Master ceb95d4

.github/workflows/azure-pipelines.yml

@@ -0,0 +1,20 @@
+# Node.js
+# Build a general Node.js project with npm.
+# Add steps that analyze code, save build artifacts, deploy, and more:
+# https://docs.microsoft.com/azure/devops/pipelines/languages/javascript
+
+  trigger:
+    - master
+
+  pool:
+    vmImage: ubuntu-latest
+
+  steps:
+    - task: NodeTool@0
+  inputs:
+    versionSpec: '10.x'
+  displayName: 'Install Node.js'
+    script: |
+           npm install
+           npm run build
+  displayName: 'npm install and build'

.github/workflows/defender-for-devops.yml

@@ -0,0 +1,50 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+#
+# Microsoft Security DevOps (MSDO) is a command line application which integrates static analysis tools into the development cycle.
+# MSDO installs, configures and runs the latest versions of static analysis tools
+# (including, but not limited to, SDL/security and compliance tools).
+#
+# The Microsoft Security DevOps action is currently in beta and runs on the windows-latest queue,
+# as well as Windows self hosted agents. ubuntu-latest support coming soon.
+#
+# For more information about the action , check out https://github.com/microsoft/security-devops-action
+#
+# Please note this workflow do not integrate your GitHub Org with Microsoft Defender For DevOps. You have to create an integration
+# and provide permission before this can report data back to azure.
+# Read the official documentation here : https://learn.microsoft.com/en-us/azure/defender-for-cloud/quickstart-onboard-github
+
+name: "Microsoft Defender for DevOps"
+
+permissions:
+  contents: read
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+  schedule:
+    - cron: '32 12 * * 5'
+
+jobs:
+  MSDO:
+    # currently only windows latest is supported
+    runs-on: windows-latest
+
+    steps:
+    - uses: actions/checkout@v4
+    - uses: actions/setup-dotnet@v4
+      with:
+        dotnet-version: |
+          5.0.x
+          6.0.x
+    - name: Run Microsoft Security DevOps
+      uses: microsoft/security-devops-action@v1.6.0
+      id: msdo
+    - name: Upload results to Security tab
+      uses: github/codeql-action/upload-sarif@v3
+      with:
+        sarif_file: ${{ steps.msdo.outputs.sarifFile }}

.github/workflows/neuralegion.yml

@@ -0,0 +1,177 @@
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+#
+# Run a Nexploit Scan
+# This action runs a new security scan in Nexploit, or reruns an existing one.
+# Build Secure Apps & APIs. Fast.
+# [NeuraLegion](https://www.neuralegion.com) is a powerful dynamic application & API security testing (DAST) platform that security teams trust and developers love.
+# Automatically Tests Every Aspect of Your Apps & APIs
+# Scans any target, whether Web Apps, APIs (REST. & SOAP, GraphQL & more), Web sockets or mobile, providing actionable reports
+# Seamlessly integrates with the Tools and Workflows You Already Use
+#
+# NeuraLegion works with your existing CI/CD pipelines – trigger scans on every commit, pull request or build with unit testing.
+# Spin-Up, Configure and Control Scans with Code
+# One file. One command. One scan. No UI needed.
+#
+# Super-Fast Scans
+#
+# Interacts with applications and APIs, instead of just crawling them and guessing.
+# Scans are fast as our AI-powered engine can understand application architecture and generate sophisticated and targeted attacks.
+#
+# No False Positives
+#
+# Stop chasing ghosts and wasting time. NeuraLegion doesn’t return false positives, so you can focus on releasing code.
+#
+# Comprehensive Security Testing
+#
+# NeuraLegion tests for all common vulnerabilities, such as SQL injection, CSRF, XSS, and XXE -- as well as uncommon vulnerabilities, such as business logic vulnerabilities.
+#
+# More information is available on NeuraLegion’s:
+# * [Website](https://www.neuralegion.com/)
+# * [Knowledge base](https://docs.neuralegion.com/docs/quickstart)
+# * [YouTube channel](https://www.youtube.com/channel/UCoIC0T1pmozq3eKLsUR2uUw)
+# * [GitHub Actions](https://github.com/marketplace?query=neuralegion+)
+#
+# Inputs
+#
+# `name`
+#
+# **Required**. Scan name.
+#
+# _Example:_ `name: GitHub scan ${{ github.sha }}`
+#
+# `api_token`
+#
+# **Required**. Your Nexploit API authorization token (key). You can generate it in the **Organization** section on [nexploit.app](https://nexploit.app/login). Find more information [here](https://kb.neuralegion.com/#/guide/np-web-ui/advanced-set-up/managing-org?id=managing-organization-apicli-authentication-tokens).
+#
+# _Example:_ `api_token: ${{ secrets.NEXPLOIT_TOKEN }}`
+#
+# `restart_scan`
+#
+# **Required** when restarting an existing scan by its ID. You can get the scan ID in the Scans section on [nexploit.app](https://nexploit.app/login).<br> Please make sure to only use the necessary parameters. Otherwise, you will get a response with the parameter usage requirements.
+#
+# _Example:_ `restart_scan: ai3LG8DmVn9Rn1YeqCNRGQ)`
+#
+# `discovery_types`
+#
+# **Required**. Array of discovery types. The following types are available:
+# * `archive` - uses an uploaded HAR-file for a scan
+# * `crawler` - uses a crawler to define the attack surface for a scan
+# * `oas` - uses an uploaded OpenAPI schema for a scan <br>
+# If no discovery type is specified, `crawler` is applied by default.
+#
+# _Example:_
+#
+# ```yml
+# discovery_types: |
+#   [ "crawler", "archive" ]
+# ```
+#
+# `file_id`
+#
+# **Required** if the discovery type is set to `archive` or `oas`. ID of a HAR-file or an OpenAPI schema you want to use for a scan. You can get the ID of an uploaded HAR-file or an OpenAPI schema in the **Storage** section on [nexploit.app](https://nexploit.app/login).
+#
+# _Example:_
+#
+# ```
+# FILE_ID=$(nexploit-cli archive:upload   \
+# --token ${{ secrets.NEXPLOIT_TOKEN }}   \
+# --discard true                          \
+# ./example.har)
+# ```
+#
+# `crawler_urls`
+#
+# **Required** if the discovery type is set to `crawler`. Target URLs to be used by the crawler to define the attack surface.
+#
+# _Example:_
+#
+# ```
+# crawler_urls: |
+#   [ "http://vulnerable-bank.com" ]
+# ```
+#
+# `hosts_filter`
+#
+# **Required** when the the discovery type is set to `archive`. Allows selecting specific hosts for a scan.
+#
+# Outputs
+#
+# `url`
+#
+# Url of the resulting scan
+#
+# `id`
+#
+# ID of the created scan. This ID could then be used to restart the scan, or for the following GitHub actions:
+# * [Nexploit Wait for Issues](https://github.com/marketplace/actions/nexploit-wait-for-issues)
+# * [Nexploit Stop Scan](https://github.com/marketplace/actions/nexploit-stop-scan)
+#
+# Example usage
+#
+# Start a new scan with parameters
+#
+# ```yml
+# steps:
+#     - name: Start Nexploit Scan
+#       id: start
+#       uses: NeuraLegion/run-scan@29ebd17b4fd6292ce7a238a59401668953b37fbe
+#       with:
+#         api_token: ${{ secrets.NEXPLOIT_TOKEN }}
+#         name: GitHub scan ${{ github.sha }}
+#         discovery_types: |
+#           [ "crawler", "archive" ]
+#         crawler_urls: |
+#           [ "http://vulnerable-bank.com" ]
+#         file_id: LiYknMYSdbSZbqgMaC9Sj
+#         hosts_filter: |
+#           [ ]
+#     - name: Get the output scan url
+#       run: echo "The scan was started on ${{ steps.start.outputs.url }}"
+# ```
+#
+# Restart an existing scan
+#
+# ```yml
+# steps:
+#     - name: Start Nexploit Scan
+#       id: start
+#       uses: NeuraLegion/run-scan@29ebd17b4fd6292ce7a238a59401668953b37fbe
+#       with:
+#         api_token: ${{ secrets.NEXPLOIT_TOKEN }}
+#         name: GitHub scan ${{ github.sha }}
+#         restart_scan: ai3LG8DmVn9Rn1YeqCNRGQ
+#     - name: Get the output scan url
+#       run: echo "The scan was started on ${{ steps.start.outputs.url }}"
+
+
+name: "NeuraLegion"
+
+on:
+  push:
+    branches: [ "master" ]
+  pull_request:
+    branches: [ "master" ]
+  schedule:
+    - cron: '31 8 * * 2'
+
+jobs:
+  neuralegion_scan:
+    runs-on: ubuntu-18.04
+    name: A job to run a Nexploit scan
+    permissions:
+      contents: read
+    steps:
+      - uses: actions/checkout@v4
+      - name: Start Nexploit Scan 🏁
+        id: start
+        uses: NeuraLegion/run-scan@29ebd17b4fd6292ce7a238a59401668953b37fbe
+        with:
+          api_token: ${{ secrets.NEURALEGION_TOKEN }}
+          name: GitHub scan ${{ github.sha }}
+          discovery_types: |
+            [ "crawler" ]
+          crawler_urls: |
+            [ "https://brokencrystals.com" ] # ✏️ Update this to the url you wish to scan

.gitignore

@@ -38,4 +38,7 @@ yarn-error.log*
 *.pem
 
 # Husky
-.husky/
+.husky/
+/lib/signals-implicit-mode/Counter
+/lib/signals-implicit-mode/lib/signals-implicit-mode
+.env*.local

.hintrc

@@ -0,0 +1,8 @@
+{
+  "extends": [
+    "development"
+  ],
+  "hints": {
+    "typescript-config/strict": "off"
+  }
+}