From 999ef98ed89ee4147494402421fd6f38fc8a3d25 Mon Sep 17 00:00:00 2001 From: Viachaslau Tyshkavets Date: Wed, 5 Mar 2025 18:42:33 +0400 Subject: [PATCH 1/2] feat(scan): test ids as strings --- src/SecTester.Runner/README.md | 28 ++-- src/SecTester.Scan/Models/ScanConfig.cs | 2 +- src/SecTester.Scan/Models/TestType.cs | 136 ------------------ src/SecTester.Scan/README.md | 26 ++-- src/SecTester.Scan/ScanSettings.cs | 11 +- src/SecTester.Scan/ScanSettingsBuilder.cs | 4 +- test/SecTester.Runner.Tests/SecRunnerTests.cs | 10 +- test/SecTester.Runner.Tests/SecScanTests.cs | 2 +- .../Commands/CreateScanTests.cs | 2 +- .../DefaultScanFactoryTests.cs | 17 +-- .../SecTester.Scan.Tests/DefaultScansTests.cs | 2 +- .../MessageSerializerTests.cs | 49 ------- .../ScanSettingsBuilderTests.cs | 2 +- .../SecTester.Scan.Tests/ScanSettingsTests.cs | 12 +- 14 files changed, 47 insertions(+), 256 deletions(-) delete mode 100644 src/SecTester.Scan/Models/TestType.cs diff --git a/src/SecTester.Runner/README.md b/src/SecTester.Runner/README.md index 26efce5..21493de 100644 --- a/src/SecTester.Runner/README.md +++ b/src/SecTester.Runner/README.md @@ -67,23 +67,23 @@ To start scanning your application, first you have to create a `SecScan` instanc ```csharp await using var scan = await runner.CreateScan(new ScanSettingsBuilder() - .WithTests(new List { TestType.CrossSiteScripting })); + .WithTests(new List { "xss" })); ``` Below you will find a list of parameters that can be used to configure a `Scan`: -| Option | Description | -| ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `Target` | The target that will be attacked. For details, see [here](#defining-a-target-for-attack). | -| `Tests` | The list of tests to be performed against the target application. [Learn more about tests](https://docs.brightsec.com/docs/vulnerability-guide) | -| `RepeaterId` | Connects the scan to a Repeater agent, which provides secure access to local networks. | -| `Smart` | Minimize scan time by using automatic smart decisions regarding parameter skipping, detection phases, etc. Enabled by default. | -| `SkipStaticParams` | Use an advanced algorithm to automatically determine if a parameter has any effect on the target system's behavior when changed, and skip testing such static parameters. Enabled by default. | -| `PoolSize` | Sets the maximum concurrent requests for the scan, to control the load on your server. By default, `10`. | -| `AttackParamLocations` | Defines which part of the request to attack. By default, `body`, `query`, and `fragment`. | -| `SlowEpTimeout` | Automatically validate entry-point response time before initiating the vulnerability testing, and reduce scan time by skipping any entry-points that take too long to respond. By default, 1000ms. | -| `TargetTimeout` | Measure timeout responses from the target application globally, and stop the scan if the target is unresponsive for longer than the specified time. By default, 5min. | -| `Name` | The scan name. The method and hostname by default, e.g. `GET example.com`. | +| Option | Description | +| ---------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `Target` | The target that will be attacked. For details, see [here](#defining-a-target-for-attack). | +| `Tests` | The list of tests to be performed against the target application. To retrieve the complete list, send a request to the [API](https://app.brightsec.com/api/v1/scans/tests). [Learn more about tests](https://docs.brightsec.com/docs/vulnerability-guide). | +| `RepeaterId` | Connects the scan to a Repeater agent, which provides secure access to local networks. | +| `Smart` | Minimize scan time by using automatic smart decisions regarding parameter skipping, detection phases, etc. Enabled by default. | +| `SkipStaticParams` | Use an advanced algorithm to automatically determine if a parameter has any effect on the target system's behavior when changed, and skip testing such static parameters. Enabled by default. | +| `PoolSize` | Sets the maximum concurrent requests for the scan, to control the load on your server. By default, `10`. | +| `AttackParamLocations` | Defines which part of the request to attack. By default, `body`, `query`, and `fragment`. | +| `SlowEpTimeout` | Automatically validate entry-point response time before initiating the vulnerability testing, and reduce scan time by skipping any entry-points that take too long to respond. By default, 1000ms. | +| `TargetTimeout` | Measure timeout responses from the target application globally, and stop the scan if the target is unresponsive for longer than the specified time. By default, 5min. | +| `Name` | The scan name. The method and hostname by default, e.g. `GET example.com`. | We provide a fluent interface for building a `ScanSettings` object. To use it, you start by creating a `ScanSettingsBuilder` instance, and then you call its methods to specify the various settings you want to use for the scan as shown above. @@ -162,7 +162,7 @@ public class OrdersApiTests : IClassFixture, IAsyncDisposable _test = _fixture .Runner .CreateScan(new ScanSettingsBuilder() - .WithTests(new List { TestType.CrossSiteScripting })) + .WithTests(new List { "xss" })) .Threshold(Severity.Medium) .Timeout(TimeSpan.FromMinutes(5)); } diff --git a/src/SecTester.Scan/Models/ScanConfig.cs b/src/SecTester.Scan/Models/ScanConfig.cs index 22d10f2..86e6d27 100644 --- a/src/SecTester.Scan/Models/ScanConfig.cs +++ b/src/SecTester.Scan/Models/ScanConfig.cs @@ -7,7 +7,7 @@ public record ScanConfig(string Name) { public string Name { get; } = Name ?? throw new ArgumentNullException(nameof(Name)); public Module? Module { get; init; } - public IEnumerable? Tests { get; init; } + public IEnumerable? Tests { get; init; } public IEnumerable? DiscoveryTypes { get; init; } public int? PoolSize { get; init; } public IEnumerable? AttackParamLocations { get; init; } diff --git a/src/SecTester.Scan/Models/TestType.cs b/src/SecTester.Scan/Models/TestType.cs deleted file mode 100644 index fb7bf92..0000000 --- a/src/SecTester.Scan/Models/TestType.cs +++ /dev/null @@ -1,136 +0,0 @@ -using System; -using System.Runtime.Serialization; - -namespace SecTester.Scan.Models; - -public enum TestType -{ - [EnumMember(Value = "amazon_s3_takeover")] - AmazonS3Takeover, - - [EnumMember(Value = "bopla")] - BrokenObjectPropertyLevelAuthorization, - - [EnumMember(Value = "broken_access_control")] - BrokenAccessControl, - - [EnumMember(Value = "broken_saml_auth")] - BrokenSamlAuthentication, - - [EnumMember(Value = "jwt")] - BrokenJwtAuthentication, - - [EnumMember(Value = "brute_force_login")] - BruteForceLogin, - - [EnumMember(Value = "business_constraint_bypass")] - BusinessConstraintBypass, - - [EnumMember(Value = "cookie_security")] - CookieSecurity, - - [EnumMember(Value = "csrf")] - CrossSiteRequestForgery, - - [EnumMember(Value = "css_injection")] - CssInjection, - - [EnumMember(Value = "date_manipulation")] - DateManipulation, - - [EnumMember(Value = "email_injection")] - EmailInjection, - - [EnumMember(Value = "excessive_data_exposure")] - ExcessiveDataExposure, - - [EnumMember(Value = "file_upload")] - FileUpload, - - [EnumMember(Value = "full_path_disclosure")] - FullPathDisclosure, - - [EnumMember(Value = "graphql_introspection")] - GraphqlIntrospection, - - [EnumMember(Value = "html_injection")] - HtmlInjection, - - [EnumMember(Value = "http_method_fuzzing")] - HttpMethodFuzzing, - - [EnumMember(Value = "id_enumeration")] - IdEnumeration, - - [EnumMember(Value = "iframe_injection")] - IframeInjection, - - [EnumMember(Value = "improper_asset_management")] - ImproperAssetManagement, - - [EnumMember(Value = "insecure_output_handling")] - InsecureOutputHandling, - - [EnumMember(Value = "ldapi")] - LdapInjection, - - [EnumMember(Value = "lfi")] - LocalFileInclusion, - - [EnumMember(Value = "mass_assignment")] - MassAssignment, - - [EnumMember(Value = "nosql")] - MongodbInjection, - - [EnumMember(Value = "open_cloud_storage")] - OpenCloudStorage, - - [EnumMember(Value = "open_database")] - ExposedDatabaseDetails, - - [EnumMember(Value = "osi")] - OsCommandInjection, - - [EnumMember(Value = "password_reset_poisoning")] - PasswordResetPoisoning, - - [EnumMember(Value = "prompt_injection")] - PromptInjection, - - [EnumMember(Value = "proto_pollution")] - JsPrototypePollution, - - [EnumMember(Value = "rfi")] - RemoteFileInclusion, - - [EnumMember(Value = "sqli")] - SqlInjection, - - [EnumMember(Value = "secret_tokens")] - SecretTokensLeak, - - [EnumMember(Value = "server_side_js_injection")] - ServerSideJsInjection, - - [EnumMember(Value = "ssrf")] - ServerSideRequestForgery, - - [EnumMember(Value = "ssti")] - ServerSideTemplateInjection, - - [EnumMember(Value = "stored_xss")] - StoredCrossSiteScripting, - - [EnumMember(Value = "unvalidated_redirect")] - UnvalidatedRedirect, - - [EnumMember(Value = "xpathi")] - XpathInjection, - - [EnumMember(Value = "xxe")] - XmlExternalEntityInjection, - - [EnumMember(Value = "xss")] - CrossSiteScripting -} \ No newline at end of file diff --git a/src/SecTester.Scan/README.md b/src/SecTester.Scan/README.md index f60eebb..b300079 100644 --- a/src/SecTester.Scan/README.md +++ b/src/SecTester.Scan/README.md @@ -33,23 +33,23 @@ The factory exposes the `CreateScan` method that returns a new [Scan instance](# ```csharp await using var result = scanFactory.CreateScan(new ScanSettings( target, - new List() { TestType.CrossSiteScripting })); + new List() { "xss" })); ``` Below you will find a list of parameters that can be used to configure a `Scan`: -| Option | Description | -| ---------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -| `Target` | The target that will be attacked. For details, see [here](#defining-a-target-for-attack). | -| `Tests` | The list of tests to be performed against the target application. [Learn more about tests](https://docs.brightsec.com/docs/vulnerability-guide) | -| `RepeaterId` | Connects the scan to a Repeater agent, which provides secure access to local networks. | -| `Smart` | Minimize scan time by using automatic smart decisions regarding parameter skipping, detection phases, etc. Enabled by default. | -| `SkipStaticParams` | Use an advanced algorithm to automatically determine if a parameter has any effect on the target system's behavior when changed, and skip testing such static parameters. Enabled by default. | -| `PoolSize` | Sets the maximum concurrent requests for the scan, to control the load on your server. By default, `10`. | -| `AttackParamLocations` | Defines which part of the request to attack. By default, `body`, `query`, and `fragment`. | -| `SlowEpTimeout` | Automatically validate entry-point response time before initiating the vulnerability testing, and reduce scan time by skipping any entry-points that take too long to respond. By default, 1000ms. | -| `TargetTimeout` | Measure timeout responses from the target application globally, and stop the scan if the target is unresponsive for longer than the specified time. By default, 5min. | -| `Name` | The scan name. The method and hostname by default, e.g. `GET example.com`. | +| Option | Description | +| ---------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | +| `Target` | The target that will be attacked. For details, see [here](#defining-a-target-for-attack). | +| `Tests` | The list of tests to be performed against the target application. To retrieve the complete list, send a request to the [API](https://app.brightsec.com/api/v1/scans/tests). [Learn more about tests](https://docs.brightsec.com/docs/vulnerability-guide). | +| `RepeaterId` | Connects the scan to a Repeater agent, which provides secure access to local networks. | +| `Smart` | Minimize scan time by using automatic smart decisions regarding parameter skipping, detection phases, etc. Enabled by default. | +| `SkipStaticParams` | Use an advanced algorithm to automatically determine if a parameter has any effect on the target system's behavior when changed, and skip testing such static parameters. Enabled by default. | +| `PoolSize` | Sets the maximum concurrent requests for the scan, to control the load on your server. By default, `10`. | +| `AttackParamLocations` | Defines which part of the request to attack. By default, `body`, `query`, and `fragment`. | +| `SlowEpTimeout` | Automatically validate entry-point response time before initiating the vulnerability testing, and reduce scan time by skipping any entry-points that take too long to respond. By default, 1000ms. | +| `TargetTimeout` | Measure timeout responses from the target application globally, and stop the scan if the target is unresponsive for longer than the specified time. By default, 5min. | +| `Name` | The scan name. The method and hostname by default, e.g. `GET example.com`. | We provide a fluent interface for building a `ScanSettings` object. To use it, you start by creating a `ScanSettingsBuilder` instance, and then you call its methods to specify the various settings you want to use for the scan. diff --git a/src/SecTester.Scan/ScanSettings.cs b/src/SecTester.Scan/ScanSettings.cs index 75f102a..ac021e1 100644 --- a/src/SecTester.Scan/ScanSettings.cs +++ b/src/SecTester.Scan/ScanSettings.cs @@ -20,10 +20,10 @@ public sealed record ScanSettings private readonly int? _poolSize; private readonly TimeSpan? _slowEpTimeout; private readonly TimeSpan? _targetTimeout; - private readonly IEnumerable _tests; + private readonly IEnumerable _tests; private readonly Target _target; - public ScanSettings(string name, Target target, IEnumerable tests) + public ScanSettings(string name, Target target, IEnumerable tests) { Name = name; Target = target; @@ -132,7 +132,7 @@ public TimeSpan? TargetTimeout /// /// The list of tests to be performed against the target application /// - public IEnumerable Tests + public IEnumerable Tests { get => _tests; init @@ -142,11 +142,6 @@ public IEnumerable Tests throw new ArgumentNullException(nameof(Tests)); } - if (value.Any(x => !Enum.IsDefined(typeof(TestType), x))) - { - throw new ArgumentException("Unknown test type supplied."); - } - var unique = value.Distinct().ToArray(); if (!unique.Any()) diff --git a/src/SecTester.Scan/ScanSettingsBuilder.cs b/src/SecTester.Scan/ScanSettingsBuilder.cs index 3f62764..bf6dd3a 100644 --- a/src/SecTester.Scan/ScanSettingsBuilder.cs +++ b/src/SecTester.Scan/ScanSettingsBuilder.cs @@ -19,7 +19,7 @@ public class ScanSettingsBuilder private bool _smart = true; private Target? _target; private TimeSpan _targetTimeout = TimeSpan.FromMinutes(5); - private IEnumerable _tests = new List(); + private IEnumerable _tests = new List(); /// /// Sets a target for the scan. @@ -103,7 +103,7 @@ public ScanSettingsBuilder WithTargetTimeout(TimeSpan value) /// /// Sets a list of tests to run for the scan. /// - public ScanSettingsBuilder WithTests(IEnumerable value) + public ScanSettingsBuilder WithTests(IEnumerable value) { _tests = value; return this; diff --git a/test/SecTester.Runner.Tests/SecRunnerTests.cs b/test/SecTester.Runner.Tests/SecRunnerTests.cs index cb910d4..4f1918f 100644 --- a/test/SecTester.Runner.Tests/SecRunnerTests.cs +++ b/test/SecTester.Runner.Tests/SecRunnerTests.cs @@ -186,10 +186,7 @@ public async Task CreateScan_CreatesSecScan() { // arrange var builder = new ScanSettingsBuilder() - .WithTests(new List - { - TestType.CrossSiteRequestForgery - }); + .WithTests(new List { "xss" }); await _sut.Init(_options); // act @@ -204,10 +201,7 @@ public void CreateScan_NotInitializedYet_ThrowsException() { // arrange var builder = new ScanSettingsBuilder() - .WithTests(new List - { - TestType.CrossSiteRequestForgery - }); + .WithTests(new List { "xss" }); // act var act = () => _sut.CreateScan(builder); diff --git a/test/SecTester.Runner.Tests/SecScanTests.cs b/test/SecTester.Runner.Tests/SecScanTests.cs index bdba447..4cd885e 100644 --- a/test/SecTester.Runner.Tests/SecScanTests.cs +++ b/test/SecTester.Runner.Tests/SecScanTests.cs @@ -15,7 +15,7 @@ public class SecScanTests : IDisposable private readonly SecScan _sut; private readonly Target _target = new(Url); - private readonly IEnumerable _tests = new List { TestType.CrossSiteRequestForgery }; + private readonly IEnumerable _tests = new List { "xss" }; private readonly TimeSpan _timeout = TimeSpan.FromHours(1); diff --git a/test/SecTester.Scan.Tests/Commands/CreateScanTests.cs b/test/SecTester.Scan.Tests/Commands/CreateScanTests.cs index cf7eb32..5671928 100644 --- a/test/SecTester.Scan.Tests/Commands/CreateScanTests.cs +++ b/test/SecTester.Scan.Tests/Commands/CreateScanTests.cs @@ -19,7 +19,7 @@ public class CreateScanTests Smart = true, Tests = new[] { - TestType.CrossSiteRequestForgery, TestType.BrokenJwtAuthentication + "xss", "jwt" }, DiscoveryTypes = new[] { diff --git a/test/SecTester.Scan.Tests/DefaultScanFactoryTests.cs b/test/SecTester.Scan.Tests/DefaultScanFactoryTests.cs index 5e44384..fa5475e 100644 --- a/test/SecTester.Scan.Tests/DefaultScanFactoryTests.cs +++ b/test/SecTester.Scan.Tests/DefaultScanFactoryTests.cs @@ -29,10 +29,7 @@ public void Dispose() public async Task CreateScan_CreatesScan() { // arrange - var settings = new ScanSettings("MyScan", new Target("https://example.com"), new List - { - TestType.CrossSiteScripting - }); + var settings = new ScanSettings("MyScan", new Target("https://example.com"), new List { "xss" }); _scans.UploadHar(Arg.Any()).Returns(FileId); _scans.CreateScan(Arg.Any()).Returns(ScanId); @@ -48,7 +45,7 @@ await _scans.Received(1).CreateScan(Arg.Is(x => x.Name == "MyScan" && x.FileId == FileId && x.Module == Module.Dast && - x.Tests!.Contains(TestType.CrossSiteScripting) && + x.Tests!.Contains("xss") && x.Tests!.Count() == 1 && x.DiscoveryTypes!.Contains(Discovery.Archive) && x.DiscoveryTypes!.Count() == 1 @@ -59,10 +56,7 @@ await _scans.Received(1).CreateScan(Arg.Is(x => public async Task CreateScan_GeneratesUploadHarFile() { // arrange - var settings = new ScanSettings("MyScan", new Target("https://example.com"), new List - { - TestType.CrossSiteScripting - }); + var settings = new ScanSettings("MyScan", new Target("https://example.com"), new List { "xss" }); _scans.UploadHar(Arg.Any()).Returns(FileId); _scans.CreateScan(Arg.Any()).Returns(ScanId); @@ -85,10 +79,7 @@ public async Task CreateScan_TruncatesHarFilename() { // arrange var settings = new ScanSettings("MyScan", new Target($"https://{new string('a', 1 + DefaultScanFactory.MaxSlugLength)}.example.com"), - new List - { - TestType.CrossSiteScripting - }); + new List { "xss" }); _scans.UploadHar(Arg.Any()).Returns(FileId); _scans.CreateScan(Arg.Any()).Returns(ScanId); diff --git a/test/SecTester.Scan.Tests/DefaultScansTests.cs b/test/SecTester.Scan.Tests/DefaultScansTests.cs index 9acf404..f4f1c4a 100644 --- a/test/SecTester.Scan.Tests/DefaultScansTests.cs +++ b/test/SecTester.Scan.Tests/DefaultScansTests.cs @@ -53,7 +53,7 @@ public class DefaultScansTests : IDisposable Smart = true, Tests = new[] { - TestType.CrossSiteScripting, TestType.BrokenJwtAuthentication + "xss", "jwt" }, DiscoveryTypes = new[] { diff --git a/test/SecTester.Scan.Tests/MessageSerializerTests.cs b/test/SecTester.Scan.Tests/MessageSerializerTests.cs index 24983b9..d1a5ea2 100644 --- a/test/SecTester.Scan.Tests/MessageSerializerTests.cs +++ b/test/SecTester.Scan.Tests/MessageSerializerTests.cs @@ -59,53 +59,6 @@ public class MessageSerializerTests new object[] { Severity.Low, @"""Low""" } }; - public static readonly IEnumerable TestTypeEnumerable = new List - { - new object[] { TestType.AmazonS3Takeover, @"""amazon_s3_takeover""" }, - new object[] { TestType.BrokenObjectPropertyLevelAuthorization, @"""bopla""" }, - new object[] { TestType.BrokenAccessControl, @"""broken_access_control""" }, - new object[] { TestType.BrokenSamlAuthentication, @"""broken_saml_auth""" }, - new object[] { TestType.BrokenJwtAuthentication, @"""jwt""" }, - new object[] { TestType.BruteForceLogin, @"""brute_force_login""" }, - new object[] { TestType.BusinessConstraintBypass, @"""business_constraint_bypass""" }, - new object[] { TestType.CookieSecurity, @"""cookie_security""" }, - new object[] { TestType.CrossSiteRequestForgery, @"""csrf""" }, - new object[] { TestType.CssInjection, @"""css_injection""" }, - new object[] { TestType.DateManipulation, @"""date_manipulation""" }, - new object[] { TestType.EmailInjection, @"""email_injection""" }, - new object[] { TestType.ExcessiveDataExposure, @"""excessive_data_exposure""" }, - new object[] { TestType.FileUpload, @"""file_upload""" }, - new object[] { TestType.FullPathDisclosure, @"""full_path_disclosure""" }, - new object[] { TestType.GraphqlIntrospection, @"""graphql_introspection""" }, - new object[] { TestType.HtmlInjection, @"""html_injection""" }, - new object[] { TestType.HttpMethodFuzzing, @"""http_method_fuzzing""" }, - new object[] { TestType.IdEnumeration, @"""id_enumeration""" }, - new object[] { TestType.IframeInjection, @"""iframe_injection""" }, - new object[] { TestType.ImproperAssetManagement, @"""improper_asset_management""" }, - new object[] { TestType.InsecureOutputHandling, @"""insecure_output_handling""" }, - new object[] { TestType.LdapInjection, @"""ldapi""" }, - new object[] { TestType.LocalFileInclusion, @"""lfi""" }, - new object[] { TestType.MassAssignment, @"""mass_assignment""" }, - new object[] { TestType.MongodbInjection, @"""nosql""" }, - new object[] { TestType.OpenCloudStorage, @"""open_cloud_storage""" }, - new object[] { TestType.ExposedDatabaseDetails, @"""open_database""" }, - new object[] { TestType.OsCommandInjection, @"""osi""" }, - new object[] { TestType.PasswordResetPoisoning, @"""password_reset_poisoning""" }, - new object[] { TestType.PromptInjection, @"""prompt_injection""" }, - new object[] { TestType.JsPrototypePollution, @"""proto_pollution""" }, - new object[] { TestType.RemoteFileInclusion, @"""rfi""" }, - new object[] { TestType.SqlInjection, @"""sqli""" }, - new object[] { TestType.SecretTokensLeak, @"""secret_tokens""" }, - new object[] { TestType.ServerSideJsInjection, @"""server_side_js_injection""" }, - new object[] { TestType.ServerSideRequestForgery, @"""ssrf""" }, - new object[] { TestType.ServerSideTemplateInjection, @"""ssti""" }, - new object[] { TestType.StoredCrossSiteScripting, @"""stored_xss""" }, - new object[] { TestType.UnvalidatedRedirect, @"""unvalidated_redirect""" }, - new object[] { TestType.XpathInjection, @"""xpathi""" }, - new object[] { TestType.XmlExternalEntityInjection, @"""xxe""" }, - new object[] { TestType.CrossSiteScripting, @"""xss""" } - }; - [Theory] [MemberData(nameof(AttackParamLocationEnumerable))] [MemberData(nameof(FrameEnumerable))] @@ -114,7 +67,6 @@ public class MessageSerializerTests [MemberData(nameof(ModuleEnumerable))] [MemberData(nameof(ScanStatusEnumerable))] [MemberData(nameof(SeverityEnumerable))] - [MemberData(nameof(TestTypeEnumerable))] public void Serialize_GivenEnumValue_ReturnString(object input, string expected) { // act @@ -133,7 +85,6 @@ public void Serialize_GivenEnumValue_ReturnString(object input, string expected) [MemberData(nameof(ModuleEnumerable))] [MemberData(nameof(ScanStatusEnumerable))] [MemberData(nameof(SeverityEnumerable))] - [MemberData(nameof(TestTypeEnumerable))] public void Deserialize_GivenString_ReturnEnumValue(object expected, string input) { // act diff --git a/test/SecTester.Scan.Tests/ScanSettingsBuilderTests.cs b/test/SecTester.Scan.Tests/ScanSettingsBuilderTests.cs index 7b46115..51872dc 100644 --- a/test/SecTester.Scan.Tests/ScanSettingsBuilderTests.cs +++ b/test/SecTester.Scan.Tests/ScanSettingsBuilderTests.cs @@ -19,7 +19,7 @@ public class ScanSettingsBuilderTests }; private readonly ScanSettingsBuilder _sut = new(); private readonly Target _target = new(Url); - private readonly IEnumerable _tests = new List { TestType.CrossSiteScripting }; + private readonly IEnumerable _tests = new List { "xss" }; private readonly TimeSpan _timeout = TimeSpan.FromSeconds(100); diff --git a/test/SecTester.Scan.Tests/ScanSettingsTests.cs b/test/SecTester.Scan.Tests/ScanSettingsTests.cs index 93261e0..ada2e7a 100644 --- a/test/SecTester.Scan.Tests/ScanSettingsTests.cs +++ b/test/SecTester.Scan.Tests/ScanSettingsTests.cs @@ -7,7 +7,7 @@ public class ScanSettingsTests private const string DefaultName = "GET example.com"; private readonly Target _target = new(Url); - private readonly IEnumerable _tests = new List { TestType.CrossSiteScripting }; + private readonly IEnumerable _tests = new List { "xss" }; public static readonly IEnumerable InvalidNames = new List { @@ -37,8 +37,7 @@ public class ScanSettingsTests public static readonly IEnumerable InvalidTests = new List { new object[] { null!, "*Tests*" }, - new object[] { new List { (TestType) 1000 }, "Unknown test type supplied." }, - new object[] { Array.Empty(), "Please provide at least one test." } + new object[] { Array.Empty(), "Please provide at least one test." } }; public static readonly IEnumerable InvalidAttackLocationParams = new List @@ -61,7 +60,7 @@ public void ScanSettings_ThrowsExceptionWhenNameIsInvalid(string input, string e [Theory] [MemberData(nameof(InvalidTests))] - public void ScanSettings_ThrowsExceptionWhenTestsIsInvalid(IEnumerable input, string expectedErrorMessage) + public void ScanSettings_ThrowsExceptionWhenTestsIsInvalid(IEnumerable input, string expectedErrorMessage) { // act var action = () => new ScanSettings(DefaultName, _target, input); @@ -75,10 +74,7 @@ public void ScanSettings_ThrowsExceptionWhenTestsIsInvalid(IEnumerable public void ScanSettings_SetsUniqueTests() { // arrange - var input = new List - { - TestType.CrossSiteRequestForgery, TestType.CrossSiteRequestForgery - }; + var input = new List { "csrf", "csrf" }; var expected = input.Distinct(); // act From ea8f42cbef5a8b08a8c77160469df06ef8124eee Mon Sep 17 00:00:00 2001 From: Viachaslau Tyshkavets Date: Wed, 5 Mar 2025 19:09:16 +0400 Subject: [PATCH 2/2] fix: imports cleanup --- src/SecTester.Core/Dispatchers/HttpCommandDispatcher.cs | 2 +- .../Extensions/ServiceCollectionExtensions.cs | 1 - .../Extensions/HttpResponseMessageExtensionsTests.cs | 1 - test/SecTester.Core.Tests/Usings.cs | 3 +-- test/SecTester.Repeater.Tests/Usings.cs | 1 - test/SecTester.Scan.Tests/Usings.cs | 4 ++-- 6 files changed, 4 insertions(+), 8 deletions(-) diff --git a/src/SecTester.Core/Dispatchers/HttpCommandDispatcher.cs b/src/SecTester.Core/Dispatchers/HttpCommandDispatcher.cs index 14dd140..fba7fb8 100644 --- a/src/SecTester.Core/Dispatchers/HttpCommandDispatcher.cs +++ b/src/SecTester.Core/Dispatchers/HttpCommandDispatcher.cs @@ -6,9 +6,9 @@ using System.Threading; using System.Threading.Tasks; using SecTester.Core.Bus; -using SecTester.Core.Utils; using SecTester.Core.Commands; using SecTester.Core.Extensions; +using SecTester.Core.Utils; namespace SecTester.Core.Dispatchers; diff --git a/src/SecTester.Repeater/Extensions/ServiceCollectionExtensions.cs b/src/SecTester.Repeater/Extensions/ServiceCollectionExtensions.cs index cff39b6..e80bf4e 100644 --- a/src/SecTester.Repeater/Extensions/ServiceCollectionExtensions.cs +++ b/src/SecTester.Repeater/Extensions/ServiceCollectionExtensions.cs @@ -4,7 +4,6 @@ using System.Net.Http; using Microsoft.Extensions.DependencyInjection; using SecTester.Core.Extensions; -using SecTester.Core.Utils; using SecTester.Repeater.Api; using SecTester.Repeater.Bus; using SecTester.Repeater.Runners; diff --git a/test/SecTester.Core.Tests/Extensions/HttpResponseMessageExtensionsTests.cs b/test/SecTester.Core.Tests/Extensions/HttpResponseMessageExtensionsTests.cs index d91a720..0564d3d 100644 --- a/test/SecTester.Core.Tests/Extensions/HttpResponseMessageExtensionsTests.cs +++ b/test/SecTester.Core.Tests/Extensions/HttpResponseMessageExtensionsTests.cs @@ -1,5 +1,4 @@ using System.Net; -using System.Text; namespace SecTester.Core.Tests.Extensions; diff --git a/test/SecTester.Core.Tests/Usings.cs b/test/SecTester.Core.Tests/Usings.cs index bc6ca1d..9855ea5 100644 --- a/test/SecTester.Core.Tests/Usings.cs +++ b/test/SecTester.Core.Tests/Usings.cs @@ -21,8 +21,7 @@ global using SecTester.Core.Dispatchers; global using SecTester.Core.Exceptions; global using SecTester.Core.Extensions; -global using SecTester.Core.RetryStrategies; -global using SecTester.Core.Exceptions; global using SecTester.Core.Logger; +global using SecTester.Core.RetryStrategies; global using SecTester.Core.Utils; global using Xunit; diff --git a/test/SecTester.Repeater.Tests/Usings.cs b/test/SecTester.Repeater.Tests/Usings.cs index e288e47..a8f9350 100644 --- a/test/SecTester.Repeater.Tests/Usings.cs +++ b/test/SecTester.Repeater.Tests/Usings.cs @@ -14,7 +14,6 @@ global using SecTester.Core.Bus; global using SecTester.Core.Exceptions; global using SecTester.Core.Logger; -global using SecTester.Core.Utils; global using SecTester.Repeater.Api; global using SecTester.Repeater.Bus; global using SecTester.Repeater.Extensions; diff --git a/test/SecTester.Scan.Tests/Usings.cs b/test/SecTester.Scan.Tests/Usings.cs index 94bcba8..1cdced7 100644 --- a/test/SecTester.Scan.Tests/Usings.cs +++ b/test/SecTester.Scan.Tests/Usings.cs @@ -12,10 +12,10 @@ global using NSubstitute.ExceptionExtensions; global using SecTester.Core; global using SecTester.Core.Bus; -global using SecTester.Core.Exceptions; -global using SecTester.Core.Utils; global using SecTester.Core.Dispatchers; +global using SecTester.Core.Exceptions; global using SecTester.Core.Extensions; +global using SecTester.Core.Utils; global using SecTester.Scan.CI; global using SecTester.Scan.Commands; global using SecTester.Scan.Exceptions;