IAEG,KAAK,CAAC,gBAAgB,CAC3B,MAAc,EACd,UAAkB;;QAElB,IAAI,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACtC,oBAAoB,IAAI,CAAC,aAAa,CAAC,SAAS,eAAe,EAC/D;YACE,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,UAAU;gBACV,OAAO,EAAE;oBACP,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,GAAG,EAAE,MAAM,CAAC,GAAG;oBACf,OAAO,EAAE,MAAM,CAAC,OAAO;oBACvB,IAAI,EAAE,MAAA,MAAM,CAAC,QAAQ,0CAAE,IAAI;iBAC5B;aACF,CAAC;YACF,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;SACF,CACF,CAAC;QAEF,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;YAChE,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAW,CAAC;YAC5D,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACjD,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAmB,CAAC;QAEvD,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAA;AAvCY,gDAAkB;6BAAlB,kBAAkB;IAD9B,IAAA,qBAAU,GAAE;IAIR,mBAAA,IAAA,iBAAM,EAAC,gBAAS,CAAC,CAAA;6CADc,oBAAa;GAFpC,kBAAkB,CAuC9B"}
|
package/src/DefaultScans.d.ts
CHANGED
|
@@ -1,10 +1,11 @@
|
|
|
1
|
-
import { Scans
|
|
1
|
+
import { Scans } from './Scans';
|
|
2
2
|
import { Issue, ScanConfig, ScanState } from './models';
|
|
3
|
-
import {
|
|
3
|
+
import { Target } from './target';
|
|
4
|
+
import { ApiClient, Configuration } from '@sectester/core';
|
|
4
5
|
export declare class DefaultScans implements Scans {
|
|
5
6
|
private readonly configuration;
|
|
6
|
-
private readonly
|
|
7
|
-
constructor(configuration: Configuration,
|
|
7
|
+
private readonly client;
|
|
8
|
+
constructor(configuration: Configuration, client: ApiClient);
|
|
8
9
|
createScan(config: ScanConfig): Promise<{
|
|
9
10
|
id: string;
|
|
10
11
|
}>;
|
|
@@ -12,9 +13,7 @@ export declare class DefaultScans implements Scans {
|
|
|
12
13
|
stopScan(id: string): Promise<void>;
|
|
13
14
|
deleteScan(id: string): Promise<void>;
|
|
14
15
|
getScan(id: string): Promise<ScanState>;
|
|
15
|
-
|
|
16
|
+
createEntrypoint(target: Target, repeaterId: string): Promise<{
|
|
16
17
|
id: string;
|
|
17
18
|
}>;
|
|
18
|
-
private sendCommand;
|
|
19
|
-
private assertReply;
|
|
20
19
|
}
|
package/src/DefaultScans.js
CHANGED
|
@@ -2,62 +2,102 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
exports.DefaultScans = void 0;
|
|
4
4
|
const tslib_1 = require("tslib");
|
|
5
|
-
const commands_1 = require("./commands");
|
|
6
5
|
const tsyringe_1 = require("tsyringe");
|
|
7
6
|
const core_1 = require("@sectester/core");
|
|
8
7
|
const ci_info_1 = tslib_1.__importDefault(require("ci-info"));
|
|
9
8
|
let DefaultScans = class DefaultScans {
|
|
10
|
-
constructor(configuration,
|
|
9
|
+
constructor(configuration, client) {
|
|
11
10
|
this.configuration = configuration;
|
|
12
|
-
this.
|
|
11
|
+
this.client = client;
|
|
13
12
|
}
|
|
14
|
-
createScan(config) {
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
|
|
22
|
-
|
|
13
|
+
async createScan(config) {
|
|
14
|
+
const response = await this.client.request('/api/v1/scans', {
|
|
15
|
+
method: 'POST',
|
|
16
|
+
headers: {
|
|
17
|
+
'content-type': 'application/json'
|
|
18
|
+
},
|
|
19
|
+
body: JSON.stringify({
|
|
20
|
+
...config,
|
|
21
|
+
info: {
|
|
22
|
+
source: 'utlib',
|
|
23
|
+
provider: ci_info_1.default.name,
|
|
24
|
+
client: {
|
|
25
|
+
name: this.configuration.name,
|
|
26
|
+
version: this.configuration.version
|
|
27
|
+
}
|
|
23
28
|
}
|
|
24
|
-
}
|
|
25
|
-
})
|
|
29
|
+
})
|
|
30
|
+
});
|
|
31
|
+
const result = (await response.json());
|
|
32
|
+
return result;
|
|
26
33
|
}
|
|
27
34
|
async listIssues(id) {
|
|
28
|
-
const
|
|
35
|
+
const response = await this.client.request(`/api/v1/scans/${id}/issues`);
|
|
36
|
+
const issues = (await response.json());
|
|
29
37
|
return issues.map(x => ({
|
|
30
38
|
...x,
|
|
31
|
-
|
|
39
|
+
time: new Date(x.time),
|
|
40
|
+
link: `${this.configuration.baseURL}/scans/${id}/issues/${x.id}`
|
|
32
41
|
}));
|
|
33
42
|
}
|
|
34
43
|
async stopScan(id) {
|
|
35
|
-
|
|
44
|
+
try {
|
|
45
|
+
await this.client.request(`/api/v1/scans/${id}/stop`);
|
|
46
|
+
}
|
|
47
|
+
catch (error) {
|
|
48
|
+
if (error instanceof core_1.ApiError && error.response.status === 404) {
|
|
49
|
+
return;
|
|
50
|
+
}
|
|
51
|
+
throw error;
|
|
52
|
+
}
|
|
36
53
|
}
|
|
37
54
|
async deleteScan(id) {
|
|
38
|
-
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
42
|
-
|
|
43
|
-
|
|
44
|
-
|
|
55
|
+
try {
|
|
56
|
+
await this.client.request(`/api/v1/scans/${id}`, {
|
|
57
|
+
method: 'DELETE'
|
|
58
|
+
});
|
|
59
|
+
}
|
|
60
|
+
catch (error) {
|
|
61
|
+
if (error instanceof core_1.ApiError && error.response.status === 404) {
|
|
62
|
+
return;
|
|
63
|
+
}
|
|
64
|
+
throw error;
|
|
65
|
+
}
|
|
45
66
|
}
|
|
46
|
-
async
|
|
47
|
-
const
|
|
48
|
-
|
|
67
|
+
async getScan(id) {
|
|
68
|
+
const response = await this.client.request(`/api/v1/scans/${id}`);
|
|
69
|
+
const result = (await response.json());
|
|
49
70
|
return result;
|
|
50
71
|
}
|
|
51
|
-
|
|
52
|
-
|
|
53
|
-
|
|
72
|
+
async createEntrypoint(target, repeaterId) {
|
|
73
|
+
var _a;
|
|
74
|
+
let response = await this.client.request(`/api/v2/projects/${this.configuration.projectId}/entry-points`, {
|
|
75
|
+
method: 'POST',
|
|
76
|
+
body: JSON.stringify({
|
|
77
|
+
repeaterId,
|
|
78
|
+
request: {
|
|
79
|
+
method: target.method,
|
|
80
|
+
url: target.url,
|
|
81
|
+
headers: target.headers,
|
|
82
|
+
body: (_a = target.postData) === null || _a === void 0 ? void 0 : _a.text
|
|
83
|
+
}
|
|
84
|
+
}),
|
|
85
|
+
headers: {
|
|
86
|
+
'content-type': 'application/json'
|
|
87
|
+
}
|
|
88
|
+
});
|
|
89
|
+
if (response.status === 409 && response.headers.has('location')) {
|
|
90
|
+
const location = response.headers.get('location');
|
|
91
|
+
response = await this.client.request(location);
|
|
54
92
|
}
|
|
93
|
+
const data = (await response.json());
|
|
94
|
+
return data;
|
|
55
95
|
}
|
|
56
96
|
};
|
|
57
97
|
exports.DefaultScans = DefaultScans;
|
|
58
98
|
exports.DefaultScans = DefaultScans = tslib_1.__decorate([
|
|
59
99
|
(0, tsyringe_1.injectable)(),
|
|
60
|
-
tslib_1.__param(1, (0, tsyringe_1.inject)(core_1.
|
|
100
|
+
tslib_1.__param(1, (0, tsyringe_1.inject)(core_1.ApiClient)),
|
|
61
101
|
tslib_1.__metadata("design:paramtypes", [core_1.Configuration, Object])
|
|
62
102
|
], DefaultScans);
|
|
63
103
|
//# sourceMappingURL=DefaultScans.js.map
|
package/src/DefaultScans.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DefaultScans.js","sourceRoot":"","sources":["../../../../packages/scan/src/DefaultScans.ts"],"names":[],"mappings":";;;;
|
|
1
|
+
{"version":3,"file":"DefaultScans.js","sourceRoot":"","sources":["../../../../packages/scan/src/DefaultScans.ts"],"names":[],"mappings":";;;;AAGA,uCAA8C;AAC9C,0CAAqE;AACrE,8DAAyB;AAGlB,IAAM,YAAY,GAAlB,MAAM,YAAY;IACvB,YACmB,aAA4B,EAE5B,MAAiB;QAFjB,kBAAa,GAAb,aAAa,CAAe;QAE5B,WAAM,GAAN,MAAM,CAAW;IACjC,CAAC;IAEG,KAAK,CAAC,UAAU,CAAC,MAAkB;QACxC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,eAAe,EAAE;YAC1D,MAAM,EAAE,MAAM;YACd,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;YACD,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,GAAG,MAAM;gBACT,IAAI,EAAE;oBACJ,MAAM,EAAE,OAAO;oBACf,QAAQ,EAAE,iBAAE,CAAC,IAAI;oBACjB,MAAM,EAAE;wBACN,IAAI,EAAE,IAAI,CAAC,aAAa,CAAC,IAAI;wBAC7B,OAAO,EAAE,IAAI,CAAC,aAAa,CAAC,OAAO;qBACpC;iBACF;aACF,CAAC;SACH,CAAC,CAAC;QACH,MAAM,MAAM,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAmB,CAAC;QAEzD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,EAAU;QAChC,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE,SAAS,CAAC,CAAC;QACzE,MAAM,MAAM,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAEjC,CAAC;QAEL,OAAO,MAAM,CAAC,GAAG,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC;YACtB,GAAG,CAAC;YACJ,IAAI,EAAE,IAAI,IAAI,CAAC,CAAC,CAAC,IAAI,CAAC;YACtB,IAAI,EAAE,GAAG,IAAI,CAAC,aAAa,CAAC,OAAO,UAAU,EAAE,WAAW,CAAC,CAAC,EAAE,EAAE;SACjE,CAAC,CAAC,CAAC;IACN,CAAC;IAEM,KAAK,CAAC,QAAQ,CAAC,EAAU;QAC9B,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE,OAAO,CAAC,CAAC;QACxD,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,eAAQ,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC/D,OAAO;YACT,CAAC;YAED,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,UAAU,CAAC,EAAU;QAChC,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,EAAE;gBAC/C,MAAM,EAAE,QAAQ;aACjB,CAAC,CAAC;QACL,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,KAAK,YAAY,eAAQ,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;gBAC/D,OAAO;YACT,CAAC;YAED,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,OAAO,CAAC,EAAU;QAC7B,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,iBAAiB,EAAE,EAAE,CAAC,CAAC;QAClE,MAAM,MAAM,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAc,CAAC;QAEpD,OAAO,MAAM,CAAC;IAChB,CAAC;IAEM,KAAK,CAAC,gBAAgB,CAC3B,MAAc,EACd,UAAkB;;QAElB,IAAI,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACtC,oBAAoB,IAAI,CAAC,aAAa,CAAC,SAAS,eAAe,EAC/D;YACE,MAAM,EAAE,MAAM;YACd,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC;gBACnB,UAAU;gBACV,OAAO,EAAE;oBACP,MAAM,EAAE,MAAM,CAAC,MAAM;oBACrB,GAAG,EAAE,MAAM,CAAC,GAAG;oBACf,OAAO,EAAE,MAAM,CAAC,OAAO;oBACvB,IAAI,EAAE,MAAA,MAAM,CAAC,QAAQ,0CAAE,IAAI;iBAC5B;aACF,CAAC;YACF,OAAO,EAAE;gBACP,cAAc,EAAE,kBAAkB;aACnC;SACF,CACF,CAAC;QAEF,IAAI,QAAQ,CAAC,MAAM,KAAK,GAAG,IAAI,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,EAAE,CAAC;YAChE,MAAM,QAAQ,GAAG,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAW,CAAC;YAC5D,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;QACjD,CAAC;QAED,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAmB,CAAC;QAEvD,OAAO,IAAI,CAAC;IACd,CAAC;CACF,CAAA;AA5GY,oCAAY;uBAAZ,YAAY;IADxB,IAAA,qBAAU,GAAE;IAIR,mBAAA,IAAA,iBAAM,EAAC,gBAAS,CAAC,CAAA;6CADc,oBAAa;GAFpC,YAAY,CA4GxB"}
|
|
@@ -0,0 +1 @@
|
|
|
1
|
+
{"version":3,"file":"Discoveries.js","sourceRoot":"","sources":["../../../../packages/scan/src/Discoveries.ts"],"names":[],"mappings":";;;AASa,QAAA,WAAW,GAAkB,MAAM,CAAC,aAAa,CAAC,CAAC"}
|
package/src/Scan.js
CHANGED
|
@@ -3,7 +3,7 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.Scan = void 0;
|
|
4
4
|
const models_1 = require("./models");
|
|
5
5
|
const exceptions_1 = require("./exceptions");
|
|
6
|
-
const
|
|
6
|
+
const promises_1 = require("node:timers/promises");
|
|
7
7
|
class Scan {
|
|
8
8
|
constructor({ id, scans, logger, timeout, pollingInterval = 5 * 1000 }) {
|
|
9
9
|
this.ACTIVE_STATUSES = new Set([
|
|
@@ -36,28 +36,22 @@ class Scan {
|
|
|
36
36
|
}
|
|
37
37
|
async *status() {
|
|
38
38
|
while (this.active) {
|
|
39
|
-
await (0,
|
|
39
|
+
await (0, promises_1.setTimeout)(this.pollingInterval);
|
|
40
40
|
yield this.refreshState();
|
|
41
41
|
}
|
|
42
42
|
return this.state;
|
|
43
43
|
}
|
|
44
44
|
async expect(expectation) {
|
|
45
|
-
|
|
46
|
-
const timer = this.timeout
|
|
47
|
-
? setTimeout(() => (timeoutPassed = true), this.timeout)
|
|
48
|
-
: undefined;
|
|
45
|
+
const signal = this.timeout ? AbortSignal.timeout(this.timeout) : undefined;
|
|
49
46
|
const predicate = this.createPredicate(expectation);
|
|
50
47
|
// eslint-disable-next-line @typescript-eslint/naming-convention
|
|
51
48
|
for await (const _ of this.status()) {
|
|
52
|
-
const preventFurtherPolling = (await predicate()) || this.done ||
|
|
49
|
+
const preventFurtherPolling = (await predicate()) || this.done || (signal === null || signal === void 0 ? void 0 : signal.aborted);
|
|
53
50
|
if (preventFurtherPolling) {
|
|
54
51
|
break;
|
|
55
52
|
}
|
|
56
53
|
}
|
|
57
|
-
|
|
58
|
-
clearTimeout(timer);
|
|
59
|
-
}
|
|
60
|
-
this.assert(timeoutPassed);
|
|
54
|
+
this.assert(signal === null || signal === void 0 ? void 0 : signal.aborted);
|
|
61
55
|
}
|
|
62
56
|
async dispose() {
|
|
63
57
|
try {
|
package/src/Scan.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Scan.js","sourceRoot":"","sources":["../../../../packages/scan/src/Scan.ts"],"names":[],"mappings":";;;AACA,qCAOkB;AAClB,6CAAyD;
|
|
1
|
+
{"version":3,"file":"Scan.js","sourceRoot":"","sources":["../../../../packages/scan/src/Scan.ts"],"names":[],"mappings":";;;AACA,qCAOkB;AAClB,6CAAyD;AAEzD,mDAAkD;AAUlD,MAAa,IAAI;IAmBf,YAAY,EACV,EAAE,EACF,KAAK,EACL,MAAM,EACN,OAAO,EACP,eAAe,GAAG,CAAC,GAAG,IAAI,EACd;QAvBG,oBAAe,GAA4B,IAAI,GAAG,CAAC;YAClE,mBAAU,CAAC,OAAO;YAClB,mBAAU,CAAC,OAAO;YAClB,mBAAU,CAAC,MAAM;SAClB,CAAC,CAAC;QACc,kBAAa,GAA4B,IAAI,GAAG,CAAC;YAChE,mBAAU,CAAC,SAAS;YACpB,mBAAU,CAAC,IAAI;YACf,mBAAU,CAAC,MAAM;YACjB,mBAAU,CAAC,OAAO;SACnB,CAAC,CAAC;QAKK,UAAK,GAAc,EAAE,MAAM,EAAE,mBAAU,CAAC,OAAO,EAAE,CAAC;QASxD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,IAAI,CAAC,EAAE,GAAG,EAAE,CAAC;QACb,IAAI,CAAC,eAAe,GAAG,eAAe,CAAC;QACvC,IAAI,CAAC,OAAO,GAAG,OAAO,CAAC;IACzB,CAAC;IAED,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,eAAe,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACrD,CAAC;IAED,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,aAAa,CAAC,GAAG,CAAC,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;IACnD,CAAC;IAEM,KAAK,CAAC,MAAM;QACjB,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAE1B,OAAO,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;IACxC,CAAC;IAEM,KAAK,CAAC,CAAC,MAAM;QAClB,OAAO,IAAI,CAAC,MAAM,EAAE,CAAC;YACnB,MAAM,IAAA,qBAAU,EAAC,IAAI,CAAC,eAAe,CAAC,CAAC;YAEvC,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;QAC5B,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAEM,KAAK,CAAC,MAAM,CACjB,WAAiD;QAEjD,MAAM,MAAM,GAAG,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,WAAW,CAAC,OAAO,CAAC,IAAI,CAAC,OAAO,CAAC,CAAC,CAAC,CAAC,SAAS,CAAC;QAE5E,MAAM,SAAS,GAAG,IAAI,CAAC,eAAe,CAAC,WAAW,CAAC,CAAC;QAEpD,gEAAgE;QAChE,IAAI,KAAK,EAAE,MAAM,CAAC,IAAI,IAAI,CAAC,MAAM,EAAE,EAAE,CAAC;YACpC,MAAM,qBAAqB,GACzB,CAAC,MAAM,SAAS,EAAE,CAAC,IAAI,IAAI,CAAC,IAAI,KAAI,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,OAAO,CAAA,CAAC;YAEtD,IAAI,qBAAqB,EAAE,CAAC;gBAC1B,MAAM;YACR,CAAC;QACH,CAAC;QAED,IAAI,CAAC,MAAM,CAAC,MAAM,aAAN,MAAM,uBAAN,MAAM,CAAE,OAAO,CAAC,CAAC;IAC/B,CAAC;IAEM,KAAK,CAAC,OAAO;QAClB,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;YAE1B,IAAI,CAAC,IAAI,CAAC,MAAM,EAAE,CAAC;gBACjB,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACvC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;IACH,CAAC;IAEM,KAAK,CAAC,IAAI;QACf,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,YAAY,EAAE,CAAC;YAE1B,IAAI,IAAI,CAAC,MAAM,EAAE,CAAC;gBAChB,MAAM,IAAI,CAAC,KAAK,CAAC,QAAQ,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YACrC,CAAC;QACH,CAAC;QAAC,MAAM,CAAC;YACP,OAAO;QACT,CAAC;IACH,CAAC;IAEO,MAAM,CAAC,aAAuB;;QACpC,MAAM,EAAE,MAAM,EAAE,GAAG,IAAI,CAAC,KAAK,CAAC;QAE9B,IAAI,IAAI,CAAC,IAAI,IAAI,MAAM,KAAK,mBAAU,CAAC,IAAI,EAAE,CAAC;YAC5C,MAAM,IAAI,wBAAW,CAAC,MAAM,CAAC,CAAC;QAChC,CAAC;QAED,IAAI,aAAa,EAAE,CAAC;YAClB,MAAM,IAAI,yBAAY,CAAC,MAAA,IAAI,CAAC,OAAO,mCAAI,CAAC,CAAC,CAAC;QAC5C,CAAC;IACH,CAAC;IAEO,KAAK,CAAC,YAAY;QACxB,IAAI,CAAC,IAAI,CAAC,IAAI,EAAE,CAAC;YACf,MAAM,SAAS,GAAG,IAAI,CAAC,KAAK,CAAC;YAE7B,IAAI,CAAC,KAAK,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,OAAO,CAAC,IAAI,CAAC,EAAE,CAAC,CAAC;YAE/C,IAAI,CAAC,cAAc,CAAC,SAAS,CAAC,MAAM,EAAE,IAAI,CAAC,KAAK,CAAC,MAAM,CAAC,CAAC;QAC3D,CAAC;QAED,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAEO,cAAc,CAAC,IAAgB,EAAE,EAAc;;QACrD,IAAI,IAAI,KAAK,mBAAU,CAAC,MAAM,IAAI,EAAE,KAAK,mBAAU,CAAC,MAAM,EAAE,CAAC;YAC3D,MAAA,IAAI,CAAC,MAAM,0CAAE,IAAI,CACf,gFAAgF;gBAC9E,kEAAkE;gBAClE,qDAAqD;gBACrD,uEAAuE,CAC1E,CAAC;QACJ,CAAC;QAED,IAAI,IAAI,KAAK,mBAAU,CAAC,MAAM,IAAI,EAAE,KAAK,mBAAU,CAAC,MAAM,EAAE,CAAC;YAC3D,MAAA,IAAI,CAAC,MAAM,0CAAE,GAAG,CAAC,yCAAyC,CAAC,CAAC;QAC9D,CAAC;IACH,CAAC;IAEO,eAAe,CACrB,WAAiD;QAEjD,OAAO,GAAG,EAAE;YACV,IAAI,CAAC;gBACH,OAAO,OAAO,WAAW,KAAK,UAAU;oBACtC,CAAC,CAAC,WAAW,CAAC,IAAI,CAAC;oBACnB,CAAC,CAAC,IAAI,CAAC,kBAAkB,CAAC,WAAW,CAAC,CAAC;YAC3C,CAAC;YAAC,MAAM,CAAC;gBACP,OAAO;YACT,CAAC;QACH,CAAC,CAAC;IACJ,CAAC;IAEO,kBAAkB,CAAC,QAAkB;;QAC3C,MAAM,WAAW,GAAG,MAAA,IAAI,CAAC,KAAK,CAAC,gBAAgB,mCAAI,EAAE,CAAC;QAEtD,OAAO,WAAW,CAAC,IAAI,CACrB,CAAC,CAAa,EAAE,EAAE,WAChB,OAAA,CAAA,MAAA,uBAAc,CAAC,GAAG,CAAC,QAAQ,CAAC,0CAAE,QAAQ,CAAC,CAAC,CAAC,IAAI,CAAC,KAAI,CAAC,CAAC,MAAM,GAAG,CAAC,CAAA,EAAA,CACjE,CAAC;IACJ,CAAC;CACF;AAlKD,oBAkKC"}
|
package/src/ScanFactory.d.ts
CHANGED
|
@@ -4,6 +4,7 @@ import { Configuration } from '@sectester/core';
|
|
|
4
4
|
export declare class ScanFactory {
|
|
5
5
|
private readonly configuration;
|
|
6
6
|
private readonly scans;
|
|
7
|
+
private readonly discoveries;
|
|
7
8
|
private readonly container;
|
|
8
9
|
private readonly logger;
|
|
9
10
|
constructor(configuration: Configuration);
|
|
@@ -11,9 +12,5 @@ export declare class ScanFactory {
|
|
|
11
12
|
timeout?: number;
|
|
12
13
|
pollingInterval?: number;
|
|
13
14
|
}): Promise<Scan>;
|
|
14
|
-
private
|
|
15
|
-
private createAndUploadHar;
|
|
16
|
-
private generateFilename;
|
|
17
|
-
private createHarEntry;
|
|
18
|
-
private createHar;
|
|
15
|
+
private createScanConfig;
|
|
19
16
|
}
|
package/src/ScanFactory.js
CHANGED
|
@@ -3,94 +3,37 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.ScanFactory = void 0;
|
|
4
4
|
const Scans_1 = require("./Scans");
|
|
5
5
|
const Scan_1 = require("./Scan");
|
|
6
|
-
const models_1 = require("./models");
|
|
7
6
|
const ScanSettings_1 = require("./ScanSettings");
|
|
8
7
|
const target_1 = require("./target");
|
|
9
|
-
const
|
|
8
|
+
const Discoveries_1 = require("./Discoveries");
|
|
10
9
|
const core_1 = require("@sectester/core");
|
|
11
10
|
class ScanFactory {
|
|
12
11
|
constructor(configuration) {
|
|
13
12
|
this.configuration = configuration;
|
|
14
13
|
this.container = this.configuration.container.createChildContainer();
|
|
15
14
|
this.scans = this.container.resolve(Scans_1.Scans);
|
|
15
|
+
this.discoveries = this.container.resolve(Discoveries_1.Discoveries);
|
|
16
16
|
this.logger = this.container.resolve(core_1.Logger);
|
|
17
17
|
}
|
|
18
18
|
async createScan(settings, options = {}) {
|
|
19
|
-
const config = await this.
|
|
19
|
+
const config = await this.createScanConfig(new ScanSettings_1.ScanSettings(settings));
|
|
20
20
|
const { id } = await this.scans.createScan(config);
|
|
21
21
|
return new Scan_1.Scan({ id, logger: this.logger, scans: this.scans, ...options });
|
|
22
22
|
}
|
|
23
|
-
async
|
|
24
|
-
const
|
|
23
|
+
async createScanConfig({ name, tests, target, repeaterId, smart, poolSize, skipStaticParams, attackParamLocations }) {
|
|
24
|
+
const { id: entrypointId } = await this.discoveries.createEntrypoint(new target_1.Target(target), repeaterId);
|
|
25
25
|
return {
|
|
26
26
|
name,
|
|
27
|
-
fileId,
|
|
28
27
|
smart,
|
|
29
28
|
poolSize,
|
|
30
29
|
skipStaticParams,
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
module: models_1.Module.DAST,
|
|
34
|
-
discoveryTypes: [models_1.Discovery.ARCHIVE],
|
|
30
|
+
projectId: this.configuration.projectId,
|
|
31
|
+
entryPointIds: [entrypointId],
|
|
35
32
|
attackParamLocations: [...attackParamLocations],
|
|
36
33
|
tests: [...tests],
|
|
37
34
|
repeaters: repeaterId ? [repeaterId] : undefined
|
|
38
35
|
};
|
|
39
36
|
}
|
|
40
|
-
async createAndUploadHar(target) {
|
|
41
|
-
const har = this.createHar(target);
|
|
42
|
-
const filename = this.generateFilename(target.url);
|
|
43
|
-
const { id } = await this.scans.uploadHar({
|
|
44
|
-
har,
|
|
45
|
-
filename,
|
|
46
|
-
discard: true
|
|
47
|
-
});
|
|
48
|
-
return id;
|
|
49
|
-
}
|
|
50
|
-
generateFilename(url) {
|
|
51
|
-
const { hostname } = new URL(url);
|
|
52
|
-
const slug = (0, core_1.truncate)(hostname, 200);
|
|
53
|
-
return `${slug}-${(0, uuid_1.v4)()}.har`;
|
|
54
|
-
}
|
|
55
|
-
createHarEntry(target) {
|
|
56
|
-
return {
|
|
57
|
-
startedDateTime: new Date().toISOString(),
|
|
58
|
-
request: new target_1.Target(target).toHarRequest(),
|
|
59
|
-
response: {
|
|
60
|
-
httpVersion: 'HTTP/1.1',
|
|
61
|
-
status: 200,
|
|
62
|
-
statusText: 'OK',
|
|
63
|
-
headersSize: -1,
|
|
64
|
-
bodySize: -1,
|
|
65
|
-
content: {
|
|
66
|
-
size: -1,
|
|
67
|
-
mimeType: 'text/plain'
|
|
68
|
-
},
|
|
69
|
-
redirectURL: '',
|
|
70
|
-
cookies: [],
|
|
71
|
-
headers: []
|
|
72
|
-
},
|
|
73
|
-
cache: {},
|
|
74
|
-
time: 0,
|
|
75
|
-
timings: {
|
|
76
|
-
send: 0,
|
|
77
|
-
receive: 0,
|
|
78
|
-
wait: 0
|
|
79
|
-
}
|
|
80
|
-
};
|
|
81
|
-
}
|
|
82
|
-
createHar(target) {
|
|
83
|
-
return {
|
|
84
|
-
log: {
|
|
85
|
-
version: '1.2',
|
|
86
|
-
creator: {
|
|
87
|
-
name: this.configuration.name,
|
|
88
|
-
version: this.configuration.version
|
|
89
|
-
},
|
|
90
|
-
entries: [this.createHarEntry(target)]
|
|
91
|
-
}
|
|
92
|
-
};
|
|
93
|
-
}
|
|
94
37
|
}
|
|
95
38
|
exports.ScanFactory = ScanFactory;
|
|
96
39
|
//# sourceMappingURL=ScanFactory.js.map
|
package/src/ScanFactory.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ScanFactory.js","sourceRoot":"","sources":["../../../../packages/scan/src/ScanFactory.ts"],"names":[],"mappings":";;;AAAA,mCAAgC;AAChC,iCAA8B;
|
|
1
|
+
{"version":3,"file":"ScanFactory.js","sourceRoot":"","sources":["../../../../packages/scan/src/ScanFactory.ts"],"names":[],"mappings":";;;AAAA,mCAAgC;AAChC,iCAA8B;AAE9B,iDAAmE;AACnE,qCAAkC;AAClC,+CAA4C;AAC5C,0CAAwD;AAGxD,MAAa,WAAW;IAMtB,YAA6B,aAA4B;QAA5B,kBAAa,GAAb,aAAa,CAAe;QACvD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,oBAAoB,EAAE,CAAC;QACrE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,aAAK,CAAC,CAAC;QAC3C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,yBAAW,CAAC,CAAC;QACvD,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,aAAM,CAAC,CAAC;IAC/C,CAAC;IAEM,KAAK,CAAC,UAAU,CACrB,QAA4C,EAC5C,UAGI,EAAE;QAEN,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,2BAAY,CAAC,QAAQ,CAAC,CAAC,CAAC;QACvE,MAAM,EAAE,EAAE,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAEnD,OAAO,IAAI,WAAI,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;IAC9E,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,EAC7B,IAAI,EACJ,KAAK,EACL,MAAM,EACN,UAAU,EACV,KAAK,EACL,QAAQ,EACR,gBAAgB,EAChB,oBAAoB,EACP;QACb,MAAM,EAAE,EAAE,EAAE,YAAY,EAAE,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAClE,IAAI,eAAM,CAAC,MAAM,CAAC,EAClB,UAAU,CACX,CAAC;QAEF,OAAO;YACL,IAAI;YACJ,KAAK;YACL,QAAQ;YACR,gBAAgB;YAChB,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,SAAS;YACvC,aAAa,EAAE,CAAC,YAAY,CAAC;YAC7B,oBAAoB,EAAE,CAAC,GAAG,oBAAoB,CAAC;YAC/C,KAAK,EAAE,CAAC,GAAG,KAAK,CAAC;YACjB,SAAS,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;SACjD,CAAC;IACJ,CAAC;CACF;AArDD,kCAqDC"}
|
package/src/ScanSettings.d.ts
CHANGED
|
@@ -7,8 +7,6 @@ export interface ScanSettingsOptions {
|
|
|
7
7
|
repeaterId?: string;
|
|
8
8
|
smart?: boolean;
|
|
9
9
|
poolSize?: number;
|
|
10
|
-
slowEpTimeout?: number;
|
|
11
|
-
targetTimeout?: number;
|
|
12
10
|
skipStaticParams?: boolean;
|
|
13
11
|
attackParamLocations?: AttackParamLocation[];
|
|
14
12
|
}
|
|
@@ -28,12 +26,6 @@ export declare class ScanSettings implements ScanSettingsOptions {
|
|
|
28
26
|
private _target;
|
|
29
27
|
get target(): Target;
|
|
30
28
|
private set target(value);
|
|
31
|
-
private _targetTimeout?;
|
|
32
|
-
get targetTimeout(): number | undefined;
|
|
33
|
-
private set targetTimeout(value);
|
|
34
|
-
private _slowEpTimeout?;
|
|
35
|
-
get slowEpTimeout(): number | undefined;
|
|
36
|
-
private set slowEpTimeout(value);
|
|
37
29
|
private _poolSize;
|
|
38
30
|
get poolSize(): number;
|
|
39
31
|
private set poolSize(value);
|
|
@@ -43,5 +35,5 @@ export declare class ScanSettings implements ScanSettingsOptions {
|
|
|
43
35
|
private _attackParamLocations;
|
|
44
36
|
get attackParamLocations(): AttackParamLocation[];
|
|
45
37
|
private set attackParamLocations(value);
|
|
46
|
-
constructor({ name, tests, target, repeaterId, smart, poolSize,
|
|
38
|
+
constructor({ name, tests, target, repeaterId, smart, poolSize, skipStaticParams, attackParamLocations }: ScanSettingsOptions);
|
|
47
39
|
}
|
package/src/ScanSettings.js
CHANGED
|
@@ -38,24 +38,6 @@ class ScanSettings {
|
|
|
38
38
|
set target(value) {
|
|
39
39
|
this._target = new target_1.Target(value);
|
|
40
40
|
}
|
|
41
|
-
get targetTimeout() {
|
|
42
|
-
return this._targetTimeout;
|
|
43
|
-
}
|
|
44
|
-
set targetTimeout(value) {
|
|
45
|
-
if (!(0, core_1.checkBoundaries)(value, { max: 120, min: 0, exclusiveMin: true })) {
|
|
46
|
-
throw new Error('Invalid target connection timeout.');
|
|
47
|
-
}
|
|
48
|
-
this._targetTimeout = value;
|
|
49
|
-
}
|
|
50
|
-
get slowEpTimeout() {
|
|
51
|
-
return this._slowEpTimeout;
|
|
52
|
-
}
|
|
53
|
-
set slowEpTimeout(value) {
|
|
54
|
-
if (!(0, core_1.checkBoundaries)(value, { min: 100 })) {
|
|
55
|
-
throw new Error('Invalid slow entry point timeout.');
|
|
56
|
-
}
|
|
57
|
-
this._slowEpTimeout = value;
|
|
58
|
-
}
|
|
59
41
|
get poolSize() {
|
|
60
42
|
return this._poolSize;
|
|
61
43
|
}
|
|
@@ -91,7 +73,7 @@ class ScanSettings {
|
|
|
91
73
|
}
|
|
92
74
|
this._attackParamLocations = [...uniqueAttackParamLocations];
|
|
93
75
|
}
|
|
94
|
-
constructor({ name, tests, target, repeaterId, smart = true, poolSize = 10,
|
|
76
|
+
constructor({ name, tests, target, repeaterId, smart = true, poolSize = 10, skipStaticParams = true, attackParamLocations = [
|
|
95
77
|
models_1.AttackParamLocation.BODY,
|
|
96
78
|
models_1.AttackParamLocation.QUERY,
|
|
97
79
|
models_1.AttackParamLocation.FRAGMENT
|
|
@@ -99,13 +81,11 @@ class ScanSettings {
|
|
|
99
81
|
this.attackParamLocations = attackParamLocations;
|
|
100
82
|
this.target = target;
|
|
101
83
|
const { method, parsedURL } = this.target;
|
|
102
|
-
this.name = name || (0, core_1.truncate)(`${method} ${parsedURL.
|
|
84
|
+
this.name = name || (0, core_1.truncate)(`${method} ${parsedURL.pathname}`, 200);
|
|
103
85
|
this.poolSize = poolSize;
|
|
104
86
|
this.repeaterId = repeaterId;
|
|
105
87
|
this.skipStaticParams = skipStaticParams;
|
|
106
|
-
this.slowEpTimeout = slowEpTimeout;
|
|
107
88
|
this.smart = smart;
|
|
108
|
-
this.targetTimeout = targetTimeout;
|
|
109
89
|
this.tests = tests;
|
|
110
90
|
}
|
|
111
91
|
}
|
package/src/ScanSettings.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ScanSettings.js","sourceRoot":"","sources":["../../../../packages/scan/src/ScanSettings.ts"],"names":[],"mappings":";;;AAAA,qCAAyD;AACzD,qCAAiD;AACjD,0CAAsE;
|
|
1
|
+
{"version":3,"file":"ScanSettings.js","sourceRoot":"","sources":["../../../../packages/scan/src/ScanSettings.ts"],"names":[],"mappings":";;;AAAA,qCAAyD;AACzD,qCAAiD;AACjD,0CAAsE;AAqBtE,MAAa,YAAY;IAGvB,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,IAAY,IAAI,CAAC,KAAa;QAC5B,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAID,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,IAAY,UAAU,CAAC,KAAK;QAC1B,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;IAC3B,CAAC;IAID,IAAI,gBAAgB;QAClB,OAAO,IAAI,CAAC,iBAAiB,CAAC;IAChC,CAAC;IAED,IAAY,gBAAgB,CAAC,KAAc;QACzC,IAAI,CAAC,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC;IACnC,CAAC;IAID,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,IAAI,KAAK,CAAC,KAAc;QACtB,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC;IACxB,CAAC;IAID,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,IAAY,MAAM,CAAC,KAA6B;QAC9C,IAAI,CAAC,OAAO,GAAG,IAAI,eAAM,CAAC,KAAK,CAAC,CAAC;IACnC,CAAC;IAID,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,IAAY,QAAQ,CAAC,KAAa;QAChC,IAAI,CAAC,IAAA,sBAAe,EAAC,KAAK,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACxC,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC;IACzB,CAAC;IAID,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,IAAY,KAAK,CAAC,KAAiB;QACjC,IAAI,CAAC,IAAA,eAAQ,EAAC,iBAAQ,EAAE,KAAK,CAAC,EAAE,CAAC;YAC/B,MAAM,IAAI,KAAK,CAAC,6BAA6B,CAAC,CAAC;QACjD,CAAC;QAED,MAAM,eAAe,GAAG,IAAI,GAAG,CAAW,KAAK,CAAC,CAAC;QAEjD,IAAI,eAAe,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,kCAAkC,CAAC,CAAC;QACtD,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,CAAC,GAAG,eAAe,CAAC,CAAC;IACrC,CAAC;IAID,IAAI,oBAAoB;QACtB,OAAO,IAAI,CAAC,qBAAqB,CAAC;IACpC,CAAC;IAED,IAAY,oBAAoB,CAAC,KAA4B;QAC3D,IAAI,CAAC,IAAA,eAAQ,EAAC,4BAAmB,EAAE,KAAK,CAAC,EAAE,CAAC;YAC1C,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QAED,MAAM,0BAA0B,GAAG,IAAI,GAAG,CAAsB,KAAK,CAAC,CAAC;QAEvE,IAAI,0BAA0B,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YACxC,MAAM,IAAI,KAAK,CAAC,uDAAuD,CAAC,CAAC;QAC3E,CAAC;QAED,IAAI,CAAC,qBAAqB,GAAG,CAAC,GAAG,0BAA0B,CAAC,CAAC;IAC/D,CAAC;IAED,YAAY,EACV,IAAI,EACJ,KAAK,EACL,MAAM,EACN,UAAU,EACV,KAAK,GAAG,IAAI,EACZ,QAAQ,GAAG,EAAE,EACb,gBAAgB,GAAG,IAAI,EACvB,oBAAoB,GAAG;QACrB,4BAAmB,CAAC,IAAI;QACxB,4BAAmB,CAAC,KAAK;QACzB,4BAAmB,CAAC,QAAQ;KAC7B,EACmB;QACpB,IAAI,CAAC,oBAAoB,GAAG,oBAAoB,CAAC;QACjD,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC;QAC1C,IAAI,CAAC,IAAI,GAAG,IAAI,IAAI,IAAA,eAAQ,EAAC,GAAG,MAAM,IAAI,SAAS,CAAC,QAAQ,EAAE,EAAE,GAAG,CAAC,CAAC;QACrE,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;QACzC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;CACF;AApID,oCAoIC"}
|
package/src/Scans.d.ts
CHANGED
|
@@ -1,10 +1,5 @@
|
|
|
1
1
|
import { Issue, ScanConfig, ScanState } from './models';
|
|
2
|
-
import {
|
|
3
|
-
export interface UploadHarOptions {
|
|
4
|
-
har: Har;
|
|
5
|
-
filename: string;
|
|
6
|
-
discard?: boolean;
|
|
7
|
-
}
|
|
2
|
+
import { Target } from './target';
|
|
8
3
|
export interface Scans {
|
|
9
4
|
createScan(config: ScanConfig): Promise<{
|
|
10
5
|
id: string;
|
|
@@ -13,7 +8,7 @@ export interface Scans {
|
|
|
13
8
|
stopScan(id: string): Promise<void>;
|
|
14
9
|
deleteScan(id: string): Promise<void>;
|
|
15
10
|
getScan(id: string): Promise<ScanState>;
|
|
16
|
-
|
|
11
|
+
createEntrypoint(target: Target, repeaterId?: string): Promise<{
|
|
17
12
|
id: string;
|
|
18
13
|
}>;
|
|
19
14
|
}
|
package/src/Scans.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"Scans.js","sourceRoot":"","sources":["../../../../packages/scan/src/Scans.ts"],"names":[],"mappings":";;;
|
|
1
|
+
{"version":3,"file":"Scans.js","sourceRoot":"","sources":["../../../../packages/scan/src/Scans.ts"],"names":[],"mappings":";;;AAoBa,QAAA,KAAK,GAAkB,MAAM,CAAC,OAAO,CAAC,CAAC"}
|
|
@@ -3,8 +3,6 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
exports.AttackParamLocation = void 0;
|
|
4
4
|
var AttackParamLocation;
|
|
5
5
|
(function (AttackParamLocation) {
|
|
6
|
-
AttackParamLocation["ARTIFICAL_FRAGMENT"] = "artifical-fragment";
|
|
7
|
-
AttackParamLocation["ARTIFICAL_QUERY"] = "artifical-query";
|
|
8
6
|
AttackParamLocation["BODY"] = "body";
|
|
9
7
|
AttackParamLocation["FRAGMENT"] = "fragment";
|
|
10
8
|
AttackParamLocation["HEADER"] = "header";
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"AttackParamLocation.js","sourceRoot":"","sources":["../../../../../packages/scan/src/models/AttackParamLocation.ts"],"names":[],"mappings":";;;AAAA,IAAY,
|
|
1
|
+
{"version":3,"file":"AttackParamLocation.js","sourceRoot":"","sources":["../../../../../packages/scan/src/models/AttackParamLocation.ts"],"names":[],"mappings":";;;AAAA,IAAY,mBAMX;AAND,WAAY,mBAAmB;IAC7B,oCAAa,CAAA;IACb,4CAAqB,CAAA;IACrB,wCAAiB,CAAA;IACjB,oCAAa,CAAA;IACb,sCAAe,CAAA;AACjB,CAAC,EANW,mBAAmB,mCAAnB,mBAAmB,QAM9B"}
|
package/src/models/Issue.d.ts
CHANGED
|
@@ -14,13 +14,6 @@ export interface Response {
|
|
|
14
14
|
status?: number;
|
|
15
15
|
protocol?: Protocol;
|
|
16
16
|
}
|
|
17
|
-
export type Frame = 'outgoing' | 'incoming';
|
|
18
|
-
export interface WebsocketFrame {
|
|
19
|
-
type: Frame;
|
|
20
|
-
status?: number;
|
|
21
|
-
data?: string;
|
|
22
|
-
timestamp?: number;
|
|
23
|
-
}
|
|
24
17
|
export interface Screenshot {
|
|
25
18
|
url: string;
|
|
26
19
|
title: string;
|
|
@@ -32,9 +25,9 @@ export interface Comment {
|
|
|
32
25
|
}
|
|
33
26
|
export interface Issue {
|
|
34
27
|
id: string;
|
|
35
|
-
order: number;
|
|
36
28
|
details: string;
|
|
37
29
|
name: string;
|
|
30
|
+
certainty: boolean;
|
|
38
31
|
severity: Severity;
|
|
39
32
|
protocol: Protocol;
|
|
40
33
|
remedy: string;
|
|
@@ -48,7 +41,4 @@ export interface Issue {
|
|
|
48
41
|
screenshots?: Screenshot[];
|
|
49
42
|
cvss?: string;
|
|
50
43
|
cwe?: string;
|
|
51
|
-
frames?: WebsocketFrame[];
|
|
52
|
-
originalFrames?: WebsocketFrame[];
|
|
53
|
-
response?: Response;
|
|
54
44
|
}
|
|
@@ -1,20 +1,15 @@
|
|
|
1
|
-
import { Module } from './Module';
|
|
2
1
|
import { TestType } from './TestType';
|
|
3
|
-
import { Discovery } from './Discovery';
|
|
4
2
|
import { AttackParamLocation } from './AttackParamLocation';
|
|
5
3
|
export interface ScanConfig {
|
|
6
4
|
name: string;
|
|
7
|
-
|
|
5
|
+
projectId: string;
|
|
6
|
+
entryPointIds: string[];
|
|
8
7
|
tests?: TestType[];
|
|
9
|
-
discoveryTypes?: Discovery[];
|
|
10
8
|
poolSize?: number;
|
|
11
9
|
attackParamLocations?: AttackParamLocation[];
|
|
12
|
-
fileId?: string;
|
|
13
|
-
hostsFilter?: string[];
|
|
14
10
|
repeaters?: string[];
|
|
15
11
|
smart?: boolean;
|
|
16
12
|
skipStaticParams?: boolean;
|
|
17
|
-
projectId?: string;
|
|
18
13
|
slowEpTimeout?: number;
|
|
19
14
|
targetTimeout?: number;
|
|
20
15
|
}
|
package/src/models/TestType.d.ts
CHANGED
|
@@ -1,13 +1,13 @@
|
|
|
1
1
|
export declare enum TestType {
|
|
2
2
|
AMAZON_S3_TAKEOVER = "amazon_s3_takeover",
|
|
3
|
-
|
|
3
|
+
BROKEN_OBJECT_PROPERTY_LEVEL_AUTHORIZATION = "bopla",
|
|
4
4
|
BROKEN_ACCESS_CONTROL = "broken_access_control",
|
|
5
|
-
|
|
6
|
-
|
|
5
|
+
BROKEN_SAML_AUTHENTICATION = "broken_saml_auth",
|
|
6
|
+
BROKEN_JWT_AUTHENTICATION = "jwt",
|
|
7
7
|
BRUTE_FORCE_LOGIN = "brute_force_login",
|
|
8
8
|
BUSINESS_CONSTRAINT_BYPASS = "business_constraint_bypass",
|
|
9
9
|
COOKIE_SECURITY = "cookie_security",
|
|
10
|
-
|
|
10
|
+
CROSS_SITE_REQUEST_FORGERY = "csrf",
|
|
11
11
|
CSS_INJECTION = "css_injection",
|
|
12
12
|
DATE_MANIPULATION = "date_manipulation",
|
|
13
13
|
EMAIL_INJECTION = "email_injection",
|
|
@@ -21,26 +21,25 @@ export declare enum TestType {
|
|
|
21
21
|
IFRAME_INJECTION = "iframe_injection",
|
|
22
22
|
IMPROPER_ASSET_MANAGEMENT = "improper_asset_management",
|
|
23
23
|
INSECURE_OUTPUT_HANDLING = "insecure_output_handling",
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
LRRL = "lrrl",
|
|
24
|
+
LDAP_INJECTION = "ldapi",
|
|
25
|
+
LOCAL_FILE_INCLUSION = "lfi",
|
|
27
26
|
MASS_ASSIGNMENT = "mass_assignment",
|
|
28
|
-
|
|
27
|
+
MONGODB_INJECTION = "nosql",
|
|
29
28
|
OPEN_CLOUD_STORAGE = "open_cloud_storage",
|
|
30
|
-
|
|
31
|
-
|
|
29
|
+
EXPOSED_DATABASE_DETAILS = "open_database",
|
|
30
|
+
OS_COMMAND_INJECTION = "osi",
|
|
32
31
|
PASSWORD_RESET_POISONING = "password_reset_poisoning",
|
|
33
32
|
PROMPT_INJECTION = "prompt_injection",
|
|
34
|
-
|
|
35
|
-
|
|
36
|
-
|
|
37
|
-
|
|
33
|
+
JS_PROTOTYPE_POLLUTION = "proto_pollution",
|
|
34
|
+
REMOTE_FILE_INCLUSION = "rfi",
|
|
35
|
+
SQL_INJECTION = "sqli",
|
|
36
|
+
SECRET_TOKENS_LEAK = "secret_tokens",
|
|
38
37
|
SERVER_SIDE_JS_INJECTION = "server_side_js_injection",
|
|
39
|
-
|
|
40
|
-
|
|
41
|
-
|
|
38
|
+
SERVER_SIDE_REQUEST_FORGERY = "ssrf",
|
|
39
|
+
SERVER_SIDE_TEMPLATE_INJECTION = "ssti",
|
|
40
|
+
STORED_CROSS_SITE_SCRIPTING = "stored_xss",
|
|
42
41
|
UNVALIDATED_REDIRECT = "unvalidated_redirect",
|
|
43
|
-
|
|
44
|
-
|
|
45
|
-
|
|
42
|
+
XPATH_INJECTION = "xpathi",
|
|
43
|
+
XML_EXTERNAL_ENTITY_INJECTION = "xxe",
|
|
44
|
+
CROSS_SITE_SCRIPTING = "xss"
|
|
46
45
|
}
|
package/src/models/TestType.js
CHANGED
|
@@ -4,14 +4,14 @@ exports.TestType = void 0;
|
|
|
4
4
|
var TestType;
|
|
5
5
|
(function (TestType) {
|
|
6
6
|
TestType["AMAZON_S3_TAKEOVER"] = "amazon_s3_takeover";
|
|
7
|
-
TestType["
|
|
7
|
+
TestType["BROKEN_OBJECT_PROPERTY_LEVEL_AUTHORIZATION"] = "bopla";
|
|
8
8
|
TestType["BROKEN_ACCESS_CONTROL"] = "broken_access_control";
|
|
9
|
-
TestType["
|
|
10
|
-
TestType["
|
|
9
|
+
TestType["BROKEN_SAML_AUTHENTICATION"] = "broken_saml_auth";
|
|
10
|
+
TestType["BROKEN_JWT_AUTHENTICATION"] = "jwt";
|
|
11
11
|
TestType["BRUTE_FORCE_LOGIN"] = "brute_force_login";
|
|
12
12
|
TestType["BUSINESS_CONSTRAINT_BYPASS"] = "business_constraint_bypass";
|
|
13
13
|
TestType["COOKIE_SECURITY"] = "cookie_security";
|
|
14
|
-
TestType["
|
|
14
|
+
TestType["CROSS_SITE_REQUEST_FORGERY"] = "csrf";
|
|
15
15
|
TestType["CSS_INJECTION"] = "css_injection";
|
|
16
16
|
TestType["DATE_MANIPULATION"] = "date_manipulation";
|
|
17
17
|
TestType["EMAIL_INJECTION"] = "email_injection";
|
|
@@ -25,27 +25,26 @@ var TestType;
|
|
|
25
25
|
TestType["IFRAME_INJECTION"] = "iframe_injection";
|
|
26
26
|
TestType["IMPROPER_ASSET_MANAGEMENT"] = "improper_asset_management";
|
|
27
27
|
TestType["INSECURE_OUTPUT_HANDLING"] = "insecure_output_handling";
|
|
28
|
-
TestType["
|
|
29
|
-
TestType["
|
|
30
|
-
TestType["LRRL"] = "lrrl";
|
|
28
|
+
TestType["LDAP_INJECTION"] = "ldapi";
|
|
29
|
+
TestType["LOCAL_FILE_INCLUSION"] = "lfi";
|
|
31
30
|
TestType["MASS_ASSIGNMENT"] = "mass_assignment";
|
|
32
|
-
TestType["
|
|
31
|
+
TestType["MONGODB_INJECTION"] = "nosql";
|
|
33
32
|
TestType["OPEN_CLOUD_STORAGE"] = "open_cloud_storage";
|
|
34
|
-
TestType["
|
|
35
|
-
TestType["
|
|
33
|
+
TestType["EXPOSED_DATABASE_DETAILS"] = "open_database";
|
|
34
|
+
TestType["OS_COMMAND_INJECTION"] = "osi";
|
|
36
35
|
TestType["PASSWORD_RESET_POISONING"] = "password_reset_poisoning";
|
|
37
36
|
TestType["PROMPT_INJECTION"] = "prompt_injection";
|
|
38
|
-
TestType["
|
|
39
|
-
TestType["
|
|
40
|
-
TestType["
|
|
41
|
-
TestType["
|
|
37
|
+
TestType["JS_PROTOTYPE_POLLUTION"] = "proto_pollution";
|
|
38
|
+
TestType["REMOTE_FILE_INCLUSION"] = "rfi";
|
|
39
|
+
TestType["SQL_INJECTION"] = "sqli";
|
|
40
|
+
TestType["SECRET_TOKENS_LEAK"] = "secret_tokens";
|
|
42
41
|
TestType["SERVER_SIDE_JS_INJECTION"] = "server_side_js_injection";
|
|
43
|
-
TestType["
|
|
44
|
-
TestType["
|
|
45
|
-
TestType["
|
|
42
|
+
TestType["SERVER_SIDE_REQUEST_FORGERY"] = "ssrf";
|
|
43
|
+
TestType["SERVER_SIDE_TEMPLATE_INJECTION"] = "ssti";
|
|
44
|
+
TestType["STORED_CROSS_SITE_SCRIPTING"] = "stored_xss";
|
|
46
45
|
TestType["UNVALIDATED_REDIRECT"] = "unvalidated_redirect";
|
|
47
|
-
TestType["
|
|
48
|
-
TestType["
|
|
49
|
-
TestType["
|
|
46
|
+
TestType["XPATH_INJECTION"] = "xpathi";
|
|
47
|
+
TestType["XML_EXTERNAL_ENTITY_INJECTION"] = "xxe";
|
|
48
|
+
TestType["CROSS_SITE_SCRIPTING"] = "xss";
|
|
50
49
|
})(TestType || (exports.TestType = TestType = {}));
|
|
51
50
|
//# sourceMappingURL=TestType.js.map
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"TestType.js","sourceRoot":"","sources":["../../../../../packages/scan/src/models/TestType.ts"],"names":[],"mappings":";;;AAAA,IAAY,
|
|
1
|
+
{"version":3,"file":"TestType.js","sourceRoot":"","sources":["../../../../../packages/scan/src/models/TestType.ts"],"names":[],"mappings":";;;AAAA,IAAY,QA4CX;AA5CD,WAAY,QAAQ;IAClB,qDAAyC,CAAA;IACzC,gEAAoD,CAAA;IACpD,2DAA+C,CAAA;IAC/C,2DAA+C,CAAA;IAC/C,6CAAiC,CAAA;IACjC,mDAAuC,CAAA;IACvC,qEAAyD,CAAA;IACzD,+CAAmC,CAAA;IACnC,+CAAmC,CAAA;IACnC,2CAA+B,CAAA;IAC/B,mDAAuC,CAAA;IACvC,+CAAmC,CAAA;IACnC,+DAAmD,CAAA;IACnD,uCAA2B,CAAA;IAC3B,yDAA6C,CAAA;IAC7C,2DAA+C,CAAA;IAC/C,6CAAiC,CAAA;IACjC,uDAA2C,CAAA;IAC3C,6CAAiC,CAAA;IACjC,iDAAqC,CAAA;IACrC,mEAAuD,CAAA;IACvD,iEAAqD,CAAA;IACrD,oCAAwB,CAAA;IACxB,wCAA4B,CAAA;IAC5B,+CAAmC,CAAA;IACnC,uCAA2B,CAAA;IAC3B,qDAAyC,CAAA;IACzC,sDAA0C,CAAA;IAC1C,wCAA4B,CAAA;IAC5B,iEAAqD,CAAA;IACrD,iDAAqC,CAAA;IACrC,sDAA0C,CAAA;IAC1C,yCAA6B,CAAA;IAC7B,kCAAsB,CAAA;IACtB,gDAAoC,CAAA;IACpC,iEAAqD,CAAA;IACrD,gDAAoC,CAAA;IACpC,mDAAuC,CAAA;IACvC,sDAA0C,CAAA;IAC1C,yDAA6C,CAAA;IAC7C,sCAA0B,CAAA;IAC1B,iDAAqC,CAAA;IACrC,wCAA4B,CAAA;AAC9B,CAAC,EA5CW,QAAQ,wBAAR,QAAQ,QA4CnB"}
|
package/src/models/index.d.ts
CHANGED
package/src/models/index.js
CHANGED
|
@@ -2,9 +2,7 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
3
|
const tslib_1 = require("tslib");
|
|
4
4
|
tslib_1.__exportStar(require("./AttackParamLocation"), exports);
|
|
5
|
-
tslib_1.__exportStar(require("./Discovery"), exports);
|
|
6
5
|
tslib_1.__exportStar(require("./Severity"), exports);
|
|
7
|
-
tslib_1.__exportStar(require("./Module"), exports);
|
|
8
6
|
tslib_1.__exportStar(require("./ScanStatus"), exports);
|
|
9
7
|
tslib_1.__exportStar(require("./TestType"), exports);
|
|
10
8
|
tslib_1.__exportStar(require("./Issue"), exports);
|
package/src/models/index.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../packages/scan/src/models/index.ts"],"names":[],"mappings":";;;AAAA,gEAAsC;AACtC,
|
|
1
|
+
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../packages/scan/src/models/index.ts"],"names":[],"mappings":";;;AAAA,gEAAsC;AACtC,qDAA2B;AAC3B,uDAA6B;AAC7B,qDAA2B;AAC3B,kDAAwB;AACxB,uDAA6B;AAC7B,sDAA4B;AAC5B,uDAA6B;AAC7B,uDAA6B"}
|
package/src/register.js
CHANGED
|
@@ -3,9 +3,12 @@ Object.defineProperty(exports, "__esModule", { value: true });
|
|
|
3
3
|
const Scans_1 = require("./Scans");
|
|
4
4
|
const DefaultScans_1 = require("./DefaultScans");
|
|
5
5
|
const ScanFactory_1 = require("./ScanFactory");
|
|
6
|
+
const DefaultDiscoveries_1 = require("./DefaultDiscoveries");
|
|
7
|
+
const Discoveries_1 = require("./Discoveries");
|
|
6
8
|
const tsyringe_1 = require("tsyringe");
|
|
7
9
|
const core_1 = require("@sectester/core");
|
|
8
10
|
tsyringe_1.container.register(Scans_1.Scans, { useClass: DefaultScans_1.DefaultScans });
|
|
11
|
+
tsyringe_1.container.register(Discoveries_1.Discoveries, { useClass: DefaultDiscoveries_1.DefaultDiscoveries });
|
|
9
12
|
tsyringe_1.container.register(ScanFactory_1.ScanFactory, {
|
|
10
13
|
useFactory(childContainer) {
|
|
11
14
|
return new ScanFactory_1.ScanFactory(childContainer.resolve(core_1.Configuration));
|
package/src/register.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"register.js","sourceRoot":"","sources":["../../../../packages/scan/src/register.ts"],"names":[],"mappings":";;AAAA,mCAAgC;AAChC,iDAA8C;AAC9C,+CAA4C;AAC5C,uCAA0D;AAC1D,0CAAgD;AAEhD,oBAAS,CAAC,QAAQ,CAAC,aAAK,EAAE,EAAE,QAAQ,EAAE,2BAAY,EAAE,CAAC,CAAC;
|
|
1
|
+
{"version":3,"file":"register.js","sourceRoot":"","sources":["../../../../packages/scan/src/register.ts"],"names":[],"mappings":";;AAAA,mCAAgC;AAChC,iDAA8C;AAC9C,+CAA4C;AAC5C,6DAA0D;AAC1D,+CAA4C;AAC5C,uCAA0D;AAC1D,0CAAgD;AAEhD,oBAAS,CAAC,QAAQ,CAAC,aAAK,EAAE,EAAE,QAAQ,EAAE,2BAAY,EAAE,CAAC,CAAC;AACtD,oBAAS,CAAC,QAAQ,CAAC,yBAAW,EAAE,EAAE,QAAQ,EAAE,uCAAkB,EAAE,CAAC,CAAC;AAElE,oBAAS,CAAC,QAAQ,CAAC,yBAAW,EAAE;IAC9B,UAAU,CAAC,cAAmC;QAC5C,OAAO,IAAI,yBAAW,CAAC,cAAc,CAAC,OAAO,CAAC,oBAAa,CAAC,CAAC,CAAC;IAChE,CAAC;CACF,CAAC,CAAC"}
|
|
@@ -1,17 +0,0 @@
|
|
|
1
|
-
import { ScanConfig } from '../models';
|
|
2
|
-
import { HttpRequest } from '@sectester/core';
|
|
3
|
-
export type CreateScanPayload = ScanConfig & {
|
|
4
|
-
info: {
|
|
5
|
-
source: 'utlib';
|
|
6
|
-
client: {
|
|
7
|
-
name: string;
|
|
8
|
-
version: string;
|
|
9
|
-
};
|
|
10
|
-
provider: string | null;
|
|
11
|
-
};
|
|
12
|
-
};
|
|
13
|
-
export declare class CreateScan extends HttpRequest<CreateScanPayload, {
|
|
14
|
-
id: string;
|
|
15
|
-
}> {
|
|
16
|
-
constructor(payload: CreateScanPayload);
|
|
17
|
-
}
|
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.CreateScan = void 0;
|
|
4
|
-
const core_1 = require("@sectester/core");
|
|
5
|
-
class CreateScan extends core_1.HttpRequest {
|
|
6
|
-
constructor(payload) {
|
|
7
|
-
super({
|
|
8
|
-
payload,
|
|
9
|
-
url: '/api/v1/scans',
|
|
10
|
-
method: 'POST'
|
|
11
|
-
});
|
|
12
|
-
}
|
|
13
|
-
}
|
|
14
|
-
exports.CreateScan = CreateScan;
|
|
15
|
-
//# sourceMappingURL=CreateScan.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"CreateScan.js","sourceRoot":"","sources":["../../../../../packages/scan/src/commands/CreateScan.ts"],"names":[],"mappings":";;;AACA,0CAA8C;AAU9C,MAAa,UAAW,SAAQ,kBAA8C;IAC5E,YAAY,OAA0B;QACpC,KAAK,CAAC;YACJ,OAAO;YACP,GAAG,EAAE,eAAe;YACpB,MAAM,EAAE,MAAM;SACf,CAAC,CAAC;IACL,CAAC;CACF;AARD,gCAQC"}
|
|
@@ -1,16 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.DeleteScan = void 0;
|
|
4
|
-
const core_1 = require("@sectester/core");
|
|
5
|
-
class DeleteScan extends core_1.HttpRequest {
|
|
6
|
-
constructor(id) {
|
|
7
|
-
super({
|
|
8
|
-
method: 'DELETE',
|
|
9
|
-
url: `/api/v1/scans/${id}`,
|
|
10
|
-
payload: undefined,
|
|
11
|
-
expectReply: false
|
|
12
|
-
});
|
|
13
|
-
}
|
|
14
|
-
}
|
|
15
|
-
exports.DeleteScan = DeleteScan;
|
|
16
|
-
//# sourceMappingURL=DeleteScan.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"DeleteScan.js","sourceRoot":"","sources":["../../../../../packages/scan/src/commands/DeleteScan.ts"],"names":[],"mappings":";;;AAAA,0CAA8C;AAE9C,MAAa,UAAW,SAAQ,kBAAW;IACzC,YAAY,EAAU;QACpB,KAAK,CAAC;YACJ,MAAM,EAAE,QAAQ;YAChB,GAAG,EAAE,iBAAiB,EAAE,EAAE;YAC1B,OAAO,EAAE,SAAS;YAClB,WAAW,EAAE,KAAK;SACnB,CAAC,CAAC;IACL,CAAC;CACF;AATD,gCASC"}
|
package/src/commands/GetScan.js
DELETED
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.GetScan = void 0;
|
|
4
|
-
const core_1 = require("@sectester/core");
|
|
5
|
-
class GetScan extends core_1.HttpRequest {
|
|
6
|
-
constructor(id) {
|
|
7
|
-
super({
|
|
8
|
-
url: `/api/v1/scans/${id}`,
|
|
9
|
-
payload: undefined
|
|
10
|
-
});
|
|
11
|
-
}
|
|
12
|
-
}
|
|
13
|
-
exports.GetScan = GetScan;
|
|
14
|
-
//# sourceMappingURL=GetScan.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"GetScan.js","sourceRoot":"","sources":["../../../../../packages/scan/src/commands/GetScan.ts"],"names":[],"mappings":";;;AACA,0CAA8C;AAE9C,MAAa,OAAQ,SAAQ,kBAAiC;IAC5D,YAAY,EAAU;QACpB,KAAK,CAAC;YACJ,GAAG,EAAE,iBAAiB,EAAE,EAAE;YAC1B,OAAO,EAAE,SAAS;SACnB,CAAC,CAAC;IACL,CAAC;CACF;AAPD,0BAOC"}
|
|
@@ -1,14 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.ListIssues = void 0;
|
|
4
|
-
const core_1 = require("@sectester/core");
|
|
5
|
-
class ListIssues extends core_1.HttpRequest {
|
|
6
|
-
constructor(id) {
|
|
7
|
-
super({
|
|
8
|
-
url: `/api/v1/scans/${id}/issues`,
|
|
9
|
-
payload: undefined
|
|
10
|
-
});
|
|
11
|
-
}
|
|
12
|
-
}
|
|
13
|
-
exports.ListIssues = ListIssues;
|
|
14
|
-
//# sourceMappingURL=ListIssues.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"ListIssues.js","sourceRoot":"","sources":["../../../../../packages/scan/src/commands/ListIssues.ts"],"names":[],"mappings":";;;AACA,0CAA8C;AAE9C,MAAa,UAAW,SAAQ,kBAA6C;IAC3E,YAAY,EAAU;QACpB,KAAK,CAAC;YACJ,GAAG,EAAE,iBAAiB,EAAE,SAAS;YACjC,OAAO,EAAE,SAAS;SACnB,CAAC,CAAC;IACL,CAAC;CACF;AAPD,gCAOC"}
|
package/src/commands/StopScan.js
DELETED
|
@@ -1,15 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.StopScan = void 0;
|
|
4
|
-
const core_1 = require("@sectester/core");
|
|
5
|
-
class StopScan extends core_1.HttpRequest {
|
|
6
|
-
constructor(id) {
|
|
7
|
-
super({
|
|
8
|
-
url: `/api/v1/scans/${id}/stop`,
|
|
9
|
-
payload: undefined,
|
|
10
|
-
expectReply: false
|
|
11
|
-
});
|
|
12
|
-
}
|
|
13
|
-
}
|
|
14
|
-
exports.StopScan = StopScan;
|
|
15
|
-
//# sourceMappingURL=StopScan.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"StopScan.js","sourceRoot":"","sources":["../../../../../packages/scan/src/commands/StopScan.ts"],"names":[],"mappings":";;;AAAA,0CAA8C;AAE9C,MAAa,QAAS,SAAQ,kBAAW;IACvC,YAAY,EAAU;QACpB,KAAK,CAAC;YACJ,GAAG,EAAE,iBAAiB,EAAE,OAAO;YAC/B,OAAO,EAAE,SAAS;YAClB,WAAW,EAAE,KAAK;SACnB,CAAC,CAAC;IACL,CAAC;CACF;AARD,4BAQC"}
|
|
@@ -1,8 +0,0 @@
|
|
|
1
|
-
import { UploadHarOptions } from '../Scans';
|
|
2
|
-
import FormData from 'form-data';
|
|
3
|
-
import { HttpRequest } from '@sectester/core';
|
|
4
|
-
export declare class UploadHar extends HttpRequest<FormData, {
|
|
5
|
-
id: string;
|
|
6
|
-
}> {
|
|
7
|
-
constructor({ filename, har, discard }: UploadHarOptions);
|
|
8
|
-
}
|
|
@@ -1,24 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.UploadHar = void 0;
|
|
4
|
-
const tslib_1 = require("tslib");
|
|
5
|
-
// eslint-disable-next-line @typescript-eslint/naming-convention
|
|
6
|
-
const form_data_1 = tslib_1.__importDefault(require("form-data"));
|
|
7
|
-
const core_1 = require("@sectester/core");
|
|
8
|
-
class UploadHar extends core_1.HttpRequest {
|
|
9
|
-
constructor({ filename, har, discard = false }) {
|
|
10
|
-
const payload = new form_data_1.default();
|
|
11
|
-
payload.append('file', JSON.stringify(har), {
|
|
12
|
-
filename,
|
|
13
|
-
contentType: 'application/json'
|
|
14
|
-
});
|
|
15
|
-
super({
|
|
16
|
-
payload,
|
|
17
|
-
method: 'POST',
|
|
18
|
-
url: '/api/v1/files',
|
|
19
|
-
params: { discard }
|
|
20
|
-
});
|
|
21
|
-
}
|
|
22
|
-
}
|
|
23
|
-
exports.UploadHar = UploadHar;
|
|
24
|
-
//# sourceMappingURL=UploadHar.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"UploadHar.js","sourceRoot":"","sources":["../../../../../packages/scan/src/commands/UploadHar.ts"],"names":[],"mappings":";;;;AACA,gEAAgE;AAChE,kEAAiC;AACjC,0CAA8C;AAE9C,MAAa,SAAU,SAAQ,kBAAqC;IAClE,YAAY,EAAE,QAAQ,EAAE,GAAG,EAAE,OAAO,GAAG,KAAK,EAAoB;QAC9D,MAAM,OAAO,GAAG,IAAI,mBAAQ,EAAE,CAAC;QAC/B,OAAO,CAAC,MAAM,CAAC,MAAM,EAAE,IAAI,CAAC,SAAS,CAAC,GAAG,CAAC,EAAE;YAC1C,QAAQ;YACR,WAAW,EAAE,kBAAkB;SAChC,CAAC,CAAC;QAEH,KAAK,CAAC;YACJ,OAAO;YACP,MAAM,EAAE,MAAM;YACd,GAAG,EAAE,eAAe;YACpB,MAAM,EAAE,EAAE,OAAO,EAAE;SACpB,CAAC,CAAC;IACL,CAAC;CACF;AAfD,8BAeC"}
|
package/src/commands/index.d.ts
DELETED
package/src/commands/index.js
DELETED
|
@@ -1,10 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
const tslib_1 = require("tslib");
|
|
4
|
-
tslib_1.__exportStar(require("./CreateScan"), exports);
|
|
5
|
-
tslib_1.__exportStar(require("./GetScan"), exports);
|
|
6
|
-
tslib_1.__exportStar(require("./DeleteScan"), exports);
|
|
7
|
-
tslib_1.__exportStar(require("./ListIssues"), exports);
|
|
8
|
-
tslib_1.__exportStar(require("./StopScan"), exports);
|
|
9
|
-
tslib_1.__exportStar(require("./UploadHar"), exports);
|
|
10
|
-
//# sourceMappingURL=index.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"index.js","sourceRoot":"","sources":["../../../../../packages/scan/src/commands/index.ts"],"names":[],"mappings":";;;AAAA,uDAA6B;AAC7B,oDAA0B;AAC1B,uDAA6B;AAC7B,uDAA6B;AAC7B,qDAA2B;AAC3B,sDAA4B"}
|
package/src/models/Discovery.js
DELETED
|
@@ -1,10 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.Discovery = void 0;
|
|
4
|
-
var Discovery;
|
|
5
|
-
(function (Discovery) {
|
|
6
|
-
Discovery["CRAWLER"] = "crawler";
|
|
7
|
-
Discovery["ARCHIVE"] = "archive";
|
|
8
|
-
Discovery["OAS"] = "oas";
|
|
9
|
-
})(Discovery || (exports.Discovery = Discovery = {}));
|
|
10
|
-
//# sourceMappingURL=Discovery.js.map
|
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"Discovery.js","sourceRoot":"","sources":["../../../../../packages/scan/src/models/Discovery.ts"],"names":[],"mappings":";;;AAAA,IAAY,SAIX;AAJD,WAAY,SAAS;IACnB,gCAAmB,CAAA;IACnB,gCAAmB,CAAA;IACnB,wBAAW,CAAA;AACb,CAAC,EAJW,SAAS,yBAAT,SAAS,QAIpB"}
|
package/src/models/Module.d.ts
DELETED
package/src/models/Module.js
DELETED
|
@@ -1,9 +0,0 @@
|
|
|
1
|
-
"use strict";
|
|
2
|
-
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
|
-
exports.Module = void 0;
|
|
4
|
-
var Module;
|
|
5
|
-
(function (Module) {
|
|
6
|
-
Module["DAST"] = "dast";
|
|
7
|
-
Module["FUZZER"] = "fuzzer";
|
|
8
|
-
})(Module || (exports.Module = Module = {}));
|
|
9
|
-
//# sourceMappingURL=Module.js.map
|
package/src/models/Module.js.map
DELETED
|
@@ -1 +0,0 @@
|
|
|
1
|
-
{"version":3,"file":"Module.js","sourceRoot":"","sources":["../../../../../packages/scan/src/models/Module.ts"],"names":[],"mappings":";;;AAAA,IAAY,MAGX;AAHD,WAAY,MAAM;IAChB,uBAAa,CAAA;IACb,2BAAiB,CAAA;AACnB,CAAC,EAHW,MAAM,sBAAN,MAAM,QAGjB"}
|