Introduces GlobalChecks, closes #27 #36
Closed
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This pull introduces a new class of Checks called
GlobalChecks
. These non-standard checks are executed after the first round of standard Checks and they work on the array of issues generated by the first batch of Checks to determine further vulnerabilities or discard false positives.To do this, it is now possible for the standard checks to share an additional
properties
object when added to the initial issues array, that can later be used by anyGlobalCheck
to perform decisions. Using this class of checks provides an improved decisional process, which will come in handy in other checks that need to scan every JS/HTML of the target application before determining the presence or absence of a vulnerability (e.g. the Affinity check).These checks are located in
src/finder/checks/ComplexChecks/
and share a very similar loading mechanism to that of the standard checks.This pull request adds the first GlobalCheck ever, used to check for CSP. See the old PR #35 for more information.
This pull request adds positive/negative tests for HTML/JS CSP checks.