feat(scan): remove hardcoded test types (#554)

closes #493 Co-authored-by: Artem Derevnjuk <artem.derevnjuk@brightsec.com>
NeuraLegion · Jul 15, 2024 · 1410705 · 1410705
1 parent 9997e8b
commit 1410705
Show file tree

Hide file tree

Showing 3 changed files with 9 additions and 118 deletions.
diff --git a/src/Commands/RunScan.ts b/src/Commands/RunScan.ts
@@ -3,15 +3,14 @@ import {
   Module,
   RequestExclusion,
   RestScansOptions,
-  SCAN_TESTS_TO_RUN_BY_DEFAULT,
   ScanConfig,
   Scans,
-  TestType,
   ATTACK_PARAM_LOCATIONS_DEFAULT
 } from '../Scan';
 import { Helpers, logger } from '../Utils';
 import { Arguments, Argv, CommandModule } from 'yargs';
 import { container } from 'tsyringe';
+import { EOL } from 'node:os';
 
 export class RunScan implements CommandModule {
   public readonly command = 'scan:run [options]';
@@ -78,12 +77,13 @@ export class RunScan implements CommandModule {
           'A list of specific urls that should be included into crawler.'
       })
       .option('test', {
-        choices: Helpers.toArray(TestType),
-        defaultDescription: `[${SCAN_TESTS_TO_RUN_BY_DEFAULT.map(
-          (item) => `"${item}"`
-        ).join(',')}]`,
         array: true,
-        describe: 'A list of tests which you want to run during a scan.'
+        describe:
+          'A list of tests to run during a scan. ' +
+          `If no tests are specified, the default tests will be run.${EOL}` +
+          `For more information on the default tests, refer to the documentation: https://docs.brightsec.com/docs/running-a-scan${EOL}` +
+          'Additional details about available tests can be found here: ' +
+          'https://docs.brightsec.com/docs/vulnerability-guide'
       })
       .option('bucket', {
         array: true,

diff --git a/src/Scan/RestScans.ts b/src/Scan/RestScans.ts
@@ -6,7 +6,6 @@ import {
   ScanState,
   SourceType,
   StorageFile,
-  SCAN_TESTS_TO_RUN_BY_DEFAULT,
   ATTACK_PARAM_LOCATIONS_DEFAULT,
   ScanCreateResponse
 } from './Scans';
@@ -150,11 +149,6 @@ export class RestScans implements Scans {
   private async applyDefaultSettings(
     scanConfig: Omit<ScanConfig, 'headers'>
   ): Promise<Omit<ScanConfig, 'headers'>> {
-    const tests =
-      scanConfig.tests ??
-      (scanConfig.buckets ?? scanConfig.templateId
-        ? undefined
-        : [...SCAN_TESTS_TO_RUN_BY_DEFAULT]);
     const attackParamLocations =
       scanConfig.attackParamLocations ?? scanConfig.templateId
         ? undefined
@@ -171,8 +165,7 @@ export class RestScans implements Scans {
       ...scanConfig,
       attackParamLocations,
       discoveryTypes,
-      exclusions,
-      tests
+      exclusions
     };
   }
 }
diff --git a/src/Scan/Scans.ts b/src/Scan/Scans.ts
@@ -16,108 +16,6 @@ export enum AttackParamLocation {
   QUERY = 'query'
 }
 
-export enum TestType {
-  ANGULAR_CSTI = 'angular_csti',
-  AZURE_BLOB_STORAGE = 'azure_blob_storage',
-  BACKUP_LOCATIONS = 'backup_locations',
-  BOLA = 'bola',
-  BROKEN_SAML_AUTH = 'broken_saml_auth',
-  BRUTE_FORCE_LOGIN = 'brute_force_login',
-  BUSINESS_CONSTRAINT_BYPASS = 'business_constraint_bypass',
-  COMMON_FILES = 'common_files',
-  COOKIE_SECURITY = 'cookie_security',
-  CSRF = 'csrf',
-  CSS_INJECTION = 'css_injection',
-  CVE = 'cve_test',
-  DATE_MANIPULATION = 'date_manipulation',
-  DEFAULT_LOGIN_LOCATION = 'default_login_location',
-  DIRECTORY_LISTING = 'directory_listing',
-  /**
-   * @deprecated Use TestType.XSS instead
-   */
-  DOM_XSS = 'dom_xss',
-  GOOGLE_CLOUD_STORAGE = 'google_cloud_storage',
-  EMAIL_INJECTION = 'email_injection',
-  EXCESSIVE_DATA_EXPOSURE = 'excessive_data_exposure',
-  EXPOSED_COUCH_DB_APIS = 'exposed_couch_db_apis',
-  FILE_UPLOAD = 'file_upload',
-  FULL_PATH_DISCLOSURE = 'full_path_disclosure',
-  GRAPHQL_INTROSPECTION = 'graphql_introspection',
-  HEADER_SECURITY = 'header_security',
-  HRS = 'hrs',
-  HTML_INJECTION = 'html_injection',
-  HTTP_METHOD_FUZZING = 'http_method_fuzzing',
-  HTTP_RESPONSE_SPLITTING = 'http_response_splitting',
-  ID_ENUMERATION = 'id_enumeration',
-  IFRAME_INJECTION = 'iframe_injection',
-  IMPROPER_ASSET_MANAGEMENT = 'improper_asset_management',
-  INSECURE_TLS_CONFIGURATION = 'insecure_tls_configuration',
-  JWT = 'jwt',
-  LDAPI = 'ldapi',
-  LFI = 'lfi',
-  LRRL = 'lrrl',
-  MASS_ASSIGNMENT = 'mass_assignment',
-  NOSQL = 'nosql',
-  OPEN_BUCKETS = 'open_buckets',
-  OPEN_DATABASE = 'open_database',
-  OSI = 'osi',
-  PROMPT_INJECTION = 'prompt_injection',
-  PROTO_POLLUTION = 'proto_pollution',
-  RETIRE_JS = 'retire_js',
-  RFI = 'rfi',
-  S3_TAKEOVER = 'amazon_s3_takeover',
-  SECRET_TOKENS = 'secret_tokens',
-  SERVER_SIDE_JS_INJECTION = 'server_side_js_injection',
-  SQLI = 'sqli',
-  SSRF = 'ssrf',
-  SSTI = 'ssti',
-  STORED_XSS = 'stored_xss',
-  UNVALIDATED_REDIRECT = 'unvalidated_redirect',
-  VERSION_CONTROL_SYSTEMS = 'version_control_systems',
-  WORDPRESS = 'wordpress',
-  XPATHI = 'xpathi',
-  XSS = 'xss',
-  XXE = 'xxe'
-}
-
-export const EXPENSIVE_TESTS: readonly TestType[] = [
-  TestType.AZURE_BLOB_STORAGE,
-  TestType.BUSINESS_CONSTRAINT_BYPASS,
-  TestType.BOLA,
-  TestType.CVE,
-  TestType.DATE_MANIPULATION,
-  TestType.GOOGLE_CLOUD_STORAGE,
-  TestType.EXCESSIVE_DATA_EXPOSURE,
-  TestType.ID_ENUMERATION,
-  TestType.LRRL,
-  TestType.MASS_ASSIGNMENT,
-  TestType.PROMPT_INJECTION,
-  TestType.RETIRE_JS
-];
-
-export const NOT_IMPLEMENTED_TESTS: readonly TestType[] = [
-  TestType.ANGULAR_CSTI,
-  TestType.BACKUP_LOCATIONS,
-  TestType.EXPOSED_COUCH_DB_APIS,
-  TestType.HTTP_RESPONSE_SPLITTING,
-  TestType.HRS
-];
-
-export const DEPRECATED_TESTS: ReadonlySet<TestType> = new Set<TestType>([
-  TestType.DOM_XSS
-]);
-
-export const SCAN_TESTS_TO_RUN_BY_DEFAULT: readonly TestType[] = Object.values(
-  TestType
-).filter(
-  (x: TestType) =>
-    ![
-      ...EXPENSIVE_TESTS,
-      ...NOT_IMPLEMENTED_TESTS,
-      ...DEPRECATED_TESTS
-    ].includes(x)
-);
-
 export const ATTACK_PARAM_LOCATIONS_DEFAULT: readonly AttackParamLocation[] = [
   AttackParamLocation.BODY,
   AttackParamLocation.FRAGMENT,
@@ -152,7 +50,7 @@ export interface ScanConfig {
   projectId?: string;
   templateId?: string;
   discoveryTypes?: Discovery[];
-  tests?: TestType[];
+  tests?: string[];
   buckets?: string[];
   poolSize?: number;
   fileId?: string;