Skip to content

feat(scan): add test metadata support #268

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
abright25 wants to merge 2 commits into from
Closed

feat(scan): add test metadata support #268

abright25 wants to merge 2 commits into from

Conversation

@abright25
Copy link

@abright25 abright25 commented Dec 26, 2025
edited
Loading

PR adds testMetadata field into sectester, which is required to run Broken Access Control test.

Format of metadata is based on existing data passing to backend on scan start:

    "tests": ["broken_access_control"],
    "testMetadata": {
      "broken_access_control": {
        "authObjectId": [null, "xxxxx"]
      }
    },

Sectester serves as a proxy and does not impose any additional constraints on value formats. It follows the implementation described in #259
as an example. Any format-related errors are expected to be reported by backend responses; therefore, no changes in Sectester are required if the format changes.

@abright25 abright25 marked this pull request as ready for review December 26, 2025 14:29
Copilot AI reviewed Dec 26, 2025
View reviewed changes
Copy link

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds support for test-specific metadata through a new testMetadata field, enabling the Broken Access Control test to receive required configuration data. The implementation follows the existing pattern established by starMetadata, ensuring consistency across the codebase.

  • Introduces testMetadata field as an optional Record<string, unknown> type
  • Updates all relevant interfaces and classes to support the new field
  • Maintains the proxy pattern where format validation is handled by the backend

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 1 comment.

File Description
packages/scan/src/models/ScanConfig.ts Adds testMetadata field to the ScanConfig interface
packages/scan/src/ScanSettings.ts Implements getter/setter for testMetadata and includes it in constructor initialization
packages/scan/src/ScanFactory.ts Passes testMetadata through to the scan configuration
packages/runner/src/lib/SecScanOptions.ts Exposes testMetadata as part of the public SecScanOptions type

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

packages/scan/src/ScanFactory.ts Outdated
attackParamLocations,
starMetadata
starMetadata,
testMetadata
Copy link

Copilot AI Dec 26, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing test coverage for the new testMetadata field. Following the pattern established for starMetadata in ScanFactory.spec.ts (lines 136-158), a similar test should be added to verify that testMetadata is properly passed through when provided to the scan configuration.

Copilot uses AI. Check for mistakes.
@abright25 abright25 added the Type: enhancement New feature or request. label Dec 26, 2025
@abright25 abright25 marked this pull request as draft December 26, 2025 15:21
@abright25 abright25 removed the request for review from pmstss December 26, 2025 19:58
@abright25 abright25 closed this Jan 13, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@derevnjuk derevnjuk Awaiting requested review from derevnjuk

Assignees

@abright25 abright25

Labels

Type: enhancement New feature or request.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@abright25