feat(scan): update test type names for clarity and consistency (#231)

NeuraLegion · Feb 18, 2025 · d1648e9 · d1648e9
1 parent 1d10816
commit d1648e9
Show file tree

Hide file tree

Showing 7 changed files with 38 additions and 39 deletions.
diff --git a/packages/runner/README.md b/packages/runner/README.md
@@ -66,7 +66,7 @@ await runner.clear();
 To start scanning your application, first you have to create a `SecScan` instance, as shown below:
 
 ```ts
-const scan = runner.createScan({ tests: [TestType.XSS] });
+const scan = runner.createScan({ tests: [TestType.CROSS_SITE_SCRIPTING] });
 ```
 
 Below you will find a list of parameters that can be used to configure a `Scan`:
@@ -156,7 +156,7 @@ describe('/api', () => {
     await runner.init();
 
     scan = runner
-      .createScan({ tests: [TestType.XSS] })
+      .createScan({ tests: [TestType.CROSS_SITE_SCRIPTING] })
       .threshold(Severity.MEDIUM) // i. e. ignore LOW severity issues
       .timeout(300000); // i. e. fail if last longer than 5 minutes
   });

diff --git a/packages/runner/src/lib/SecRunner.spec.ts b/packages/runner/src/lib/SecRunner.spec.ts
@@ -178,7 +178,7 @@ describe('SecRunner', () => {
   });
 
   describe('createScan', () => {
-    const options = { tests: [TestType.XSS] };
+    const options = { tests: [TestType.CROSS_SITE_SCRIPTING] };
 
     it('should create scan', async () => {
       await secRunner.init();

diff --git a/packages/runner/src/lib/SecScan.spec.ts b/packages/runner/src/lib/SecScan.spec.ts
@@ -24,7 +24,7 @@ import { Configuration } from '@sectester/core';
 import { Formatter } from '@sectester/reporter';
 
 describe('SecScan', () => {
-  const tests = [TestType.XSS];
+  const tests = [TestType.CROSS_SITE_SCRIPTING];
 
   const mockedContainer = mock<DependencyContainer>();
   const mockedConfiguration = mock<Configuration>();

diff --git a/packages/scan/src/DefaultScans.spec.ts b/packages/scan/src/DefaultScans.spec.ts
@@ -92,7 +92,7 @@ describe('HttpScans', () => {
 
       const result = await scans.createScan({
         name: 'test',
-        tests: [TestType.XSS],
+        tests: [TestType.CROSS_SITE_SCRIPTING],
         module: Module.DAST
       });
 
@@ -110,7 +110,7 @@ describe('HttpScans', () => {
 
       await scans.createScan({
         name: 'test',
-        tests: [TestType.XSS],
+        tests: [TestType.CROSS_SITE_SCRIPTING],
         module: Module.DAST
       });
 
@@ -139,7 +139,7 @@ describe('HttpScans', () => {
 
       const result = scans.createScan({
         name: 'test',
-        tests: [TestType.XSS],
+        tests: [TestType.CROSS_SITE_SCRIPTING],
         module: Module.DAST
       });
 

diff --git a/packages/scan/src/ScanFactory.spec.ts b/packages/scan/src/ScanFactory.spec.ts
@@ -53,7 +53,7 @@ describe('ScanFactory', () => {
     it('should create a scan', async () => {
       const settings: ScanSettingsOptions = {
         target: { url: 'https://example.com' },
-        tests: [TestType.XSS]
+        tests: [TestType.CROSS_SITE_SCRIPTING]
       };
       when(mockedScans.uploadHar(anything())).thenResolve({ id: fileId });
       when(mockedScans.createScan(anything())).thenResolve({ id: scanId });
@@ -68,7 +68,7 @@ describe('ScanFactory', () => {
             name: 'GET example.com',
             module: Module.DAST,
             discoveryTypes: [Discovery.ARCHIVE],
-            tests: [TestType.XSS]
+            tests: [TestType.CROSS_SITE_SCRIPTING]
           })
         )
       ).once();
@@ -78,7 +78,7 @@ describe('ScanFactory', () => {
     it('should generate and upload a HAR file', async () => {
       const settings: ScanSettingsOptions = {
         target: { url: 'https://example.com' },
-        tests: [TestType.XSS]
+        tests: [TestType.CROSS_SITE_SCRIPTING]
       };
       when(mockedScans.uploadHar(anything())).thenResolve({ id: fileId });
       when(mockedScans.createScan(anything())).thenResolve({ id: scanId });
@@ -108,7 +108,7 @@ describe('ScanFactory', () => {
             'hex'
           )}.example.com`
         },
-        tests: [TestType.XSS]
+        tests: [TestType.CROSS_SITE_SCRIPTING]
       };
       when(mockedScans.uploadHar(anything())).thenResolve({ id: fileId });
       when(mockedScans.createScan(anything())).thenResolve({ id: scanId });

diff --git a/packages/scan/src/ScanSettings.spec.ts b/packages/scan/src/ScanSettings.spec.ts
@@ -58,7 +58,7 @@ describe('ScanSettings', () => {
         // arrange
         const settings: ScanSettingsOptions = {
           target: { url: 'https://example.com' },
-          tests: [TestType.XPATHI],
+          tests: [TestType.XPATH_INJECTION],
           ...input
         };
 
@@ -71,7 +71,7 @@ describe('ScanSettings', () => {
       // arrange
       const settings: ScanSettingsOptions = {
         target: { url: 'https://example.com' },
-        tests: [TestType.XPATHI],
+        tests: [TestType.XPATH_INJECTION],
         attackParamLocations: [
           AttackParamLocation.QUERY,
           AttackParamLocation.QUERY
@@ -91,23 +91,23 @@ describe('ScanSettings', () => {
       // arrange
       const settings: ScanSettingsOptions = {
         target: { url: 'https://example.com' },
-        tests: [TestType.XPATHI, TestType.XPATHI]
+        tests: [TestType.XPATH_INJECTION, TestType.XPATH_INJECTION]
       };
 
       // act
       const result = new ScanSettings(settings);
 
       // assert
       expect(result).toMatchObject({
-        tests: [TestType.XPATHI]
+        tests: [TestType.XPATH_INJECTION]
       });
     });
 
     it('should create a settings with custom name', () => {
       // arrange
       const settings: ScanSettingsOptions = {
         name: 'my scan',
-        tests: [TestType.XSS],
+        tests: [TestType.CROSS_SITE_SCRIPTING],
         target: { url: 'https://example.com' }
       };
 
@@ -123,7 +123,7 @@ describe('ScanSettings', () => {
     it('should create a settings with default name', () => {
       // arrange
       const settings: ScanSettingsOptions = {
-        tests: [TestType.XSS],
+        tests: [TestType.CROSS_SITE_SCRIPTING],
         target: { url: 'https://example.com' }
       };
 
@@ -140,7 +140,7 @@ describe('ScanSettings', () => {
       // arrange
       const settings: ScanSettingsOptions = {
         name: randomBytes(201).toString('hex'),
-        tests: [TestType.XSS],
+        tests: [TestType.CROSS_SITE_SCRIPTING],
         target: { url: 'https://example.com' }
       };
 
@@ -153,7 +153,7 @@ describe('ScanSettings', () => {
     it('should truncate a default name if hostname is greater than 200 characters', () => {
       // arrange
       const settings: ScanSettingsOptions = {
-        tests: [TestType.XSS],
+        tests: [TestType.CROSS_SITE_SCRIPTING],
         target: {
           url: `https://subdomain-${randomBytes(200).toString(
             'hex'

diff --git a/packages/scan/src/models/TestType.ts b/packages/scan/src/models/TestType.ts
@@ -1,13 +1,13 @@
 export enum TestType {
   AMAZON_S3_TAKEOVER = 'amazon_s3_takeover',
-  BOPLA = 'bopla',
+  BROKEN_OBJECT_PROPERTY_LEVEL_AUTHORIZATION = 'bopla',
   BROKEN_ACCESS_CONTROL = 'broken_access_control',
-  BROKEN_SAML_AUTH = 'broken_saml_auth',
-  JWT = 'jwt',
+  BROKEN_SAML_AUTHENTICATION = 'broken_saml_auth',
+  BROKEN_JWT_AUTHENTICATION = 'jwt',
   BRUTE_FORCE_LOGIN = 'brute_force_login',
   BUSINESS_CONSTRAINT_BYPASS = 'business_constraint_bypass',
   COOKIE_SECURITY = 'cookie_security',
-  CSRF = 'csrf',
+  CROSS_SITE_REQUEST_FORGERY = 'csrf',
   CSS_INJECTION = 'css_injection',
   DATE_MANIPULATION = 'date_manipulation',
   EMAIL_INJECTION = 'email_injection',
@@ -21,26 +21,25 @@ export enum TestType {
   IFRAME_INJECTION = 'iframe_injection',
   IMPROPER_ASSET_MANAGEMENT = 'improper_asset_management',
   INSECURE_OUTPUT_HANDLING = 'insecure_output_handling',
-  LDAPI = 'ldapi',
-  LFI = 'lfi',
-  LRRL = 'lrrl',
+  LDAP_INJECTION = 'ldapi',
+  LOCAL_FILE_INCLUSION = 'lfi',
   MASS_ASSIGNMENT = 'mass_assignment',
-  NOSQL = 'nosql',
+  MONGODB_INJECTION = 'nosql',
   OPEN_CLOUD_STORAGE = 'open_cloud_storage',
-  OPEN_DATABASE = 'open_database',
-  OSI = 'osi',
+  EXPOSED_DATABASE_DETAILS = 'open_database',
+  OS_COMMAND_INJECTION = 'osi',
   PASSWORD_RESET_POISONING = 'password_reset_poisoning',
   PROMPT_INJECTION = 'prompt_injection',
-  PROTO_POLLUTION = 'proto_pollution',
-  RFI = 'rfi',
-  SQLI = 'sqli',
-  SECRET_TOKENS = 'secret_tokens',
+  JS_PROTOTYPE_POLLUTION = 'proto_pollution',
+  REMOTE_FILE_INCLUSION = 'rfi',
+  SQL_INJECTION = 'sqli',
+  SECRET_TOKENS_LEAK = 'secret_tokens',
   SERVER_SIDE_JS_INJECTION = 'server_side_js_injection',
-  SSRF = 'ssrf',
-  SSTI = 'ssti',
-  STORED_XSS = 'stored_xss',
+  SERVER_SIDE_REQUEST_FORGERY = 'ssrf',
+  SERVER_SIDE_TEMPLATE_INJECTION = 'ssti',
+  STORED_CROSS_SITE_SCRIPTING = 'stored_xss',
   UNVALIDATED_REDIRECT = 'unvalidated_redirect',
-  XPATHI = 'xpathi',
-  XXE = 'xxe',
-  XSS = 'xss'
+  XPATH_INJECTION = 'xpathi',
+  XML_EXTERNAL_ENTITY_INJECTION = 'xxe',
+  CROSS_SITE_SCRIPTING = 'xss'
 }