Comments (7)
bararchy
commented on July 20, 2024
1
@jwoertink you can use xss instead of dom_xss.
We found an issue with scans longer then 10 minutes, I'm looking into it, we need to add a ping to our servers otherwise we decide the repeater is down.
@derevnjuk noticed this behavior
from sec-tester-cr.
bararchy
commented on July 20, 2024
@jwoertink I ran the whole spec suite now, and didn't see an issue.
I don't think there is some inherent issue.. I do know that dom_xss is for now disabled but I don't think this should have caused the Socket connection issue....
@derevnjuk any ideas?
from sec-tester-cr.
bararchy
commented on July 20, 2024
@jwoertink does it fail only on the head version of Crystal?
from sec-tester-cr.
jwoertink
commented on July 20, 2024
oh, do I need to remove dom_xss? Also, this is on latest, not head. So 1.10.1.
from sec-tester-cr.
jwoertink
commented on July 20, 2024
Just re-ran the spec and I got an email
Unfortunately, a problem occurred with scan
Please check the scan engine logs or contact support.
Error: The repeater has not been responding for 10 minutes. The scan has been disrupted.
from sec-tester-cr.
jwoertink
commented on July 20, 2024
Ran again, and it all passed... Could have been a fluke? Maybe the CI was having a Monday? 🤷♂️ I won't worry too much about it for now, but let me know about the dom_xss if I should remove it, and what other tests I might have to remove from default.
from sec-tester-cr.
bararchy
commented on July 20, 2024
Fixed via: ecb8f52
from sec-tester-cr.
Related Issues (13)
- Auto-generate Repeater ID if non is passed HOT 1
- Naming issue HOT 1
- Shard warning on Crystal 1.2.2 HOT 4
- replace nepxloit-cli repeater with native crystal logic HOT 1
- Check on compile time that nexploit-cli is available HOT 1
- Question: Should the credential validation be lazily evaluated? HOT 1
- Unexpected char 'F' when the API token is invalid HOT 2
- Add support for the `amazon_s3_takeover` test
- XSS test types changed, new stored_xss type introduced
- Support new `Prompt Injection` test
- Support new `CSS Injection` test
- Unable to cast Int64 to Float64 HOT 5
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from sec-tester-cr.