🚓 Integrate a new Angular Client-Side Template Injection Scanner #216
Closed
<
973B
a class="StickyHeaderTitle-module__stickyTitleLink__ikD5_a6 prc-Link-Link-9ZwDx" href="#top">🚓 Integrate a new Angular Client-Side Template Injection Scanner#216
Description
New Scanner implementation request
Is your feature request related to a problem? Please describe.
Relates to our christmas poll: https://twitter.com/secureCodeBox/status/1327675728368967685
Describe the solution you'd like
ACSTIS helps you to scan certain web applications for AngularJS Client-Side Template Injection (sometimes referred to as CSTI, sandbox escape or sandbox bypass). It supports scanning a single request but also crawling the entire web application for the AngularJS CSTI vulnerability.
Describe alternatives you've considered
Additional context
Steps to implement a new scanner
- Create a new folder with the name of the scanner here
- Add a README.md and give a brief overview of the scanner and its configuration options.
- Implement a new scanner specific scan-type.yaml
- Implement a new scanner specific parse-definition.yaml
- Add (optional) some cascading-rules.yaml
- Add (optional) a Dockerfile for the scanner if there is no existing one publicly available on dockerHub
- Use the parser-SDK to implement a new findings parser (currently based on NodeJS)
- Add unit tests with at minimum 80% test coverage