jsana 1.0.0 → 1.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (3) hide show
  1. package/lib/fetcher.js +13 -2
  2. package/lib/pipeline.js +11 -3
  3. package/package.json +10 -2
package/lib/fetcher.js CHANGED
@@ -92,17 +92,28 @@ export async function fetchUrl(rawUrl, { timeout = 30000 } = {}) {
92
92
 
93
93
  // Enforce size limit via a transform
94
94
  let received = 0;
95
+ let destroyed = false;
95
96
  const limiter = new PassThrough({
96
97
  transform(chunk, _enc, cb) {
97
98
  received += chunk.length;
98
99
  if (received > MAX_RESPONSE_SIZE) {
99
- cb(new Error('Response too large'));
100
- body.destroy();
100
+ if (!destroyed) {
101
+ destroyed = true;
102
+ body.on('error', () => {}); // suppress destroy error
103
+ body.destroy();
104
+ }
105
+ cb(); // drop chunk silently, stream will end
101
106
  } else {
102
107
  cb(null, chunk);
103
108
  }
104
109
  },
105
110
  });
106
111
 
112
+ // Propagate errors without crashing
113
+ stream.on('error', (err) => {
114
+ if (!destroyed) limiter.destroy(err);
115
+ });
116
+ body.on('error', () => {}); // suppress socket-level errors after destroy
117
+
107
118
  return stream.pipe(limiter);
108
119
  }
package/lib/pipeline.js CHANGED
@@ -103,10 +103,18 @@ export async function run(urlsFile, opts) {
103
103
 
104
104
  if (!stream) return; // skipped (binary, etc.)
105
105
 
106
+ // Catch stream errors so they don't crash the process
107
+ stream.on('error', () => {});
108
+
106
109
  let findingsInUrl = 0;
107
- for await (const finding of scan(stream, url.href, patterns)) {
108
- reporter.write(finding);
109
- findingsInUrl++;
110
+ try {
111
+ for await (const finding of scan(stream, url.href, patterns)) {
112
+ reporter.write(finding);
113
+ findingsInUrl++;
114
+ }
115
+ } catch {
116
+ // Stream error mid-scan (e.g. response too large, connection reset)
117
+ // Already counted as error below if fetch itself threw
110
118
  }
111
119
  progress.addFindings(findingsInUrl);
112
120
  } catch (err) {
package/package.json CHANGED
@@ -1,10 +1,18 @@
1
1
  {
2
2
  "name": "jsana",
3
- "version": "1.0.0",
3
+ "version": "1.0.1",
4
4
  "description": "JavaScript Security Analyzer for Bug Bounty",
5
5
  "type": "module",
6
6
  "license": "MIT",
7
- "keywords": ["security", "bug-bounty", "javascript", "scanner", "xss", "secrets", "recon"],
7
+ "keywords": [
8
+ "security",
9
+ "bug-bounty",
10
+ "javascript",
11
+ "scanner",
12
+ "xss",
13
+ "secrets",
14
+ "recon"
15
+ ],
8
16
  "bin": {
9
17
  "jsana": "./bin/jsana.js"
10
18
  },