generated from stephendolan/lucky_jumpstart
-
-
Notifications
You must be signed in to change notification settings - Fork 2
/
security_spec.cr
125 lines (116 loc) · 4.59 KB
/
security_spec.cr
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
{% skip_file unless flag?(:with_sec_tests) %}
require "../spec_helper"
describe "SecTester" do
# Testing the auth page with SQLi attack
it "Testing sign_in page for SQLi, OSI, XSS attacks" do
with_cleanup(scanner) do
target = scanner.build_target(SignIns::Create) do |t|
t.body = "user%3Aemail=test%40test.com&user%3Apassword=1234"
end
scanner.run_check(
scan_name: "ref: #{ENV["GITHUB_REF"]?} commit: #{ENV["GITHUB_SHA"]?} run id: #{ENV["GITHUB_RUN_ID"]?}",
tests: [
"sqli",
"osi",
"xss",
],
target: target,
options: SecTester::Options.new(
project_id: "7Yx6ovyMj954WHcLvYyWzo",
)
)
end
end
# Testing the auth page with Dom XSS attack
it "Testing sign_in for dom based XSS" do
with_cleanup(scanner) do
target = scanner.build_target(SignIns::New)
scanner.run_check(
scan_name: "ref: #{ENV["GITHUB_REF"]?} commit: #{ENV["GITHUB_SHA"]?} run id: #{ENV["GITHUB_RUN_ID"]?}",
tests: "dom_xss",
target: target,
options: SecTester::Options.new(
project_id: "7Yx6ovyMj954WHcLvYyWzo",
)
)
end
end
# Testing the auth page with Headers Security attack
it "testing root for header security issues" do
with_cleanup(scanner) do
target = scanner.build_target
scanner.run_check(
scan_name: "ref: #{ENV["GITHUB_REF"]?} commit: #{ENV["GITHUB_SHA"]?} run id: #{ENV["GITHUB_RUN_ID"]?}",
tests: "header_security",
target: target,
severity_threshold: SecTester::Severity::Medium,
options: SecTester::Options.new(
project_id: "7Yx6ovyMj954WHcLvYyWzo",
)
)
end
end
# Testing the auth page with Cookies Security attack
it "testing root for cookie security issues" do
with_cleanup(scanner) do
target = scanner.build_target
scanner.run_check(
scan_name: "ref: #{ENV["GITHUB_REF"]?} commit: #{ENV["GITHUB_SHA"]?} run id: #{ENV["GITHUB_RUN_ID"]?}",
tests: "cookie_security",
target: target,
severity_threshold: SecTester::Severity::Medium,
options: SecTester::Options.new(
project_id: "7Yx6ovyMj954WHcLvYyWzo",
)
)
end
end
# Commented out TODO: Make this test work with proper path, now returns:
# Invalid URL passed to target: /js/app.js?id=5c5861fa202190088a1a (SecTester::Error)
# Testing JS file for 3rd party issues
# it "Tests /js/app.js for 3rd party issues" do
# with_cleanup(scanner) do
# # TODO: Need `scanner.build_target` to take a String
# # or something to be able to test things like this.
# # Or... maybe this is your escape hatch?
# target = SecTester::Target.new(Lucky::AssetHelpers.asset("js/app.js"))
# scanner.run_check(
# scan_name: "ref: #{ENV["GITHUB_REF"]?} commit: #{ENV["GITHUB_SHA"]?} run id: #{ENV["GITHUB_RUN_ID"]?}",
# tests: "retire_js",
# target: target
# )
# end
# end
it "tests API actions" do
with_cleanup(scanner) do
api_headers = HTTP::Headers{"Content-Type" => "application/json", "Accept" => "application/json"}
target = scanner.build_target(Api::SignIns::Create, headers: api_headers) do |t|
t.body = {"user" => {"email" => "[email protected]", "password" => "123456789"}}.to_json
end
scanner.run_check(
scan_name: "ref: #{ENV["GITHUB_REF"]?} commit: #{ENV["GITHUB_SHA"]?} run id: #{ENV["GITHUB_RUN_ID"]?}",
tests: [
"sqli", # Testing for SQL Injection issues (https://docs.neuralegion.com/docs/sql-injection)
"jwt", # Testing JWT usage (https://docs.neuralegion.com/docs/broken-jwt-authentication)
"xss", # Checking for Cross Site Scripting attacks (https://docs.neuralegion.com/docs/reflective-cross-site-scripting-rxss)
"ssrf", # Checking for SSRF (https://docs.neuralegion.com/docs/server-side-request-forgery-ssrf)
"proto_pollution", # Checking for proto pollution based vulnerabilities (https://docs.neuralegion.com/docs/prototype-pollution)
"full_path_disclosure", # Checking for full path disclourse on api error (https://docs.neuralegion.com/docs/full-path-disclosure)
],
target: target,
severity_threshold: SecTester::Severity::Medium,
options: SecTester::Options.new(
project_id: "7Yx6ovyMj954WHcLvYyWzo",
)
)
end
end
end
private def scanner
LuckySecTester.new
end
private def with_cleanup(tester : LuckySecTester)
yield
ensure
tester.try &.cleanup
end