From c5c96e74cb34ce5a995d8a0990e2ea1191a6a8b2 Mon Sep 17 00:00:00 2001
From: Harsh Barsaiyan <hbarsaiyan@gmail.com>
Date: Tue, 16 Apr 2024 11:41:43 +0530
Subject: [PATCH] update vulnerable-checker

---
 .github/scripts/vulnerable_checker.js | 73 ++++++++++++++++++---------
 1 file changed, 50 insertions(+), 23 deletions(-)

diff --git a/.github/scripts/vulnerable_checker.js b/.github/scripts/vulnerable_checker.js
index dd3fa93083..117540195a 100644
--- a/.github/scripts/vulnerable_checker.js
+++ b/.github/scripts/vulnerable_checker.js
@@ -7,34 +7,61 @@ const GITHUB_STEP_SUMMARY = process.env.GITHUB_STEP_SUMMARY
 
 const ignore = {
   missing: [
-    'ADD_USER_ID',
-    'GRAPHQL_DEBUG_MODE_ENABLED',
-    'GRAPHQL_FIELD_SUGGESTIONS_ENABLED',
-    'MASS_ASSIGNMENT_CHANGE_ACCOUNT',
-    'ADD_JKU_TO_JWT',
-    'JWT_INVALID_SIGNATURE',
-    'MASS_ASSIGNMENT_CHANGE_ADMIN_ROLE',
-    'HEAD_METHOD_TEST',
+    'BFLA_INSERT_ADMIN_IN_URL_PATHS',
+    'SSRF_ON_XML_UPLOAD_LOCALHOST_REDIRECT',
+    'SSL_ENABLE_CHECK',
+    'BFLA_WITH_PUT_METHOD',
+    'BFLA_REPLACE_ADMIN_IN_URL_PATHS',
+    'BFLA_WITH_POST_METHOD',
+    'USER_ENUM_REDIRECT_PAGE',
+    'AUTH_BYPASS_STAGING_URL',
+    'SSRF_ON_IMAGE_UPLOAD_GCP_REDIRECT',
+    'SSRF_ON_PDF_UPLOAD_AWS_REDIRECT',
+    'BFLA_WITH_PATCH_METHOD',
+    'SSRF_ON_XML_UPLOAD_AZURE_REDIRECT',
+    'SSRF_ON_CSV_UPLOAD_AWS_REDIRECT',
     'RANDOM_METHOD_TEST',
-    'JWT_SIGNING_IN_CLIENT_SIDE',
-    'GRAPHQL_TYPE_INTROSPECTION_ALLOWED',
-    'GRAPHQL_DEVELOPMENT_CONSOLE_EXPOSED',
-    'PARAMETER_POLLUTION',
-    'GRAPHQL_INTROSPECTION_MODE_ENABLED'
+    'SSRF_ON_LOCALHOST_DNS_PINNING',
+    'DOS_FILE_URL_JPG',
+    'BFLA_WITH_GET_METHOD',
+    'SSRF_ON_IMAGE_UPLOAD_LOCALHOST_REDIRECT',
+    'DOS_ATTACH_LARGE_FILE',
+    '2FA_BROKEN_LOGIC_AUTH_TOKEN_TEST',
+    'DOS_FILE_URL_XML',
+    'SSRF_ON_CSV_UPLOAD_GCP_REDIRECT',
+    'DOS_FILE_URL_CSV',
+    'SSRF_ON_CSV_UPLOAD_LOCALHOST_REDIRECT',
+    'SSRF_ON_PDF_UPLOAD_GCP_REDIRECT',
+    'SSRF_ON_PDF_UPLOAD_LOCALHOST_REDIRECT',
+    'LOGOUT_AUTH_TOKEN_TEST',
+    'SSRF_SCRIPT_TAG_AZURE_REDIRECT',
+    'SSL_ENABLE_CHECK_AUTH',
+    'SSRF_SCRIPT_TAG_AWS_REDIRECT',
+    'SSRF_ON_LOCALHOST',
+    'SSRF_SCRIPT_TAG_BASIC',
+    'DOCKERFILE_HIDDEN_DISCLOSURE',
+    'SSRF_ON_XML_UPLOAD_GCP_REDIRECT',
+    'SSRF_ON_IMAGE_UPLOAD_AZURE_REDIRECT',
+    'SSRF_ON_LOCALHOST_ENCODED',
+    'AUTH_BYPASS_LOCKED_ACCOUNT_TOKEN_ROLE',
+    'BOLA_ADD_CUSTOM_HEADER',
+    'DOS_FILE_URL_PNG',
+    'SSRF_ON_PDF_UPLOAD_AZURE_REDIRECT',
+    'SSRF_SCRIPT_TAG_LOCALHOST_REDIRECT',
+    'DOS_FILE_URL_PDF',
+    'USER_ENUM_ACCOUNT_LOCK',
+    'DOS_FILE_URL_MP4',
+    'SSRF_ON_IMAGE_UPLOAD_AWS_REDIRECT',
+    'SSRF_ON_CSV_UPLOAD_AZURE_REDIRECT',
+    'DOS_ATTACH_FILE_IN_BODY',
+    'SSRF_SCRIPT_TAG_GCP_REDIRECT',
+    'BASIC_BFLA',
+    'SSRF_ON_XML_UPLOAD_AWS_REDIRECT',
   ],
   notVulnerable: [
+    'DOS_TEST_URL',
     'TEXT_INJECTION_VIA_INVALID_URLS',
-    'CORS_MISCONFIGURATION_INVALID_ORIGIN',
-    'SSRF_ON_LOCALHOST',
-    'MASS_ASSIGNMENT_CHANGE_ROLE',
     'XSS_IN_PATH',
-    'DOCKERFILE_HIDDEN_DISCLOSURE',
-    'TRACE_METHOD_TEST',
-    'CORS_MISCONFIGURATION_WHITELIST_ORIGIN',
-    'LARAVEL_DEBUG_MODE_ENABLED',
-    'CONFIG_JSON',
-    'RAILS_DEBUG_MODE_ENABLED',
-    'CONTENT_TYPE_HEADER_MISSING'
   ]
 }