@sectester/scan 0.41.1 → 0.43.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +3 -2
- package/package.json +1 -1
- package/src/DefaultDiscoveries.d.ts +3 -0
- package/src/DefaultDiscoveries.js +53 -24
- package/src/DefaultDiscoveries.js.map +1 -1
- package/src/ScanFactory.js +2 -1
- package/src/ScanFactory.js.map +1 -1
- package/src/ScanSettings.d.ts +7 -1
- package/src/ScanSettings.js +13 -1
- package/src/ScanSettings.js.map +1 -1
- package/src/models/ScanConfig.d.ts +1 -2
package/README.md
CHANGED
|
@@ -57,8 +57,9 @@ Below you will find a list of parameters that can be used to configure a `Scan`:
|
|
|
57
57
|
| `repeaterId` | Connects the scan to a Repeater agent, which provides secure access to local networks. |
|
|
58
58
|
| `smart` | Minimize scan time by using automatic smart decisions regarding parameter skipping, detection phases, etc. Enabled by default. |
|
|
59
59
|
| `skipStaticParams` | Use an advanced algorithm to automatically determine if a parameter has any effect on the target system's behavior when changed, and skip testing such static parameters. Enabled by default. |
|
|
60
|
-
| `poolSize` | Sets the maximum concurrent requests for the scan, to control the load on your server. By default, `
|
|
61
|
-
| `
|
|
60
|
+
| `poolSize` | Sets the maximum concurrent requests for the scan, to control the load on your server. By default, `50`. |
|
|
61
|
+
| `requestsRateLimit` | Controls the rate limit for requests during the scan. By default, `0` (automatic rate limiting). Maximum value is `1000`. |
|
|
62
|
+
| `attackParamLocations` | Defines which part of the request to attack. By default, automatically detected based on the target (includes `body`, `query`, and `fragment` when applicable). |
|
|
62
63
|
| `name` | The scan name. The method and pathname by default, e.g. `GET /users/1`. |
|
|
63
64
|
|
|
64
65
|
### Defining a target for attack
|
package/package.json
CHANGED
|
@@ -4,8 +4,11 @@ import { ApiClient, Configuration } from '@sectester/core';
|
|
|
4
4
|
export declare class DefaultDiscoveries implements Discoveries {
|
|
5
5
|
private readonly configuration;
|
|
6
6
|
private readonly client;
|
|
7
|
+
private static readonly REQUEST_TIMEOUT;
|
|
7
8
|
constructor(configuration: Configuration, client: ApiClient);
|
|
8
9
|
createEntrypoint(target: Target, repeaterId: string): Promise<{
|
|
9
10
|
id: string;
|
|
10
11
|
}>;
|
|
12
|
+
private isConflictError;
|
|
13
|
+
private handleConflictError;
|
|
11
14
|
}
|
|
@@ -1,43 +1,72 @@
|
|
|
1
1
|
"use strict";
|
|
2
|
+
var DefaultDiscoveries_1;
|
|
2
3
|
Object.defineProperty(exports, "__esModule", { value: true });
|
|
3
4
|
exports.DefaultDiscoveries = void 0;
|
|
4
5
|
const tslib_1 = require("tslib");
|
|
5
6
|
const tsyringe_1 = require("tsyringe");
|
|
6
7
|
const core_1 = require("@sectester/core");
|
|
7
|
-
let DefaultDiscoveries = class DefaultDiscoveries {
|
|
8
|
+
let DefaultDiscoveries = DefaultDiscoveries_1 = class DefaultDiscoveries {
|
|
8
9
|
constructor(configuration, client) {
|
|
9
10
|
this.configuration = configuration;
|
|
10
11
|
this.client = client;
|
|
11
12
|
}
|
|
12
13
|
async createEntrypoint(target, repeaterId) {
|
|
13
|
-
|
|
14
|
-
|
|
15
|
-
|
|
16
|
-
|
|
17
|
-
|
|
18
|
-
|
|
19
|
-
|
|
20
|
-
|
|
21
|
-
method: target.method,
|
|
22
|
-
url: target.url,
|
|
23
|
-
headers: target.headers,
|
|
24
|
-
body: await target.text()
|
|
25
|
-
}
|
|
26
|
-
}),
|
|
27
|
-
headers: {
|
|
28
|
-
'content-type': 'application/json'
|
|
14
|
+
const payload = {
|
|
15
|
+
repeaterId,
|
|
16
|
+
authObjectId: target.auth,
|
|
17
|
+
request: {
|
|
18
|
+
method: target.method,
|
|
19
|
+
url: target.url,
|
|
20
|
+
headers: target.headers,
|
|
21
|
+
body: await target.text()
|
|
29
22
|
}
|
|
30
|
-
}
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
23
|
+
};
|
|
24
|
+
const requestOptions = {
|
|
25
|
+
signal: AbortSignal.timeout(DefaultDiscoveries_1.REQUEST_TIMEOUT),
|
|
26
|
+
body: JSON.stringify(payload),
|
|
27
|
+
headers: { 'content-type': 'application/json' }
|
|
28
|
+
};
|
|
29
|
+
try {
|
|
30
|
+
const response = await this.client.request(`/api/v2/projects/${this.configuration.projectId}/entry-points`, { ...requestOptions, handle409Redirects: false, method: 'POST' });
|
|
31
|
+
const data = (await response.json());
|
|
32
|
+
return data;
|
|
33
|
+
}
|
|
34
|
+
catch (error) {
|
|
35
|
+
if (this.isConflictError(error)) {
|
|
36
|
+
return this.handleConflictError(error, requestOptions);
|
|
37
|
+
}
|
|
38
|
+
throw error;
|
|
39
|
+
}
|
|
40
|
+
}
|
|
41
|
+
isConflictError(error) {
|
|
42
|
+
if (!(error instanceof core_1.ApiError) || error.response.status !== 409) {
|
|
43
|
+
return false;
|
|
44
|
+
}
|
|
45
|
+
const location = error.response.headers.get('location');
|
|
46
|
+
return !!location && location.trim() !== '';
|
|
47
|
+
}
|
|
48
|
+
async handleConflictError(error, requestOptions) {
|
|
49
|
+
const location = error.response.headers.get('location');
|
|
50
|
+
try {
|
|
51
|
+
await this.client.request(location, {
|
|
52
|
+
...requestOptions,
|
|
53
|
+
method: 'PUT'
|
|
54
|
+
});
|
|
55
|
+
const response = await this.client.request(location);
|
|
56
|
+
const data = (await response.json());
|
|
57
|
+
return data;
|
|
58
|
+
}
|
|
59
|
+
catch (putError) {
|
|
60
|
+
if (putError instanceof core_1.ApiError) {
|
|
61
|
+
throw new Error(`Failed to update existing entrypoint at ${location}: ${putError.message}`);
|
|
62
|
+
}
|
|
63
|
+
throw putError;
|
|
34
64
|
}
|
|
35
|
-
const data = (await response.json());
|
|
36
|
-
return data;
|
|
37
65
|
}
|
|
38
66
|
};
|
|
39
67
|
exports.DefaultDiscoveries = DefaultDiscoveries;
|
|
40
|
-
|
|
68
|
+
DefaultDiscoveries.REQUEST_TIMEOUT = 120000;
|
|
69
|
+
exports.DefaultDiscoveries = DefaultDiscoveries = DefaultDiscoveries_1 = tslib_1.__decorate([
|
|
41
70
|
(0, tsyringe_1.injectable)(),
|
|
42
71
|
tslib_1.__param(1, (0, tsyringe_1.inject)(core_1.ApiClient)),
|
|
43
72
|
tslib_1.__metadata("design:paramtypes", [core_1.Configuration, Object])
|
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"DefaultDiscoveries.js","sourceRoot":"","sources":["../../../../packages/scan/src/DefaultDiscoveries.ts"],"names":[],"mappings":"
|
|
1
|
+
{"version":3,"file":"DefaultDiscoveries.js","sourceRoot":"","sources":["../../../../packages/scan/src/DefaultDiscoveries.ts"],"names":[],"mappings":";;;;;AAEA,uCAA8C;AAC9C,0CAKyB;AAGlB,IAAM,kBAAkB,0BAAxB,MAAM,kBAAkB;IAG7B,YACmB,aAA4B,EAE5B,MAAiB;QAFjB,kBAAa,GAAb,aAAa,CAAe;QAE5B,WAAM,GAAN,MAAM,CAAW;IACjC,CAAC;IAEG,KAAK,CAAC,gBAAgB,CAC3B,MAAc,EACd,UAAkB;QAElB,MAAM,OAAO,GAAG;YACd,UAAU;YACV,YAAY,EAAE,MAAM,CAAC,IAAI;YACzB,OAAO,EAAE;gBACP,MAAM,EAAE,MAAM,CAAC,MAAM;gBACrB,GAAG,EAAE,MAAM,CAAC,GAAG;gBACf,OAAO,EAAE,MAAM,CAAC,OAAO;gBACvB,IAAI,EAAE,MAAM,MAAM,CAAC,IAAI,EAAE;aAC1B;SACF,CAAC;QAEF,MAAM,cAAc,GAAG;YACrB,MAAM,EAAE,WAAW,CAAC,OAAO,CAAC,oBAAkB,CAAC,eAAe,CAAC;YAC/D,IAAI,EAAE,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC;YAC7B,OAAO,EAAE,EAAE,cAAc,EAAE,kBAAkB,EAAE;SAChD,CAAC;QAEF,IAAI,CAAC;YACH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CACxC,oBAAoB,IAAI,CAAC,aAAa,CAAC,SAAS,eAAe,EAC/D,EAAE,GAAG,cAAc,EAAE,kBAAkB,EAAE,KAAK,EAAE,MAAM,EAAE,MAAM,EAAE,CACjE,CAAC;YAEF,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAmB,CAAC;YAEvD,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,KAAK,EAAE,CAAC;YACf,IAAI,IAAI,CAAC,eAAe,CAAC,KAAK,CAAC,EAAE,CAAC;gBAChC,OAAO,IAAI,CAAC,mBAAmB,CAAC,KAAK,EAAE,cAAc,CAAC,CAAC;YACzD,CAAC;YAED,MAAM,KAAK,CAAC;QACd,CAAC;IACH,CAAC;IAEO,eAAe,CAAC,KAAc;QACpC,IAAI,CAAC,CAAC,KAAK,YAAY,eAAQ,CAAC,IAAI,KAAK,CAAC,QAAQ,CAAC,MAAM,KAAK,GAAG,EAAE,CAAC;YAClE,OAAO,KAAK,CAAC;QACf,CAAC;QAED,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAC,CAAC;QAExD,OAAO,CAAC,CAAC,QAAQ,IAAI,QAAQ,CAAC,IAAI,EAAE,KAAK,EAAE,CAAC;IAC9C,CAAC;IAEO,KAAK,CAAC,mBAAmB,CAC/B,KAAe,EACf,cAA+B;QAE/B,MAAM,QAAQ,GAAG,KAAK,CAAC,QAAQ,CAAC,OAAO,CAAC,GAAG,CAAC,UAAU,CAAW,CAAC;QAElE,IAAI,CAAC;YACH,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,EAAE;gBAClC,GAAG,cAAc;gBACjB,MAAM,EAAE,KAAK;aACd,CAAC,CAAC;YAEH,MAAM,QAAQ,GAAG,MAAM,IAAI,CAAC,MAAM,CAAC,OAAO,CAAC,QAAQ,CAAC,CAAC;YACrD,MAAM,IAAI,GAAG,CAAC,MAAM,QAAQ,CAAC,IAAI,EAAE,CAAmB,CAAC;YAEvD,OAAO,IAAI,CAAC;QACd,CAAC;QAAC,OAAO,QAAQ,EAAE,CAAC;YAClB,IAAI,QAAQ,YAAY,eAAQ,EAAE,CAAC;gBACjC,MAAM,IAAI,KAAK,CACb,2CAA2C,QAAQ,KAAK,QAAQ,CAAC,OAAO,EAAE,CAC3E,CAAC;YACJ,CAAC;YACD,MAAM,QAAQ,CAAC;QACjB,CAAC;IACH,CAAC;;AAlFU,gDAAkB;AACL,kCAAe,GAAG,MAAO,AAAV,CAAW;6BADvC,kBAAkB;IAD9B,IAAA,qBAAU,GAAE;IAMR,mBAAA,IAAA,iBAAM,EAAC,gBAAS,CAAC,CAAA;6CADc,oBAAa;GAJpC,kBAAkB,CAmF9B"}
|
package/src/ScanFactory.js
CHANGED
|
@@ -20,12 +20,13 @@ class ScanFactory {
|
|
|
20
20
|
const { id } = await this.scans.createScan(config);
|
|
21
21
|
return new Scan_1.Scan({ id, logger: this.logger, scans: this.scans, ...options });
|
|
22
22
|
}
|
|
23
|
-
async createScanConfig({ name, tests, target, repeaterId, smart, poolSize, skipStaticParams, attackParamLocations }) {
|
|
23
|
+
async createScanConfig({ name, tests, target, repeaterId, smart, poolSize, requestsRateLimit, skipStaticParams, attackParamLocations }) {
|
|
24
24
|
const { id: entrypointId } = await this.discoveries.createEntrypoint(new target_1.Target(target), repeaterId);
|
|
25
25
|
return {
|
|
26
26
|
name,
|
|
27
27
|
smart,
|
|
28
28
|
poolSize,
|
|
29
|
+
requestsRateLimit,
|
|
29
30
|
skipStaticParams,
|
|
30
31
|
projectId: this.configuration.projectId,
|
|
31
32
|
entryPointIds: [entrypointId],
|
package/src/ScanFactory.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ScanFactory.js","sourceRoot":"","sources":["../../../../packages/scan/src/ScanFactory.ts"],"names":[],"mappings":";;;AAAA,mCAAgC;AAChC,iCAA8B;AAE9B,iDAAmE;AACnE,qCAAkC;AAClC,+CAA4C;AAC5C,0CAAwD;AAGxD,MAAa,WAAW;IAMtB,YAA6B,aAA4B;QAA5B,kBAAa,GAAb,aAAa,CAAe;QACvD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,oBAAoB,EAAE,CAAC;QACrE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,aAAK,CAAC,CAAC;QAC3C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,yBAAW,CAAC,CAAC;QACvD,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,aAAM,CAAC,CAAC;IAC/C,CAAC;IAEM,KAAK,CAAC,UAAU,CACrB,QAA4C,EAC5C,UAGI,EAAE;QAEN,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,2BAAY,CAAC,QAAQ,CAAC,CAAC,CAAC;QACvE,MAAM,EAAE,EAAE,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAEnD,OAAO,IAAI,WAAI,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;IAC9E,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,EAC7B,IAAI,EACJ,KAAK,EACL,MAAM,EACN,UAAU,EACV,KAAK,EACL,QAAQ,EACR,gBAAgB,EAChB,oBAAoB,EACP;QACb,MAAM,EAAE,EAAE,EAAE,YAAY,EAAE,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAClE,IAAI,eAAM,CAAC,MAAM,CAAC,EAClB,UAAU,CACX,CAAC;QAEF,OAAO;YACL,IAAI;YACJ,KAAK;YACL,QAAQ;YACR,gBAAgB;YAChB,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,SAAS;YACvC,aAAa,EAAE,CAAC,YAAY,CAAC;YAC7B,oBAAoB,EAAE,CAAC,GAAG,oBAAoB,CAAC;YAC/C,KAAK,EAAE,CAAC,GAAG,KAAK,CAAC;YACjB,SAAS,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;SACjD,CAAC;IACJ,CAAC;CACF;
|
|
1
|
+
{"version":3,"file":"ScanFactory.js","sourceRoot":"","sources":["../../../../packages/scan/src/ScanFactory.ts"],"names":[],"mappings":";;;AAAA,mCAAgC;AAChC,iCAA8B;AAE9B,iDAAmE;AACnE,qCAAkC;AAClC,+CAA4C;AAC5C,0CAAwD;AAGxD,MAAa,WAAW;IAMtB,YAA6B,aAA4B;QAA5B,kBAAa,GAAb,aAAa,CAAe;QACvD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,oBAAoB,EAAE,CAAC;QACrE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,aAAK,CAAC,CAAC;QAC3C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,yBAAW,CAAC,CAAC;QACvD,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,aAAM,CAAC,CAAC;IAC/C,CAAC;IAEM,KAAK,CAAC,UAAU,CACrB,QAA4C,EAC5C,UAGI,EAAE;QAEN,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,2BAAY,CAAC,QAAQ,CAAC,CAAC,CAAC;QACvE,MAAM,EAAE,EAAE,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAEnD,OAAO,IAAI,WAAI,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;IAC9E,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,EAC7B,IAAI,EACJ,KAAK,EACL,MAAM,EACN,UAAU,EACV,KAAK,EACL,QAAQ,EACR,iBAAiB,EACjB,gBAAgB,EAChB,oBAAoB,EACP;QACb,MAAM,EAAE,EAAE,EAAE,YAAY,EAAE,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAClE,IAAI,eAAM,CAAC,MAAM,CAAC,EAClB,UAAU,CACX,CAAC;QAEF,OAAO;YACL,IAAI;YACJ,KAAK;YACL,QAAQ;YACR,iBAAiB;YACjB,gBAAgB;YAChB,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,SAAS;YACvC,aAAa,EAAE,CAAC,YAAY,CAAC;YAC7B,oBAAoB,EAAE,CAAC,GAAG,oBAAoB,CAAC;YAC/C,KAAK,EAAE,CAAC,GAAG,KAAK,CAAC;YACjB,SAAS,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;SACjD,CAAC;IACJ,CAAC;CACF;AAvDD,kCAuDC"}
|
package/src/ScanSettings.d.ts
CHANGED
|
@@ -7,6 +7,7 @@ export interface ScanSettingsOptions {
|
|
|
7
7
|
repeaterId?: string;
|
|
8
8
|
smart?: boolean;
|
|
9
9
|
poolSize?: number;
|
|
10
|
+
requestsRateLimit?: number;
|
|
10
11
|
skipStaticParams?: boolean;
|
|
11
12
|
attackParamLocations?: AttackParamLocation[];
|
|
12
13
|
}
|
|
@@ -29,13 +30,18 @@ export declare class ScanSettings implements ScanSettingsOptions {
|
|
|
29
30
|
private _poolSize;
|
|
30
31
|
get poolSize(): number;
|
|
31
32
|
private set poolSize(value);
|
|
33
|
+
private _requestsRateLimit;
|
|
34
|
+
get requestsRateLimit(): number;
|
|
35
|
+
private set requestsRateLimit(value);
|
|
32
36
|
private _tests;
|
|
33
37
|
get tests(): string[];
|
|
34
38
|
private set tests(value);
|
|
35
39
|
private _attackParamLocations;
|
|
36
40
|
get attackParamLocations(): AttackParamLocation[];
|
|
37
41
|
private set attackParamLocations(value);
|
|
38
|
-
constructor({ name, tests, target, repeaterId, smart,
|
|
42
|
+
constructor({ name, tests, target, repeaterId, smart, requestsRateLimit, // automatic rate limiting
|
|
43
|
+
poolSize, // up to 2x more than default pool size
|
|
44
|
+
skipStaticParams, attackParamLocations }: ScanSettingsOptions);
|
|
39
45
|
private resolveAttackParamLocations;
|
|
40
46
|
private detectAttackParamLocations;
|
|
41
47
|
}
|
package/src/ScanSettings.js
CHANGED
|
@@ -47,6 +47,15 @@ class ScanSettings {
|
|
|
47
47
|
}
|
|
48
48
|
this._poolSize = value;
|
|
49
49
|
}
|
|
50
|
+
get requestsRateLimit() {
|
|
51
|
+
return this._requestsRateLimit;
|
|
52
|
+
}
|
|
53
|
+
set requestsRateLimit(value) {
|
|
54
|
+
if (!(0, core_1.checkBoundaries)(value, { min: 0, max: 1000 })) {
|
|
55
|
+
throw new Error('Invalid requests rate limit.');
|
|
56
|
+
}
|
|
57
|
+
this._requestsRateLimit = value;
|
|
58
|
+
}
|
|
50
59
|
get tests() {
|
|
51
60
|
return this._tests;
|
|
52
61
|
}
|
|
@@ -66,11 +75,14 @@ class ScanSettings {
|
|
|
66
75
|
}
|
|
67
76
|
this._attackParamLocations = this.resolveAttackParamLocations(value);
|
|
68
77
|
}
|
|
69
|
-
constructor({ name, tests, target, repeaterId, smart = true,
|
|
78
|
+
constructor({ name, tests, target, repeaterId, smart = true, requestsRateLimit = 0, // automatic rate limiting
|
|
79
|
+
poolSize = 50, // up to 2x more than default pool size
|
|
80
|
+
skipStaticParams = true, attackParamLocations = [] }) {
|
|
70
81
|
this.target = target;
|
|
71
82
|
const { method, parsedURL } = this.target;
|
|
72
83
|
this.name = name || (0, core_1.truncate)(`${method} ${parsedURL.pathname}`, 200);
|
|
73
84
|
this.poolSize = poolSize;
|
|
85
|
+
this.requestsRateLimit = requestsRateLimit;
|
|
74
86
|
this.repeaterId = repeaterId;
|
|
75
87
|
this.skipStaticParams = skipStaticParams;
|
|
76
88
|
this.smart = smart;
|
package/src/ScanSettings.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ScanSettings.js","sourceRoot":"","sources":["../../../../packages/scan/src/ScanSettings.ts"],"names":[],"mappings":";;;AAAA,qCAA2D;AAC3D,qCAAiD;AACjD,0CAAsE;
|
|
1
|
+
{"version":3,"file":"ScanSettings.js","sourceRoot":"","sources":["../../../../packages/scan/src/ScanSettings.ts"],"names":[],"mappings":";;;AAAA,qCAA2D;AAC3D,qCAAiD;AACjD,0CAAsE;AAuBtE,MAAa,YAAY;IAGvB,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,IAAY,IAAI,CAAC,KAAa;QAC5B,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAID,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,IAAY,UAAU,CAAC,KAAK;QAC1B,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;IAC3B,CAAC;IAID,IAAI,gBAAgB;QAClB,OAAO,IAAI,CAAC,iBAAiB,CAAC;IAChC,CAAC;IAED,IAAY,gBAAgB,CAAC,KAAc;QACzC,IAAI,CAAC,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC;IACnC,CAAC;IAID,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,IAAI,KAAK,CAAC,KAAc;QACtB,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC;IACxB,CAAC;IAID,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,IAAY,MAAM,CAAC,KAA6B;QAC9C,IAAI,CAAC,OAAO,GAAG,IAAI,eAAM,CAAC,KAAK,CAAC,CAAC;IACnC,CAAC;IAID,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,IAAY,QAAQ,CAAC,KAAa;QAChC,IAAI,CAAC,IAAA,sBAAe,EAAC,KAAK,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACxC,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC;IACzB,CAAC;IAID,IAAI,iBAAiB;QACnB,OAAO,IAAI,CAAC,kBAAkB,CAAC;IACjC,CAAC;IAED,IAAY,iBAAiB,CAAC,KAAa;QACzC,IAAI,CAAC,IAAA,sBAAe,EAAC,KAAK,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QAED,IAAI,CAAC,kBAAkB,GAAG,KAAK,CAAC;IAClC,CAAC;IAID,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,IAAY,KAAK,CAAC,KAAe;QAC/B,MAAM,eAAe,GAAG,IAAI,GAAG,CAAS,KAAK,CAAC,CAAC;QAE/C,IAAI,eAAe,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACvD,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,CAAC,GAAG,eAAe,CAAC,CAAC;IACrC,CAAC;IAID,IAAI,oBAAoB;QACtB,OAAO,IAAI,CAAC,qBAAqB,CAAC;IACpC,CAAC;IAED,IAAY,oBAAoB,CAAC,KAA4B;QAC3D,IAAI,CAAC,IAAA,eAAQ,EAAC,4BAAmB,EAAE,KAAK,CAAC,EAAE,CAAC;YAC1C,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,CAAC,qBAAqB,GAAG,IAAI,CAAC,2BAA2B,CAAC,KAAK,CAAC,CAAC;IACvE,CAAC;IAED,YAAY,EACV,IAAI,EACJ,KAAK,EACL,MAAM,EACN,UAAU,EACV,KAAK,GAAG,IAAI,EACZ,iBAAiB,GAAG,CAAC,EAAE,0BAA0B;IACjD,QAAQ,GAAG,EAAE,EAAE,uCAAuC;IACtD,gBAAgB,GAAG,IAAI,EACvB,oBAAoB,GAAG,EAAE,EACL;QACpB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC;QAC1C,IAAI,CAAC,IAAI,GAAG,IAAI,IAAI,IAAA,eAAQ,EAAC,GAAG,MAAM,IAAI,SAAS,CAAC,QAAQ,EAAE,EAAE,GAAG,CAAC,CAAC;QACrE,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;QAC3C,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;QACzC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,oBAAoB,GAAG,oBAAoB,CAAC;IACnD,CAAC;IAEO,2BAA2B,CACjC,iBAAwC;QAExC,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC;QACzC,CAAC;QAED,MAAM,iBAAiB,GAAG,IAAI,CAAC,0BAA0B,EAAE,CAAC;QAE5D,yCAAyC;QACzC,OAAO,iBAAiB,CAAC,MAAM,GAAG,CAAC;YACjC,CAAC,CAAC,iBAAiB;YACnB,CAAC,CAAC;gBACE,4BAAmB,CAAC,IAAI;gBACxB,4BAAmB,CAAC,KAAK;gBACzB,4BAAmB,CAAC,QAAQ;aAC7B,CAAC;IACR,CAAC;IAEO,0BAA0B;QAChC,MAAM,SAAS,GAA0B,EAAE,CAAC;QAE5C,MAAM,OAAO,GACX,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS;YAC9B,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,mBAAU,CAAC,GAAG;YACrC,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,mBAAU,CAAC,IAAI,CAAC;QAEzC,IAAI,OAAO,EAAE,CAAC;YACZ,SAAS,CAAC,IAAI,CAAC,4BAAmB,CAAC,IAAI,CAAC,CAAC;QAC3C,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACtB,SAAS,CAAC,IAAI,CAAC,4BAAmB,CAAC,KAAK,CAAC,CAAC;QAC5C,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACzB,SAAS,CAAC,IAAI,CAAC,4BAAmB,CAAC,QAAQ,CAAC,CAAC;QAC/C,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;CACF;AAhLD,oCAgLC"}
|
|
@@ -5,10 +5,9 @@ export interface ScanConfig {
|
|
|
5
5
|
entryPointIds: string[];
|
|
6
6
|
tests?: string[];
|
|
7
7
|
poolSize?: number;
|
|
8
|
+
requestsRateLimit?: number;
|
|
8
9
|
attackParamLocations?: AttackParamLocation[];
|
|
9
10
|
repeaters?: string[];
|
|
10
11
|
smart?: boolean;
|
|
11
12
|
skipStaticParams?: boolean;
|
|
12
|
-
slowEpTimeout?: number;
|
|
13
|
-
targetTimeout?: number;
|
|
14
13
|
}
|