@sectester/scan 0.44.0 → 0.46.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +8 -0
- package/package.json +1 -1
- package/src/ScanFactory.js +2 -1
- package/src/ScanFactory.js.map +1 -1
- package/src/ScanSettings.d.ts +9 -1
- package/src/ScanSettings.js +8 -1
- package/src/ScanSettings.js.map +1 -1
- package/src/models/Issue.d.ts +1 -0
- package/src/models/ScanConfig.d.ts +1 -0
package/README.md
CHANGED
|
@@ -267,6 +267,14 @@ const issues = await scan.issues();
|
|
|
267
267
|
|
|
268
268
|
> It returns control as soon as a scan is done, timeout is gone, or an expectation is satisfied.
|
|
269
269
|
|
|
270
|
+
The `expect` method accepts an optional second parameter with options:
|
|
271
|
+
|
|
272
|
+
```ts
|
|
273
|
+
await scan.expect(Severity.HIGH, { failFast: false });
|
|
274
|
+
```
|
|
275
|
+
|
|
276
|
+
When `failFast` is set to `false`, the scan will continue running even if issues meeting the threshold are found, collecting all issues before completing. By default, `failFast` is `true`, which means the scan will stop as soon as an issue matching the specified severity threshold is detected.
|
|
277
|
+
|
|
270
278
|
You can also define a custom expectation passing a function that accepts an instance of `Scan` as follows:
|
|
271
279
|
|
|
272
280
|
```ts
|
package/package.json
CHANGED
package/src/ScanFactory.js
CHANGED
|
@@ -20,7 +20,7 @@ class ScanFactory {
|
|
|
20
20
|
const { id } = await this.scans.createScan(config);
|
|
21
21
|
return new Scan_1.Scan({ id, logger: this.logger, scans: this.scans, ...options });
|
|
22
22
|
}
|
|
23
|
-
async createScanConfig({ name, tests, target, repeaterId, smart, poolSize, requestsRateLimit, skipStaticParams, attackParamLocations }) {
|
|
23
|
+
async createScanConfig({ name, tests, target, repeaterId, smart, poolSize, requestsRateLimit, skipStaticParams, attackParamLocations, starMetadata }) {
|
|
24
24
|
const { id: entrypointId } = await this.discoveries.createEntrypoint(new target_1.Target(target), repeaterId);
|
|
25
25
|
return {
|
|
26
26
|
name,
|
|
@@ -28,6 +28,7 @@ class ScanFactory {
|
|
|
28
28
|
poolSize,
|
|
29
29
|
requestsRateLimit,
|
|
30
30
|
skipStaticParams,
|
|
31
|
+
starMetadata,
|
|
31
32
|
projectId: this.configuration.projectId,
|
|
32
33
|
entryPointIds: [entrypointId],
|
|
33
34
|
attackParamLocations: [...attackParamLocations],
|
package/src/ScanFactory.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ScanFactory.js","sourceRoot":"","sources":["../../../../packages/scan/src/ScanFactory.ts"],"names":[],"mappings":";;;AAAA,mCAAgC;AAChC,iCAA8B;AAE9B,iDAAmE;AACnE,qCAAkC;AAClC,+CAA4C;AAC5C,0CAAwD;AAGxD,MAAa,WAAW;IAMtB,YAA6B,aAA4B;QAA5B,kBAAa,GAAb,aAAa,CAAe;QACvD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,oBAAoB,EAAE,CAAC;QACrE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,aAAK,CAAC,CAAC;QAC3C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,yBAAW,CAAC,CAAC;QACvD,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,aAAM,CAAC,CAAC;IAC/C,CAAC;IAEM,KAAK,CAAC,UAAU,CACrB,QAA4C,EAC5C,UAGI,EAAE;QAEN,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,2BAAY,CAAC,QAAQ,CAAC,CAAC,CAAC;QACvE,MAAM,EAAE,EAAE,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAEnD,OAAO,IAAI,WAAI,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;IAC9E,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,EAC7B,IAAI,EACJ,KAAK,EACL,MAAM,EACN,UAAU,EACV,KAAK,EACL,QAAQ,EACR,iBAAiB,EACjB,gBAAgB,EAChB,oBAAoB,
|
|
1
|
+
{"version":3,"file":"ScanFactory.js","sourceRoot":"","sources":["../../../../packages/scan/src/ScanFactory.ts"],"names":[],"mappings":";;;AAAA,mCAAgC;AAChC,iCAA8B;AAE9B,iDAAmE;AACnE,qCAAkC;AAClC,+CAA4C;AAC5C,0CAAwD;AAGxD,MAAa,WAAW;IAMtB,YAA6B,aAA4B;QAA5B,kBAAa,GAAb,aAAa,CAAe;QACvD,IAAI,CAAC,SAAS,GAAG,IAAI,CAAC,aAAa,CAAC,SAAS,CAAC,oBAAoB,EAAE,CAAC;QACrE,IAAI,CAAC,KAAK,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,aAAK,CAAC,CAAC;QAC3C,IAAI,CAAC,WAAW,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,yBAAW,CAAC,CAAC;QACvD,IAAI,CAAC,MAAM,GAAG,IAAI,CAAC,SAAS,CAAC,OAAO,CAAC,aAAM,CAAC,CAAC;IAC/C,CAAC;IAEM,KAAK,CAAC,UAAU,CACrB,QAA4C,EAC5C,UAGI,EAAE;QAEN,MAAM,MAAM,GAAG,MAAM,IAAI,CAAC,gBAAgB,CAAC,IAAI,2BAAY,CAAC,QAAQ,CAAC,CAAC,CAAC;QACvE,MAAM,EAAE,EAAE,EAAE,GAAG,MAAM,IAAI,CAAC,KAAK,CAAC,UAAU,CAAC,MAAM,CAAC,CAAC;QAEnD,OAAO,IAAI,WAAI,CAAC,EAAE,EAAE,EAAE,MAAM,EAAE,IAAI,CAAC,MAAM,EAAE,KAAK,EAAE,IAAI,CAAC,KAAK,EAAE,GAAG,OAAO,EAAE,CAAC,CAAC;IAC9E,CAAC;IAEO,KAAK,CAAC,gBAAgB,CAAC,EAC7B,IAAI,EACJ,KAAK,EACL,MAAM,EACN,UAAU,EACV,KAAK,EACL,QAAQ,EACR,iBAAiB,EACjB,gBAAgB,EAChB,oBAAoB,EACpB,YAAY,EACC;QACb,MAAM,EAAE,EAAE,EAAE,YAAY,EAAE,GAAG,MAAM,IAAI,CAAC,WAAW,CAAC,gBAAgB,CAClE,IAAI,eAAM,CAAC,MAAM,CAAC,EAClB,UAAU,CACX,CAAC;QAEF,OAAO;YACL,IAAI;YACJ,KAAK;YACL,QAAQ;YACR,iBAAiB;YACjB,gBAAgB;YAChB,YAAY;YACZ,SAAS,EAAE,IAAI,CAAC,aAAa,CAAC,SAAS;YACvC,aAAa,EAAE,CAAC,YAAY,CAAC;YAC7B,oBAAoB,EAAE,CAAC,GAAG,oBAAoB,CAAC;YAC/C,KAAK,EAAE,CAAC,GAAG,KAAK,CAAC;YACjB,SAAS,EAAE,UAAU,CAAC,CAAC,CAAC,CAAC,UAAU,CAAC,CAAC,CAAC,CAAC,SAAS;SACjD,CAAC;IACJ,CAAC;CACF;AAzDD,kCAyDC"}
|
package/src/ScanSettings.d.ts
CHANGED
|
@@ -10,8 +10,16 @@ export interface ScanSettingsOptions {
|
|
|
10
10
|
requestsRateLimit?: number;
|
|
11
11
|
skipStaticParams?: boolean;
|
|
12
12
|
attackParamLocations?: AttackParamLocation[];
|
|
13
|
+
/**
|
|
14
|
+
* Star metadata to be passed to the scan.
|
|
15
|
+
* @internal
|
|
16
|
+
*/
|
|
17
|
+
starMetadata?: Record<string, unknown>;
|
|
13
18
|
}
|
|
14
19
|
export declare class ScanSettings implements ScanSettingsOptions {
|
|
20
|
+
private _starMetadata?;
|
|
21
|
+
get starMetadata(): Record<string, unknown> | undefined;
|
|
22
|
+
private set starMetadata(value);
|
|
15
23
|
private _name;
|
|
16
24
|
get name(): string;
|
|
17
25
|
private set name(value);
|
|
@@ -39,7 +47,7 @@ export declare class ScanSettings implements ScanSettingsOptions {
|
|
|
39
47
|
private _attackParamLocations;
|
|
40
48
|
get attackParamLocations(): AttackParamLocation[];
|
|
41
49
|
private set attackParamLocations(value);
|
|
42
|
-
constructor({ name, tests, target, repeaterId, smart, requestsRateLimit, // automatic rate limiting
|
|
50
|
+
constructor({ name, tests, target, repeaterId, smart, starMetadata, requestsRateLimit, // automatic rate limiting
|
|
43
51
|
poolSize, // up to 2x more than default pool size
|
|
44
52
|
skipStaticParams, attackParamLocations }: ScanSettingsOptions);
|
|
45
53
|
private resolveAttackParamLocations;
|
package/src/ScanSettings.js
CHANGED
|
@@ -5,6 +5,12 @@ const models_1 = require("./models");
|
|
|
5
5
|
const target_1 = require("./target");
|
|
6
6
|
const core_1 = require("@sectester/core");
|
|
7
7
|
class ScanSettings {
|
|
8
|
+
get starMetadata() {
|
|
9
|
+
return this._starMetadata;
|
|
10
|
+
}
|
|
11
|
+
set starMetadata(value) {
|
|
12
|
+
this._starMetadata = value;
|
|
13
|
+
}
|
|
8
14
|
get name() {
|
|
9
15
|
return this._name;
|
|
10
16
|
}
|
|
@@ -75,7 +81,7 @@ class ScanSettings {
|
|
|
75
81
|
}
|
|
76
82
|
this._attackParamLocations = this.resolveAttackParamLocations(value);
|
|
77
83
|
}
|
|
78
|
-
constructor({ name, tests, target, repeaterId, smart = true, requestsRateLimit = 0, // automatic rate limiting
|
|
84
|
+
constructor({ name, tests, target, repeaterId, smart = true, starMetadata, requestsRateLimit = 0, // automatic rate limiting
|
|
79
85
|
poolSize = 50, // up to 2x more than default pool size
|
|
80
86
|
skipStaticParams = true, attackParamLocations = [] }) {
|
|
81
87
|
this.target = target;
|
|
@@ -88,6 +94,7 @@ class ScanSettings {
|
|
|
88
94
|
this.smart = smart;
|
|
89
95
|
this.tests = tests;
|
|
90
96
|
this.attackParamLocations = attackParamLocations;
|
|
97
|
+
this.starMetadata = starMetadata;
|
|
91
98
|
}
|
|
92
99
|
resolveAttackParamLocations(providedLocations) {
|
|
93
100
|
if (providedLocations.length > 0) {
|
package/src/ScanSettings.js.map
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
{"version":3,"file":"ScanSettings.js","sourceRoot":"","sources":["../../../../packages/scan/src/ScanSettings.ts"],"names":[],"mappings":";;;AAAA,qCAA2D;AAC3D,qCAAiD;AACjD,0CAAsE;
|
|
1
|
+
{"version":3,"file":"ScanSettings.js","sourceRoot":"","sources":["../../../../packages/scan/src/ScanSettings.ts"],"names":[],"mappings":";;;AAAA,qCAA2D;AAC3D,qCAAiD;AACjD,0CAAsE;AA4BtE,MAAa,YAAY;IAGvB,IAAI,YAAY;QACd,OAAO,IAAI,CAAC,aAAa,CAAC;IAC5B,CAAC;IAED,IAAY,YAAY,CAAC,KAA0C;QACjE,IAAI,CAAC,aAAa,GAAG,KAAK,CAAC;IAC7B,CAAC;IAID,IAAI,IAAI;QACN,OAAO,IAAI,CAAC,KAAK,CAAC;IACpB,CAAC;IAED,IAAY,IAAI,CAAC,KAAa;QAC5B,IAAI,KAAK,CAAC,MAAM,GAAG,GAAG,EAAE,CAAC;YACvB,MAAM,IAAI,KAAK,CAAC,wCAAwC,CAAC,CAAC;QAC5D,CAAC;QACD,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;IACrB,CAAC;IAID,IAAI,UAAU;QACZ,OAAO,IAAI,CAAC,WAAW,CAAC;IAC1B,CAAC;IAED,IAAY,UAAU,CAAC,KAAK;QAC1B,IAAI,CAAC,WAAW,GAAG,KAAK,CAAC;IAC3B,CAAC;IAID,IAAI,gBAAgB;QAClB,OAAO,IAAI,CAAC,iBAAiB,CAAC;IAChC,CAAC;IAED,IAAY,gBAAgB,CAAC,KAAc;QACzC,IAAI,CAAC,iBAAiB,GAAG,CAAC,CAAC,KAAK,CAAC;IACnC,CAAC;IAID,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,IAAI,KAAK,CAAC,KAAc;QACtB,IAAI,CAAC,MAAM,GAAG,CAAC,CAAC,KAAK,CAAC;IACxB,CAAC;IAID,IAAI,MAAM;QACR,OAAO,IAAI,CAAC,OAAO,CAAC;IACtB,CAAC;IAED,IAAY,MAAM,CAAC,KAA6B;QAC9C,IAAI,CAAC,OAAO,GAAG,IAAI,eAAM,CAAC,KAAK,CAAC,CAAC;IACnC,CAAC;IAID,IAAI,QAAQ;QACV,OAAO,IAAI,CAAC,SAAS,CAAC;IACxB,CAAC;IAED,IAAY,QAAQ,CAAC,KAAa;QAChC,IAAI,CAAC,IAAA,sBAAe,EAAC,KAAK,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,EAAE,EAAE,CAAC,EAAE,CAAC;YACjD,MAAM,IAAI,KAAK,CAAC,oBAAoB,CAAC,CAAC;QACxC,CAAC;QAED,IAAI,CAAC,SAAS,GAAG,KAAK,CAAC;IACzB,CAAC;IAID,IAAI,iBAAiB;QACnB,OAAO,IAAI,CAAC,kBAAkB,CAAC;IACjC,CAAC;IAED,IAAY,iBAAiB,CAAC,KAAa;QACzC,IAAI,CAAC,IAAA,sBAAe,EAAC,KAAK,EAAE,EAAE,GAAG,EAAE,CAAC,EAAE,GAAG,EAAE,IAAI,EAAE,CAAC,EAAE,CAAC;YACnD,MAAM,IAAI,KAAK,CAAC,8BAA8B,CAAC,CAAC;QAClD,CAAC;QAED,IAAI,CAAC,kBAAkB,GAAG,KAAK,CAAC;IAClC,CAAC;IAID,IAAI,KAAK;QACP,OAAO,IAAI,CAAC,MAAM,CAAC;IACrB,CAAC;IAED,IAAY,KAAK,CAAC,KAAe;QAC/B,MAAM,eAAe,GAAG,IAAI,GAAG,CAAS,KAAK,CAAC,CAAC;QAE/C,IAAI,eAAe,CAAC,IAAI,GAAG,CAAC,EAAE,CAAC;YAC7B,MAAM,IAAI,KAAK,CAAC,mCAAmC,CAAC,CAAC;QACvD,CAAC;QAED,IAAI,CAAC,MAAM,GAAG,CAAC,GAAG,eAAe,CAAC,CAAC;IACrC,CAAC;IAID,IAAI,oBAAoB;QACtB,OAAO,IAAI,CAAC,qBAAqB,CAAC;IACpC,CAAC;IAED,IAAY,oBAAoB,CAAC,KAA4B;QAC3D,IAAI,CAAC,IAAA,eAAQ,EAAC,4BAAmB,EAAE,KAAK,CAAC,EAAE,CAAC;YAC1C,MAAM,IAAI,KAAK,CAAC,yCAAyC,CAAC,CAAC;QAC7D,CAAC;QAED,IAAI,CAAC,qBAAqB,GAAG,IAAI,CAAC,2BAA2B,CAAC,KAAK,CAAC,CAAC;IACvE,CAAC;IAED,YAAY,EACV,IAAI,EACJ,KAAK,EACL,MAAM,EACN,UAAU,EACV,KAAK,GAAG,IAAI,EACZ,YAAY,EACZ,iBAAiB,GAAG,CAAC,EAAE,0BAA0B;IACjD,QAAQ,GAAG,EAAE,EAAE,uCAAuC;IACtD,gBAAgB,GAAG,IAAI,EACvB,oBAAoB,GAAG,EAAE,EACL;QACpB,IAAI,CAAC,MAAM,GAAG,MAAM,CAAC;QACrB,MAAM,EAAE,MAAM,EAAE,SAAS,EAAE,GAAG,IAAI,CAAC,MAAM,CAAC;QAC1C,IAAI,CAAC,IAAI,GAAG,IAAI,IAAI,IAAA,eAAQ,EAAC,GAAG,MAAM,IAAI,SAAS,CAAC,QAAQ,EAAE,EAAE,GAAG,CAAC,CAAC;QACrE,IAAI,CAAC,QAAQ,GAAG,QAAQ,CAAC;QACzB,IAAI,CAAC,iBAAiB,GAAG,iBAAiB,CAAC;QAC3C,IAAI,CAAC,UAAU,GAAG,UAAU,CAAC;QAC7B,IAAI,CAAC,gBAAgB,GAAG,gBAAgB,CAAC;QACzC,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,KAAK,GAAG,KAAK,CAAC;QACnB,IAAI,CAAC,oBAAoB,GAAG,oBAAoB,CAAC;QACjD,IAAI,CAAC,YAAY,GAAG,YAAY,CAAC;IACnC,CAAC;IAEO,2BAA2B,CACjC,iBAAwC;QAExC,IAAI,iBAAiB,CAAC,MAAM,GAAG,CAAC,EAAE,CAAC;YACjC,OAAO,CAAC,GAAG,IAAI,GAAG,CAAC,iBAAiB,CAAC,CAAC,CAAC;QACzC,CAAC;QAED,MAAM,iBAAiB,GAAG,IAAI,CAAC,0BAA0B,EAAE,CAAC;QAE5D,yCAAyC;QACzC,OAAO,iBAAiB,CAAC,MAAM,GAAG,CAAC;YACjC,CAAC,CAAC,iBAAiB;YACnB,CAAC,CAAC;gBACE,4BAAmB,CAAC,IAAI;gBACxB,4BAAmB,CAAC,KAAK;gBACzB,4BAAmB,CAAC,QAAQ;aAC7B,CAAC;IACR,CAAC;IAEO,0BAA0B;QAChC,MAAM,SAAS,GAA0B,EAAE,CAAC;QAE5C,MAAM,OAAO,GACX,IAAI,CAAC,MAAM,CAAC,IAAI,KAAK,SAAS;YAC9B,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,mBAAU,CAAC,GAAG;YACrC,IAAI,CAAC,MAAM,CAAC,MAAM,KAAK,mBAAU,CAAC,IAAI,CAAC;QAEzC,IAAI,OAAO,EAAE,CAAC;YACZ,SAAS,CAAC,IAAI,CAAC,4BAAmB,CAAC,IAAI,CAAC,CAAC;QAC3C,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,KAAK,EAAE,CAAC;YACtB,SAAS,CAAC,IAAI,CAAC,4BAAmB,CAAC,KAAK,CAAC,CAAC;QAC5C,CAAC;QAED,IAAI,IAAI,CAAC,MAAM,CAAC,QAAQ,EAAE,CAAC;YACzB,SAAS,CAAC,IAAI,CAAC,4BAAmB,CAAC,QAAQ,CAAC,CAAC;QAC/C,CAAC;QAED,OAAO,SAAS,CAAC;IACnB,CAAC;CACF;AA5LD,oCA4LC"}
|
package/src/models/Issue.d.ts
CHANGED