Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

✨ Add Passive Scan Feature #420

Merged
merged 22 commits into from
Sep 30, 2024
Merged

✨ Add Passive Scan Feature #420

merged 22 commits into from
Sep 30, 2024

Conversation

hahwul
Copy link
Member

@hahwul hahwul commented Sep 27, 2024
edited
Loading

Closed #419

Signed-off-by: HAHWUL hahwul@gmail.com

@hahwul
✨ Init passive_scan
d6594e9 
Signed-off-by: HAHWUL <hahwul@gmail.com>
@github-actions github-actions bot added 🦺 github-action Issue for GitHub actions 🛥️ workflow Issue for Workflows labels Sep 27, 2024
@hahwul hahwul self-assigned this Sep 27, 2024
@hahwul hahwul linked an issue Sep 27, 2024 that may be closed by this pull request
Add Passive Scan #419
Open
@hahwul hahwul added this to the v0.18.0 milestone Sep 27, 2024
@hahwul hahwul changed the title ✨ Init passive_scan ✨ Add Passive Scan Feature Sep 28, 2024
@hahwul
Add flags for Passive Scan
097b5df 
Signed-off-by: HAHWUL <hahwul@gmail.com>
@github-actions github-actions bot added ⚙️ options Issue for options (flag) ⛱️ config Issue for Configuration labels Sep 29, 2024
@hahwul
Refactor config_initializer to set default passive rules path
b7cb841 
Signed-off-by: HAHWUL <hahwul@gmail.com>
@hahwul
Refactor config_initializer to set default passive rules path
43b4b1a 
Signed-off-by: HAHWUL <hahwul@gmail.com>
@hahwul
Linting
f17d009 
Signed-off-by: HAHWUL <hahwul@gmail.com>
@hahwul
Refactor PassiveScan struct to use hyphen in matchers_condition field
8f4a770 
Remove unused variable assignment in rules.cr

Signed-off-by: HAHWUL <hahwul@gmail.com>
@hahwul
Fixed
3dc7ffa 
Signed-off-by: HAHWUL <hahwul@gmail.com>
@hahwul
Refactor rules.cr to recursively search for YAML files in the specifi…
6a7774b 
…ed path

Signed-off-by: HAHWUL <hahwul@gmail.com>
@hahwul
Refactor NoirRunner to include passive scan results
11d7c65 
Signed-off-by: HAHWUL <hahwul@gmail.com>
@github-actions github-actions bot added the 🔎 detector Issue for Detector label Sep 29, 2024
@hahwul
Add OutputBuilderPassiveScan class
4e7cb42 
Signed-off-by: HAHWUL <hahwul@gmail.com>
@github-actions github-actions bot added the 📦 output-builder Issue for output builder (format) label Sep 29, 2024
@hahwul
Refactor NoirRunner to include passive scan results and add OutputBui…
e7e902d 
…lderPassiveScan class

Signed-off-by: HAHWUL <hahwul@gmail.com>
@hahwul
Copy link
Member Author

hahwul commented Sep 29, 2024
edited
Loading

Interim review

....
GET /token
  ○ body: client_id=&redirect_url=&grant_type=

GET /socket [websocket]

GET /1.html

GET /2.html

Passive Results:
ID: ...
Info: PassiveScan::Info(@name="ABCD", @author=["abcd", "aaaa"], @severity="critical", @description="....", @reference=["https://google.com"])
Matchers: [PassiveScan::Matcher(@type="word", @patterns=["api"], @condition="or"), PassiveScan::Matcher(@type="regex", @patterns=[".*", "^a"], @condition="or")]
Matchers Condition: and
Category: secret
Techs: *, ruby-rails
File Path: ./spec/functional_test/fixtures/crystal_kemal/src/testapp.cr
Line Number: 4
Extract:   env.request.headers["x-api-key"].as(String)

{
"passive_results": [
    {
      "id": "...",
      "info": {
        "name": "ABCD",
        "author": [
          "abcd",
          "aaaa"
        ],
        "severity": "critical",
        "description": "....",
        "reference": [
          "https://google.com"
        ]
      },
      "category": "secret",
      "techs": [
        "*",
        "ruby-rails"
      ],
      "file_path": "./spec/functional_test/fixtures/crystal_kemal/src/testapp.cr",
      "line_number": 4,
      "extract": "  env.request.headers[\"x-api-key\"].as(String)"
    }
]
}

@hahwul
Refactor NoirRunner to include passive scan results and add OutputBui…
bb5776d 
…lderPassiveScan class

Signed-off-by: HAHWUL <hahwul@gmail.com>
@hahwul
Refactor NoirRunner to include passive scan results and add OutputBui…
44a06f4 
…lderPassiveScan class

Signed-off-by: HAHWUL <hahwul@gmail.com>
@hahwul
Refactor NoirRunner to include passive scan results and add OutputBui…
0e1b0a5 
…lderPassiveScan class

Signed-off-by: HAHWUL <hahwul@gmail.com>
@hahwul
Improve logger for PassiveScan
4542377 
Signed-off-by: HAHWUL <hahwul@gmail.com>
@hahwul
Copy link
Member Author

hahwul commented Sep 29, 2024

스크린샷 2024-09-29 오후 10 50 08

@hahwul
Fixed bug in condition and Add unit test codes
7131649 
Signed-off-by: HAHWUL <hahwul@gmail.com>
@github-actions github-actions bot added the 💊 spec Issue for test codes label Sep 29, 2024
@hahwul
📝 Update documents
1152583 
Signed-off-by: HAHWUL <hahwul@gmail.com>
@github-actions github-actions bot added the 📑 documentation Improvements or additions to documentation label Sep 29, 2024
@hahwul
📝 Update documents
e188bb5 
Signed-off-by: HAHWUL <hahwul@gmail.com>
@hahwul
Update
cdce0d4 
Signed-off-by: HAHWUL <hahwul@gmail.com>
@hahwul
Refactor code to highlight the SourceCode and Report components in th…
d986e32 
…e flowchart

Signed-off-by: HAHWUL <hahwul@gmail.com>
@hahwul
Copy link
Member Author

hahwul commented Sep 29, 2024

스크린샷 2024-09-29 오후 11 28 25

@hahwul hahwul marked this pull request as ready for review September 29, 2024 14:31
@hahwul
Update README
f413c20 
Signed-off-by: HAHWUL <hahwul@gmail.com>
@hahwul
Refactor severity color in OutputBuilderPassiveScan
22f2c4c 
Signed-off-by: HAHWUL <hahwul@gmail.com>
@hahwul
Copy link
Member Author

hahwul commented Sep 29, 2024

스크린샷 2024-09-29 오후 11 42 22

@hahwul hahwul merged commit cab41b7 into dev Sep 30, 2024
9 checks passed
@hahwul hahwul deleted the add-passive-scan branch September 30, 2024 09:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@hahwul hahwul

Labels
⛱️ config Issue for Configuration 🔎 detector Issue for Detector 📑 documentation Improvements or additions to documentation 🦺 github-action Issue for GitHub actions ⚙️ options Issue for options (flag) 📦 output-builder Issue for output builder (format) 🚔 passive-scan 💊 spec Issue for test codes 🛥️ workflow Issue for Workflows
Projects
None yet
Milestone
v0.18.0
Development

Successfully merging this pull request may close these issues.

Add Passive Scan
1 participant
@hahwul