sitecheck
Version:
Open Source web application security scanner
423 lines (422 loc) • 15 kB
HTML
<html lang="en">
<head>
<title>Code coverage report for src\app.js</title>
<meta charset="utf-8" />
<link rel="stylesheet" href="../prettify.css" />
<link rel="stylesheet" href="../base.css" />
<meta name="viewport" content="width=device-width, initial-scale=1">
<style type='text/css'>
.coverage-summary .sorter {
background-image: url(../sort-arrow-sprite.png);
}
</style>
</head>
<body>
<div class='wrapper'>
<div class='pad1'>
<h1>
<a href="../index.html">all files</a> / <a href="index.html">src/</a> app.js
</h1>
<div class='clearfix'>
<div class='fl pad1y space-right2'>
<span class="strong">80% </span>
<span class="quiet">Statements</span>
<span class='fraction'>44/55</span>
</div>
<div class='fl pad1y space-right2'>
<span class="strong">50% </span>
<span class="quiet">Branches</span>
<span class='fraction'>8/16</span>
</div>
<div class='fl pad1y space-right2'>
<span class="strong">80% </span>
<span class="quiet">Functions</span>
<span class='fraction'>4/5</span>
</div>
<div class='fl pad1y space-right2'>
<span class="strong">83.02% </span>
<span class="quiet">Lines</span>
<span class='fraction'>44/53</span>
</div>
</div>
</div>
<div class='status-line high'></div>
<pre><table class="coverage">
<tr><td class="line-count quiet">1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120</td><td class="line-coverage quiet"><span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">2×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-no"> </span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-yes">2×</span>
<span class="cline-any cline-yes">2×</span>
<span class="cline-any cline-yes">2×</span>
<span class="cline-any cline-yes">2×</span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-yes">1×</span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-neutral"> </span>
<span class="cline-any cline-yes">1×</span></td><td class="text"><pre class="prettyprint lang-js">/**
* @license Apache-2.0
* Copyright (C) 2016 The Sitecheck Project
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
"use strict";
var winston = require("winston");
var Promise = require("bluebird");
var Target = require('./target.js');
var params = require('./params.js');
var CancellationToken = require('./cancellationToken.js');
const CONSTANTS = require("./constants.js");
var Issue = require('./issue.js');
winston.remove(winston.transports.Console);
winston.add(winston.transports.Console, {
handleExceptions: true, humanReadableUnhandledException: true
});
var targets = [];
/**
* Main function.
* Starts a scan.
* @param {Array} opts - An array of scan parameters.
* <ul>
* <li>config : path to config file.</li>
* <li>url : Url to scan. Mandatory unless defined in config file.</li>
* <li>checks : An array of check names. Check names must match names of js files in src/checks/**, without ".js". Mandatory unless defined in config file.</li>
* <li>allPages : true to scan all pages of website. Default is false.</li>
* <li>log : true to activate log to file. Default is false.</li>
* <li>silent : true to prevent console logs. Default is false.</li>
* <li>loglevel : sets log level. Possible values are "error", "warn", " ", "verbose", "debug", "silly". Default is "warn".</li>
* </ul>
* @param {function} endCallback - (err, data). data is an array of Issue(s).
* @param {function} progressCallback - (data). data is an object :
* { progress : float 0.0 - 1.0,
* targetProgress : float 0.0 - 1.0,
* issues : [array os Issue],
* targets : [array of Target] }
*/
function scan(opts, endCallback, progressCallback) {
params.gatherScanParams(opts);
var scanId = "";
targets.push(new Target(params.url, CONSTANTS.TARGETTYPE.PAGE));
targets.push(new Target(params.url, CONSTANTS.TARGETTYPE.SERVER));
targets[1].isDone = true;
let index = 0;
var ct = new CancellationToken();
// check targets SERIALLY and call cb after each one.
Promise.mapSeries(targets, function (target, index, length) {
if (target.isDone)
return;
return checkTarget(target, ct, progressCallback, index, length);
}).then(function () {
endCallback();
}).catch(<span class="fstat-no" title="function not covered" >function (data) {</span>
<span class="cstat-no" title="statement not covered" > if (data instanceof Error) <span class="cstat-no" title="statement not covered" >endCallback(data);</span></span>
else <span class="cstat-no" title="statement not covered" >endCallback(null, data);</span>
});
}
function checkTarget(target, cancellationToken, progressCallback, targetIndex, targetCount) {
let runningChecks = [];
let checksCount = params.checks.length;
let checksDone = 0;
for (let checkName of params.checks) {
let fileName = params.checkMap.get(checkName);
let Check = require(fileName);
let check = new Check(target);
<span class="missing-if-branch" title="else path not taken" >E</span>if (check.targetType == target.targetType) {
runningChecks.push(
check.check(cancellationToken).then(() => {
<span class="cstat-no" title="statement not covered" > checksDone++;</span>
<span class="cstat-no" title="statement not covered" > let curTargetProgress = checksDone / checksCount;</span>
<span class="cstat-no" title="statement not covered" > let overallProgress = (targetIndex + checksProgress) / checksProgress;</span>
<span class="cstat-no" title="statement not covered" > let progressData = {</span>
progress: targetsProgress,
targetProgress: curTargetProgress
}
<span class="cstat-no" title="statement not covered" > progressCallback(progress);</span>
<span class="cstat-no" title="statement not covered" > console.log("yipikaï !");</span>
}).catch((err) => {
checksDone++;
<span class="missing-if-branch" title="else path not taken" >E</span>if (err) {
<span class="missing-if-branch" title="if path not taken" >I</span>if (err instanceof Error) {
<span class="cstat-no" title="statement not covered" > console.log('Check "' + fileName + '" aborted.');</span>
} else <span class="missing-if-branch" title="else path not taken" >E</span>if (err instanceof Array) {
for (let a of err) {
<span class="missing-if-branch" title="else path not taken" >E</span>if (a instanceof Issue) {
let maybeFP = '';
<span class="missing-if-branch" title="if path not taken" >I</span>if (a.maybeFalsepositive) <span class="cstat-no" title="statement not covered" >maybeFP = " (may be false positive)";</span>
console.log("Issue : " + a.ref + " : " + a.errorContent + maybeFP);
}
}
}
}
}));
}
}
// Concurrency level can be managed by request option "pool: {maxSockets: Infinity}" (https://github.com/request/request#requestoptions-callback)
return Promise.all(runningChecks);
}
module.exports = { scan: scan };</pre></td></tr>
</table></pre>
<div class='push'></div><!-- for sticky footer -->
</div><!-- /wrapper -->
<div class='footer quiet pad2 space-top1 center small'>
Code coverage
generated by <a href="http://istanbul-js.org/" target="_blank">istanbul</a> at Thu Jan 12 2017 18:36:02 GMT+0100 (Paris, Madrid)
</div>
</div>
<script src="../prettify.js"></script>
<script>
window.onload = function () {
if (typeof prettyPrint === 'function') {
prettyPrint();
}
};
</script>
<script src="../sorter.js"></script>
</body>
</html>