npm - qa360 - Versions diffs - 2.3.0 → 2.3.2 - Mend

qa360 2.3.0 → 2.3.2

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (507) hide show

package/dist/core/crawler/cookie-manager.js ADDED Viewed

@@ -0,0 +1,353 @@
+/**
+ * Cookie Manager
+ *
+ * P1 - Browser cookie management
+ *
+ * Supports:
+ * - Cookie CRUD operations
+ * - HttpOnly cookie handling
+ * - Secure cookies (HTTPS only)
+ * - SameSite attribute (Strict, Lax, None)
+ * - Third-party cookie detection
+ * - Cookie validation and security checks
+ *
+ * @see https://playwright.dev/docs/api/class-browsercontext#browser-context-cookies
+ */
+/**
+ * Cookie Manager class
+ */
+export class CookieManager {
+    context;
+    baseUrl;
+    constructor(context, baseUrl) {
+        this.context = context;
+        this.baseUrl = baseUrl;
+    }
+    /**
+     * Get all cookies from context
+     */
+    async getAllCookies() {
+        return await this.context.cookies();
+    }
+    /**
+     * Get cookies filtered by criteria
+     */
+    async getCookies(filter = {}) {
+        const cookies = await this.context.cookies();
+        const baseDomain = new URL(this.baseUrl).hostname;
+        return cookies.filter((cookie) => {
+            // Name pattern filter
+            if (filter.namePattern) {
+                const pattern = typeof filter.namePattern === 'string'
+                    ? new RegExp(filter.namePattern)
+                    : filter.namePattern;
+                if (!pattern.test(cookie.name))
+                    return false;
+            }
+            // Domain filter
+            if (filter.domain && !cookie.domain?.includes(filter.domain)) {
+                return false;
+            }
+            // HttpOnly filter
+            if (filter.httpOnly !== undefined && cookie.httpOnly !== filter.httpOnly) {
+                return false;
+            }
+            // Secure filter
+            if (filter.secure !== undefined && cookie.secure !== filter.secure) {
+                return false;
+            }
+            // SameSite filter
+            if (filter.sameSite && cookie.sameSite !== filter.sameSite) {
+                return false;
+            }
+            // Third-party filter
+            if (filter.thirdParty) {
+                const cookieDomain = cookie.domain || '';
+                // Cookie domain starting with . means it can be used across subdomains
+                const effectiveDomain = cookieDomain.startsWith('.')
+                    ? cookieDomain.slice(1)
+                    : cookieDomain;
+                // Third-party if cookie domain doesn't match base domain
+                if (!effectiveDomain || baseDomain.endsWith(effectiveDomain)) {
+                    return false;
+                }
+            }
+            return true;
+        });
+    }
+    /**
+     * Get a specific cookie by name
+     */
+    async getCookie(name) {
+        const cookies = await this.context.cookies();
+        return cookies.find((c) => c.name === name);
+    }
+    /**
+     * Set a cookie
+     */
+    async setCookie(options) {
+        const cookieData = {
+            name: options.name,
+            value: options.value,
+        };
+        if (options.domain)
+            cookieData.domain = options.domain;
+        if (options.path)
+            cookieData.path = options.path;
+        if (options.httpOnly !== undefined)
+            cookieData.httpOnly = options.httpOnly;
+        if (options.secure !== undefined)
+            cookieData.secure = options.secure;
+        if (options.sameSite)
+            cookieData.sameSite = options.sameSite;
+        if (options.expires)
+            cookieData.expires = options.expires;
+        if (options.url)
+            cookieData.url = options.url;
+        await this.context.addCookies([cookieData]);
+    }
+    /**
+     * Set multiple cookies
+     */
+    async setCookies(cookies) {
+        const cookieData = cookies.map(c => ({
+            name: c.name,
+            value: c.value,
+            ...(c.domain && { domain: c.domain }),
+            ...(c.path && { path: c.path }),
+            ...(c.httpOnly !== undefined && { httpOnly: c.httpOnly }),
+            ...(c.secure !== undefined && { secure: c.secure }),
+            ...(c.sameSite && { sameSite: c.sameSite }),
+            ...(c.expires && { expires: c.expires }),
+            ...(c.url && { url: c.url }),
+        }));
+        await this.context.addCookies(cookieData);
+    }
+    /**
+     * Update a cookie's value
+     */
+    async updateCookie(name, value, options) {
+        const existing = await this.getCookie(name);
+        if (!existing)
+            return false;
+        // Remove existing cookie
+        await this.removeCookie(name);
+        // Set updated cookie
+        await this.setCookie({
+            name,
+            value,
+            domain: existing.domain,
+            path: existing.path,
+            httpOnly: existing.httpOnly,
+            secure: existing.secure,
+            sameSite: existing.sameSite,
+            expires: existing.expires,
+            ...options,
+        });
+        return true;
+    }
+    /**
+     * Remove a specific cookie
+     */
+    async removeCookie(name) {
+        const cookies = await this.context.cookies();
+        const targetCookie = cookies.find((c) => c.name === name);
+        if (targetCookie) {
+            await this.context.removeCookies([
+                {
+                    name: targetCookie.name,
+                    domain: targetCookie.domain || 'localhost',
+                    path: targetCookie.path || '/',
+                },
+            ]);
+        }
+    }
+    /**
+     * Remove cookies by filter
+     */
+    async removeCookies(filter) {
+        const cookiesToRemove = await this.getCookies(filter);
+        if (cookiesToRemove.length === 0)
+            return 0;
+        await this.context.removeCookies(cookiesToRemove.map((c) => ({
+            name: c.name,
+            domain: c.domain || 'localhost',
+            path: c.path || '/',
+        })));
+        return cookiesToRemove.length;
+    }
+    /**
+     * Clear all cookies
+     */
+    async clearAllCookies() {
+        await this.context.clearCookies();
+    }
+    /**
+     * Validate a cookie's security settings
+     */
+    validateCookie(cookie, baseUrl) {
+        const issues = [];
+        let score = 100;
+        // Check HttpOnly
+        const httpOnly = !!cookie.httpOnly;
+        if (!httpOnly && cookie.name !== '_ga' && cookie.name !== '_gid') {
+            // Not critical for all cookies, but recommended
+            score -= 10;
+        }
+        // Check Secure
+        const secure = !!cookie.secure;
+        if (!secure && baseUrl.startsWith('https://')) {
+            issues.push('Cookie should have Secure flag on HTTPS');
+            score -= 20;
+        }
+        // Check SameSite
+        const sameSite = cookie.sameSite || null;
+        if (!sameSite) {
+            issues.push('Cookie should have SameSite attribute');
+            score -= 15;
+        }
+        else if (sameSite === 'None' && !secure) {
+            issues.push('SameSite=None requires Secure flag');
+            score -= 30;
+        }
+        // Check for third-party
+        const baseDomain = new URL(baseUrl).hostname;
+        const cookieDomain = cookie.domain || '';
+        const isThirdParty = cookieDomain
+            ? !baseDomain.endsWith(cookieDomain.replace(/^\./, ''))
+            : false;
+        if (isThirdParty && sameSite === 'None') {
+            // This is expected for cross-origin cookies with SameSite=None
+        }
+        else if (isThirdParty) {
+            issues.push('Third-party cookie without SameSite=None may be blocked');
+            score -= 10;
+        }
+        // Check expiration
+        if (cookie.expires && cookie.expires < Date.now() / 1000) {
+            issues.push('Cookie has expired');
+            score -= 50;
+        }
+        return {
+            valid: issues.filter(i => i.includes('expired')).length === 0,
+            httpOnly,
+            secure,
+            sameSite,
+            securityScore: Math.max(0, score),
+            issues,
+            isThirdParty,
+        };
+    }
+    /**
+     * Validate all cookies
+     */
+    async validateAllCookies() {
+        const cookies = await this.context.cookies();
+        const results = new Map();
+        for (const cookie of cookies) {
+            const validation = this.validateCookie(cookie, this.baseUrl);
+            results.set(cookie.name, validation);
+        }
+        return results;
+    }
+    /**
+     * Get security report for all cookies
+     */
+    async getSecurityReport() {
+        const cookies = await this.context.cookies();
+        let secureCount = 0;
+        let httpOnlyCount = 0;
+        const sameSiteCounts = { Strict: 0, Lax: 0, None: 0, unset: 0 };
+        let thirdPartyCount = 0;
+        let totalScore = 0;
+        const vulnerable = [];
+        const baseDomain = new URL(this.baseUrl).hostname;
+        for (const cookie of cookies) {
+            const validation = this.validateCookie(cookie, this.baseUrl);
+            if (validation.secure)
+                secureCount++;
+            if (validation.httpOnly)
+                httpOnlyCount++;
+            if (validation.sameSite === 'Strict')
+                sameSiteCounts.Strict++;
+            else if (validation.sameSite === 'Lax')
+                sameSiteCounts.Lax++;
+            else if (validation.sameSite === 'None')
+                sameSiteCounts.None++;
+            else
+                sameSiteCounts.unset++;
+            if (validation.isThirdParty)
+                thirdPartyCount++;
+            totalScore += validation.securityScore;
+            if (validation.issues.length > 0) {
+                vulnerable.push({ name: cookie.name, issues: validation.issues });
+            }
+        }
+        return {
+            total: cookies.length,
+            secure: secureCount,
+            httpOnly: httpOnlyCount,
+            sameSite: sameSiteCounts,
+            thirdParty: thirdPartyCount,
+            avgSecurityScore: cookies.length > 0 ? totalScore / cookies.length : 100,
+            vulnerableCookies: vulnerable,
+        };
+    }
+    /**
+     * Export cookies as JSON string
+     */
+    async exportCookies() {
+        const cookies = await this.context.cookies();
+        return JSON.stringify(cookies, null, 2);
+    }
+    /**
+     * Import cookies from JSON string
+     */
+    async importCookies(cookieJson) {
+        try {
+            const cookies = JSON.parse(cookieJson);
+            if (!Array.isArray(cookies))
+                throw new Error('Invalid format');
+            await this.context.addCookies(cookies);
+            return cookies.length;
+        }
+        catch {
+            return 0;
+        }
+    }
+    /**
+     * Get cookies sorted by name
+     */
+    async getSortedCookies() {
+        const cookies = await this.context.cookies();
+        return cookies.sort((a, b) => a.name.localeCompare(b.name));
+    }
+    /**
+     * Get session cookies (no expiration)
+     */
+    async getSessionCookies() {
+        const cookies = await this.context.cookies();
+        return cookies.filter((c) => !c.expires);
+    }
+    /**
+     * Get persistent cookies (with expiration)
+     */
+    async getPersistentCookies() {
+        const cookies = await this.context.cookies();
+        return cookies.filter((c) => c.expires && c.expires > Date.now() / 1000);
+    }
+    /**
+     * Get expired cookies
+     */
+    async getExpiredCookies() {
+        const cookies = await this.context.cookies();
+        return cookies.filter((c) => c.expires && c.expires < Date.now() / 1000);
+    }
+}
+/**
+ * Factory function to create Cookie Manager
+ */
+export function createCookieManager(context, baseUrl) {
+    return new CookieManager(context, baseUrl);
+}
+export default CookieManager;

package/dist/core/crawler/coop-coep-handler.d.ts ADDED Viewed

@@ -0,0 +1,136 @@
+/**
+ * COOP/COEP Handler
+ *
+ * P1 - Cross-Origin-Opener-Policy and Cross-Origin-Embedder-Policy management
+ *
+ * Supports:
+ * - COOP header parsing and validation
+ * - COEP header parsing and validation
+ * - Cross-origin isolation detection
+ * - SharedArrayBuffer availability check
+ * - High-resolution timers availability check
+ *
+ * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin-Opener-Policy
+ * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Cross-Origin-Embedder-Policy
+ */
+export type COOPValue = 'unsafe-none' | 'same-origin' | 'same-origin-allow-popups';
+export type COEPValue = 'unsafe-none' | 'require-corp' | 'credentialless';
+export interface COOPConfig {
+    /** COOP header value */
+    value: COOPValue;
+    /** Reporting endpoint */
+    reportTo?: string;
+    /** Report-only mode */
+    reportOnly?: boolean;
+}
+export interface COEPConfig {
+    /** COEP header value */
+    value: COEPValue;
+    /** Reporting endpoint */
+    reportTo?: string;
+    /** Report-only mode */
+    reportOnly?: boolean;
+}
+export interface CrossOriginIsolationStatus {
+    /** Is cross-origin isolated */
+    isIsolated: boolean;
+    /** COOP header present */
+    hasCOOP: boolean;
+    /** COOP header value */
+    coopValue: COOPValue | null;
+    /** COEP header present */
+    hasCOEP: boolean;
+    /** COEP header value */
+    coepValue: COEPValue | null;
+    /** SharedArrayBuffer available */
+    sharedArrayBufferAvailable: boolean;
+    /** High-resolution timers available */
+    highResTimersAvailable: boolean;
+    /** Can use performance.measureUserAgentSpecificMemory() */
+    memoryMeasurementAvailable: boolean;
+    /** Security score (0-100) */
+    securityScore: number;
+    /** Recommendations */
+    recommendations: string[];
+}
+/**
+ * COOP/COEP Handler class
+ */
+export declare class COOPCOEPHandler {
+    private page;
+    constructor(page: any);
+    /**
+     * Get COOP header from response
+     */
+    getCOOPHeader(): Promise<COOPValue | null>;
+    /**
+     * Get COEP header from response
+     */
+    getCOEPHeader(): Promise<COEPValue | null>;
+    /**
+     * Check if value is valid COOP
+     */
+    private isValidCOOP;
+    /**
+     * Check if value is valid COEP
+     */
+    private isValidCOEP;
+    /**
+     * Check cross-origin isolation status
+     */
+    getCrossOriginIsolationStatus(): Promise<CrossOriginIsolationStatus>;
+    /**
+     * Check if SharedArrayBuffer is usable
+     */
+    canUseSharedArrayBuffer(): Promise<boolean>;
+    /**
+     * Check if high-resolution timers are available
+     */
+    hasHighResolutionTimers(): Promise<boolean>;
+    /**
+     * Check if memory measurement is available
+     */
+    canMeasureMemory(): Promise<boolean>;
+    /**
+     * Measure memory usage (if available)
+     */
+    measureMemory(): Promise<{
+        breakdown: Array<{
+            bytes: number;
+            attribution: string[];
+        }>;
+        bytes: number;
+    } | null>;
+    /**
+     * Test COOP behavior with window.open()
+     */
+    testCOOPBehavior(): Promise<{
+        canAccessOpener: boolean;
+        openerAccessible: boolean;
+    }>;
+    /**
+     * Get COOP/COEP recommendations based on use case
+     */
+    getRecommendations(useCase: 'default' | 'sharedarraybuffer' | 'high-performance' | 'security'): {
+        coop: COOPValue;
+        coep: COEPValue;
+        reason: string;
+    };
+    /**
+     * Validate COOP/COEP configuration
+     */
+    validateConfiguration(): Promise<{
+        valid: boolean;
+        errors: string[];
+        warnings: string[];
+    }>;
+    /**
+     * Get COOP/COEP documentation link
+     */
+    getDocumentation(): string;
+}
+/**
+ * Factory function to create COOP/COEP Handler
+ */
+export declare function createCOOPCOEPHandler(page: any): COOPCOEPHandler;
+export default COOPCOEPHandler;