Merge pull request #550 from AikidoSec/code-injection

Use code_injection instead of js_injection

Author: willem-delbare

library/agent/Attack.ts

@@ -4,7 +4,7 @@ export type Kind =
   | "shell_injection"
   | "path_traversal"
   | "ssrf"
-  | "js_injection";
+  | "code_injection";
 
 export function attackKindHumanName(kind: Kind) {
   switch (kind) {
@@ -18,7 +18,7 @@ export function attackKindHumanName(kind: Kind) {
       return "a path traversal attack";
     case "ssrf":
       return "a server-side request forgery";
-    case "js_injection":
+    case "code_injection":
       return "a JavaScript injection";
   }
 }

library/vulnerabilities/js-injection/checkContextForJsInjection.test.ts

@@ -23,11 +23,12 @@ t.test("it returns correct path", async () => {
     }),
     {
       operation: "eval",
-      kind: "js_injection",
+      kind: "code_injection",
       source: "body",
       pathsToPayload: [".calc"],
       metadata: {
-        js: "const x = 1 + 1; fetch();",
+        code: "const x = 1 + 1; fetch();",
+        language: "js",
       },
       payload: "1 + 1; fetch()",
     }

library/vulnerabilities/js-injection/checkContextForJsInjection.ts

@@ -28,11 +28,12 @@ export function checkContextForJsInjection({
       if (detectJsInjection(js, str)) {
         return {
           operation: operation,
-          kind: "js_injection",
+          kind: "code_injection",
           source: source,
           pathsToPayload: getPathsToPayload(str, context[source]),
           metadata: {
-            js: js,
+            language: "js",
+            code: js,
           },
           payload: str,
         };