fix(scan): disallow setting the name longer than 200 characters (#82)

closes #65
NeuraLegion · May 16, 2022 · ecbd9b6 · ecbd9b6
1 parent 8b86a6d
commit ecbd9b6
Show file tree

Hide file tree

Showing 6 changed files with 48 additions and 5 deletions.
diff --git a/packages/runner/README.md b/packages/runner/README.md
@@ -80,7 +80,7 @@ Below you will find a list of parameters that can be used to configure a `Scan`:
 | `attackParamLocations` | Defines which part of the request to attack. By default, `body`, `query`, and `fragment`.                                                                                                     |
 | `slowEpTimeout`        | Skip entry-points that take longer to respond than specified ms value. By default, 1000ms.                                                                                                    |
 | `targetTimeout`        | Measure timeout responses from the target application globally, and stop the scan if the target is unresponsive for longer than the specified time. By default, 5s.                           |
-| `name`                 | The scan name. The endpoint by default, e.g. `GET https://example.com/`.                                                                                                                      |
+| `name`                 | The scan name. The method and hostname by default, e.g. `GET example.com`.                                                                                                                    |
 
 Finally, run a scan against your application:
 

diff --git a/packages/scan/README.md b/packages/scan/README.md
@@ -62,7 +62,7 @@ Below you will find a list of parameters that can be used to configure a `Scan`:
 | `attackParamLocations` | Defines which part of the request to attack. By default, `body`, `query`, and `fragment`.                                                                                                          |
 | `slowEpTimeout`        | Automatically validate entry-point response time before initiating the vulnerability testing, and reduce scan time by skipping any entry-points that take too long to respond. By default, 1000ms. |
 | `targetTimeout`        | Measure timeout responses from the target application globally, and stop the scan if the target is unresponsive for longer than the specified time. By default, 5s.                                |
-| `name`                 | The scan name. The endpoint by default, e.g. `GET https://example.com/`.                                                                                                                           |
+| `name`                 | The scan name. The method and hostname by default, e.g. `GET example.com`.                                                                                                                         |
 
 ### Defining a target for attack
 

diff --git a/packages/scan/src/ScanFactory.spec.ts b/packages/scan/src/ScanFactory.spec.ts
@@ -64,7 +64,7 @@ describe('ScanFactory', () => {
         mockedScans.createScan(
           objectContaining({
             fileId,
-            name: 'GET https://example.com/',
+            name: 'GET example.com',
             module: Module.DAST,
             discoveryTypes: [Discovery.ARCHIVE],
             tests: [TestType.DOM_XSS]

diff --git a/packages/scan/src/ScanSettings.spec.ts b/packages/scan/src/ScanSettings.spec.ts
@@ -1,5 +1,6 @@
 import { AttackParamLocation, TestType } from './models';
 import { ScanSettings, ScanSettingsOptions } from './ScanSettings';
+import { randomBytes } from 'crypto';
 
 describe('ScanSettings', () => {
   describe('constructor', () => {
@@ -131,7 +132,41 @@ describe('ScanSettings', () => {
 
       // assert
       expect(result).toMatchObject({
-        name: 'GET https://example.com/'
+        name: 'GET example.com'
+      });
+    });
+
+    it('should throw an error if name is greater than 200 characters', () => {
+      // arrange
+      const settings: ScanSettingsOptions = {
+        name: randomBytes(201).toString('hex'),
+        tests: [TestType.DOM_XSS],
+        target: { url: 'https://example.com' }
+      };
+
+      // act & assert
+      expect(() => new ScanSettings(settings)).toThrow(
+        'Name must be less than 200 characters'
+      );
+    });
+
+    it('should truncate a default name if hostname is greater than 200 characters', () => {
+      // arrange
+      const settings: ScanSettingsOptions = {
+        tests: [TestType.DOM_XSS],
+        target: {
+          url: `https://subdomain-${randomBytes(200).toString(
+            'hex'
+          )}.example.com`
+        }
+      };
+
+      // act
+      const result = new ScanSettings(settings);
+
+      // assert
+      expect(result).toMatchObject({
+        name: expect.stringMatching(/^.{1,200}$/)
       });
     });
   });

diff --git a/packages/scan/src/ScanSettings.ts b/packages/scan/src/ScanSettings.ts
@@ -34,6 +34,9 @@ export class ScanSettings implements ScanSettingsOptions {
   }
 
   private set name(value: string) {
+    if (value.length > 200) {
+      throw new Error('Name must be less than 200 characters.');
+    }
     this._name = value;
   }
 
@@ -176,7 +179,8 @@ export class ScanSettings implements ScanSettingsOptions {
   }: ScanSettingsOptions) {
     this.attackParamLocations = attackParamLocations;
     this.target = target;
-    this.name = name || `${this.target.method} ${this.target.url}`;
+    const { method, parsedURL } = this.target;
+    this.name = name || `${method} ${parsedURL.hostname}`.substring(0, 200);
     this.poolSize = poolSize;
     this.repeaterId = repeaterId;
     this.skipStaticParams = skipStaticParams;

diff --git a/packages/scan/src/target/Target.ts b/packages/scan/src/target/Target.ts
@@ -42,6 +42,10 @@ export class Target implements TargetOptions {
 
   private _parsedURL!: URL;
 
+  get parsedURL(): URL {
+    return this._parsedURL;
+  }
+
   private _url?: string;
 
   get url(): string {