Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We鈥檒l occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

馃殦 Integrate a new Angular Client-Side Template Injection Scanner #216

Closed
8 tasks
rseedorff opened this issue Nov 18, 2020 · 0 comments 路 Fixed by #248
Closed
8 tasks

馃殦 Integrate a new Angular Client-Side Template Injection Scanner #216

rseedorff opened this issue Nov 18, 2020 · 0 comments 路 Fixed by #248
Assignees
@fuhrmeistery @paulschmelzer
Labels
scanner Implement or update a security scanner
Projects
secureCodeBox v2

Comments

@rseedorff
Copy link
Member

rseedorff commented Nov 18, 2020
edited

New Scanner implementation request

Is your feature request related to a problem? Please describe.
Relates to our christmas poll: https://twitter.com/secureCodeBox/status/1327675728368967685

Describe the solution you'd like

ACSTIS helps you to scan certain web applications for AngularJS Client-Side Template Injection (sometimes referred to as CSTI, sandbox escape or sandbox bypass). It supports scanning a single request but also crawling the entire web application for the AngularJS CSTI vulnerability.

Describe alternatives you've considered

Additional context

Steps to implement a new scanner

  • Create a new folder with the name of the scanner here
  • Add a README.md and give a brief overview of the scanner and its configuration options.
  • Implement a new scanner specific scan-type.yaml
  • Implement a new scanner specific parse-definition.yaml
  • Add (optional) some cascading-rules.yaml
  • Add (optional) a Dockerfile for the scanner if there is no existing one publicly available on dockerHub
  • Use the parser-SDK to implement a new findings parser (currently based on NodeJS)
  • Add unit tests with at minimum 80% test coverage
@rseedorff rseedorff added the scanner Implement or update a security scanner label Nov 18, 2020
@rseedorff rseedorff added this to To do in secureCodeBox v2 via automation Nov 18, 2020
@paulschmelzer paulschmelzer moved this from To do to Implementation in secureCodeBox v2 Dec 8, 2020
@paulschmelzer paulschmelzer self-assigned this Dec 8, 2020
@paulschmelzer paulschmelzer linked a pull request Dec 14, 2020 that will close this issue
New Scanner: AngularJS CSTI Scanner (closes #216) #248
Merged
@J12934 J12934 moved this from In Progress to To Review in secureCodeBox v2 Jan 13, 2021
@fuhrmeistery fuhrmeistery moved this from To Review to In Progress in secureCodeBox v2 Feb 1, 2021
@fuhrmeistery fuhrmeistery self-assigned this Feb 1, 2021
@fuhrmeistery fuhrmeistery moved this from In Progress to To Review in secureCodeBox v2 Feb 1, 2021
@fuhrmeistery fuhrmeistery moved this from To Review to In Progress in secureCodeBox v2 Feb 3, 2021
@fuhrmeistery fuhrmeistery moved this from In Progress to To do in secureCodeBox v2 Feb 24, 2021
secureCodeBox v2 automation moved this from To do to Done Mar 8, 2021
J12934 added a commit that referenced this issue Mar 8, 2021
@J12934
Merge pull request #248 from secureCodeBox/scanner/acstis
fab01bd 
New Scanner: AngularJS CSTI Scanner (closes  #216)
@fuhrmeistery fuhrmeistery moved this from Done to counter in secureCodeBox v2 Mar 12, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@fuhrmeistery fuhrmeistery

@paulschmelzer paulschmelzer

Labels
scanner Implement or update a security scanner
Projects
No open projects
secureCodeBox v2
counter
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

New Scanner: AngularJS CSTI Scanner (closes #216) secureCodeBox/secureCodeBox
3 participants
@rseedorff @fuhrmeistery @paulschmelzer