add options to attack surface

chrisyoonullify · chrisyoonullify · commit 5b3bac61540c · 2025-02-10T17:03:41.000+11:00
diff --git a/examples/nullify.yaml b/examples/nullify.yaml
@@ -115,3 +115,7 @@ attack_surface:
   enable_dns_enumeration: false
   domain_names: [172.36.255.7,example.com]
   ignore_domain_names: []
+  path_prefixes: [/vuln]
+  ignore_methods: [POST,DELETE]
+  ignore_ports: [8080]
+  schemes: ["http","https"]
diff --git a/pkg/merger/merger_test.go b/pkg/merger/merger_test.go
@@ -338,10 +338,14 @@ func TestMergeConfigFiles(t *testing.T) {
 			name: "only global config for attack surface monitoring",
 			globalConfig: &models.Configuration{
 				AttackSurface: &models.AttackSurface{
-					Enable:             true,
+					Enable:               true,
 					EnableDNSEnumeration: true,
-					DomainNames:        []string{"example.com"},
-					IgnoreDomainNames:  []string{"example2.com"},
+					DomainNames:          []string{"example.com"},
+					IgnoreDomainNames:    []string{"example2.com"},
+					PathPrefixes:         []string{"/vuln"},
+					IgnoreMethods:        []string{"POST", "DELETE"},
+					IgnorePorts:          []int{8080},
+					Schemes:              []string{"http", "https"},
 				},
 			},
 			repoConfig: nil,
@@ -351,10 +355,14 @@ func TestMergeConfigFiles(t *testing.T) {
 				SeverityThreshold:        parser.DefaultSeverityThreshold,
 				PriorityThreshold:        parser.DefaultPriorityThreshold,
 				AttackSurface: &models.AttackSurface{
-					Enable:             true,
+					Enable:               true,
 					EnableDNSEnumeration: true,
-					DomainNames:        []string{"example.com"},
-					IgnoreDomainNames:  []string{"example2.com"},
+					DomainNames:          []string{"example.com"},
+					IgnoreDomainNames:    []string{"example2.com"},
+					PathPrefixes:         []string{"/vuln"},
+					IgnoreMethods:        []string{"POST", "DELETE"},
+					IgnorePorts:          []int{8080},
+					Schemes:              []string{"http", "https"},
 				},
 			},
 		},
diff --git a/pkg/models/attack_surface.go b/pkg/models/attack_surface.go
@@ -6,4 +6,8 @@ type AttackSurface struct {
 	EnableDNSEnumeration bool     `yaml:"enable_dns_enumeration"`
 	DomainNames          []string `yaml:"domain_names,omitempty"`
 	IgnoreDomainNames    []string `yaml:"ignore_domain_names,omitempty"`
+	PathPrefixes         []string `yaml:"path_prefixes,omitempty"`
+	IgnoreMethods        []string `yaml:"ignore_methods,omitempty"`
+	IgnorePorts          []int    `yaml:"ignore_ports,omitempty"`
+	Schemes              []string `yaml:"schemes"`
 }
diff --git a/tests/integration_test.go b/tests/integration_test.go
@@ -158,6 +158,10 @@ func TestIntegration(t *testing.T) {
 			EnableDNSEnumeration: true,
 			DomainNames:          []string{"172.36.255.7", "example.com"},
 			IgnoreDomainNames:    []string{"jira.example.com"},
+			PathPrefixes:         []string{"/vuln"},
+			IgnoreMethods:        []string{"POST", "DELETE"},
+			IgnorePorts:          []int{8080},
+			Schemes:              []string{"http", "https"},
 		},
 	}
 
diff --git a/tests/nullify.yaml b/tests/nullify.yaml
@@ -99,3 +99,7 @@ attack_surface:
   enable_dns_enumeration: true
   domain_names: [172.36.255.7,example.com]
   ignore_domain_names: [jira.example.com]
+  path_prefixes: [/vuln]
+  ignore_methods: [POST,DELETE]
+  ignore_ports: [8080]
+  schemes: ["http","https"]

Original file line number	Diff line number	Diff line change
`@@ -6,4 +6,8 @@ type AttackSurface struct {`
`6`	`6`	EnableDNSEnumeration bool `yaml:"enable_dns_enumeration"`
`7`	`7`	DomainNames []string `yaml:"domain_names,omitempty"`
`8`	`8`	IgnoreDomainNames []string `yaml:"ignore_domain_names,omitempty"`
	`9`	+ PathPrefixes []string `yaml:"path_prefixes,omitempty"`
	`10`	+ IgnoreMethods []string `yaml:"ignore_methods,omitempty"`
	`11`	+ IgnorePorts []int `yaml:"ignore_ports,omitempty"`
	`12`	+ Schemes []string `yaml:"schemes"`
`9`	`13`	`}`