cipher-security 2.0.4 → 2.0.6

package/lib/pipeline/scanner.js

@@ -361,7 +361,10 @@ class NucleiRunner {
     if (effTags.length) cmd.push('-tags', effTags.join(','));
     if (effSev.length) cmd.push('-severity', effSev.join(','));
     cmd.push('-rl', String(sp.rateLimit), '-bs', String(sp.bulkSize));
+    if (sp.concurrency) cmd.push('-c', String(sp.concurrency));
+    if (sp.requestTimeout) cmd.push('-timeout', String(sp.requestTimeout));
     if (sp.headless) cmd.push('-headless');
+    if (sp.extraArgs) cmd.push(...sp.extraArgs);
 
     return this._execute(cmd, target, opts.timeout ?? DEFAULT_TIMEOUT);
   }
@@ -374,14 +377,75 @@ class NucleiRunner {
    * @param {number} [opts.timeout=600]
    * @returns {Promise<ScanResult>}
    */
+  /**
+   * Run Nuclei with explicit template paths (synchronous — for quick scans).
+   * Uses execFileSync to avoid Go pipe-buffering issues with spawn.
+   * @param {string} target
+   * @param {object} opts
+   * @param {string[]} [opts.templatePaths]
+   * @param {number} [opts.timeout=30]
+   * @param {number} [opts.rateLimit=150]
+   * @param {number} [opts.concurrency=25]
+   * @param {number} [opts.requestTimeout=10]
+   * @returns {Promise<ScanResult>}
+   */
   scanWithTemplates(target, opts = {}) {
     if (!this.available) return Promise.resolve(this._fail(target));
     const bin = this._resolved || this.nucleiPath;
-    const cmd = [bin, '-jsonl', '-silent', '-u', target];
+    const args = ['-jsonl', '-silent', '-u', target];
     for (const tp of opts.templatePaths ?? []) {
-      cmd.push('-t', tp);
+      args.push('-t', tp);
+    }
+    args.push('-rl', String(opts.rateLimit ?? 150));
+    args.push('-c', String(opts.concurrency ?? 25));
+    args.push('-timeout', String(opts.requestTimeout ?? 10));
+
+    const start = Date.now();
+    try {
+      const out = execFileSync(bin, args, {
+        encoding: 'utf-8',
+        timeout: (opts.timeout ?? 30) * 1000,
+        maxBuffer: 50 * 1024 * 1024,
+        stdio: ['pipe', 'pipe', 'pipe'],
+      });
+      const elapsed = (Date.now() - start) / 1000;
+      const findings = [];
+      for (const line of out.split('\n')) {
+        if (line.startsWith('{')) {
+          try { findings.push(Finding.fromNucleiJson(JSON.parse(line))); }
+          catch { /* skip parse errors */ }
+        }
+      }
+      const sevCounts = {};
+      for (const f of findings) sevCounts[f.severity] = (sevCounts[f.severity] || 0) + 1;
+      return Promise.resolve(new ScanResult({
+        target, findings,
+        stats: { total: findings.length, ...sevCounts },
+        command: `${bin} ${args.join(' ')}`,
+        durationSeconds: Math.round(elapsed * 100) / 100,
+        success: true,
+      }));
+    } catch (err) {
+      const elapsed = (Date.now() - start) / 1000;
+      const timedOut = err.killed || err.signal === 'SIGTERM';
+      // Even on timeout, capture any partial output
+      const out = err.stdout || '';
+      const findings = [];
+      for (const line of out.split('\n')) {
+        if (line.startsWith('{')) {
+          try { findings.push(Finding.fromNucleiJson(JSON.parse(line))); }
+          catch { /* skip */ }
+        }
+      }
+      return Promise.resolve(new ScanResult({
+        target, findings,
+        stats: { total: findings.length },
+        errors: timedOut ? [`Scan timed out after ${opts.timeout ?? 30}s`] : [err.message],
+        command: `${bin} ${args.join(' ')}`,
+        durationSeconds: Math.round(elapsed * 100) / 100,
+        success: !timedOut && findings.length > 0,
+      }));
     }
-    return this._execute(cmd, target, opts.timeout ?? DEFAULT_TIMEOUT);
   }
 
   /**

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "cipher-security",
-  "version": "2.0.4",
+  "version": "2.0.6",
   "description": "CIPHER — AI Security Engineering Platform CLI",
   "type": "module",
   "engines": {