diff --git a/examples/nullify.yaml b/examples/nullify.yaml index 4d99aa3..6840d80 100644 --- a/examples/nullify.yaml +++ b/examples/nullify.yaml @@ -113,11 +113,11 @@ integrations: attack_surface: enable: true enable_dns_enumeration: true - ip_addresses: [10.11.12.13, 10.0.0.1-254] - domain_names: [example.com, prod.hosting.com] + hosts: [example.com, prod.hosting.com, 10.11.12.13, 10.0.0.*] include_only: - - domain_names: [live.prod.hosting.com] + - hosts: [live.prod.hosting.com] http: + methods: [GET, POST] paths: [/main, /api/**/create] aws_integration: enable: true @@ -128,11 +128,11 @@ attack_surface: ignore: - http: methods: [DELETE] - - domain_names: [jira.example.com, "*.testing.example.com"] - - ip_addresses: [100.110.120.130] + - hosts: [jira.example.com, "*.testing.example.com"] + - hosts: [100.110.120.130] transport_protocols: [tcp] ports: [22, 8080, 9990-9999] - - domain_names: ["dev.*", "staging.*"] + - hosts: ["dev.*", "staging.*"] http: paths: [/auth] methods: [POST] diff --git a/pkg/merger/merger_test.go b/pkg/merger/merger_test.go index 2e2fa48..d88edc4 100644 --- a/pkg/merger/merger_test.go +++ b/pkg/merger/merger_test.go @@ -340,13 +340,13 @@ func TestMergeConfigFiles(t *testing.T) { AttackSurface: &models.AttackSurface{ Enable: true, EnableDNSEnumeration: true, - IPAddresses: []string{"10.11.12.13", "10.0.0.1-254"}, - DomainNames: []string{"example.com", "prod.hosting.com"}, + Hosts: []string{"example.com", "prod.hosting.com", "10.11.12.13", "10.0.0.*"}, IncludeOnly: []models.AttackSurfaceIncludeOnly{ { - DomainNames: []string{"live.prod.hosting.com"}, + Hosts: []string{"live.prod.hosting.com"}, HTTP: &models.HTTPAttackSurfaceIncludeOnly{ - Paths: []string{"/main", "/api/**/create"}, + Methods: []string{"GET", "POST"}, + Paths: []string{"/main", "/api/**/create"}, }, }, }, @@ -357,15 +357,15 @@ func TestMergeConfigFiles(t *testing.T) { }, }, { - DomainNames: []string{"jira.example.com", "*.testing.example.com"}, + Hosts: []string{"jira.example.com", "*.testing.example.com"}, }, { - IPAddresses: []string{"100.110.120.130"}, + Hosts: []string{"100.110.120.130"}, TransportProtocols: []string{"tcp"}, Ports: []string{"22", "8080", "9990-9999"}, }, { - DomainNames: []string{"dev.*", "staging.*"}, + Hosts: []string{"dev.*", "staging.*"}, HTTP: &models.HTTPAttackSurfaceIgnore{ Paths: []string{"/auth"}, Methods: []string{"POST"}, @@ -383,13 +383,13 @@ func TestMergeConfigFiles(t *testing.T) { AttackSurface: &models.AttackSurface{ Enable: true, EnableDNSEnumeration: true, - IPAddresses: []string{"10.11.12.13", "10.0.0.1-254"}, - DomainNames: []string{"example.com", "prod.hosting.com"}, + Hosts: []string{"example.com", "prod.hosting.com", "10.11.12.13", "10.0.0.*"}, IncludeOnly: []models.AttackSurfaceIncludeOnly{ { - DomainNames: []string{"live.prod.hosting.com"}, + Hosts: []string{"live.prod.hosting.com"}, HTTP: &models.HTTPAttackSurfaceIncludeOnly{ - Paths: []string{"/main", "/api/**/create"}, + Methods: []string{"GET", "POST"}, + Paths: []string{"/main", "/api/**/create"}, }, }, }, @@ -400,15 +400,15 @@ func TestMergeConfigFiles(t *testing.T) { }, }, { - DomainNames: []string{"jira.example.com", "*.testing.example.com"}, + Hosts: []string{"jira.example.com", "*.testing.example.com"}, }, { - IPAddresses: []string{"100.110.120.130"}, + Hosts: []string{"100.110.120.130"}, TransportProtocols: []string{"tcp"}, Ports: []string{"22", "8080", "9990-9999"}, }, { - DomainNames: []string{"dev.*", "staging.*"}, + Hosts: []string{"dev.*", "staging.*"}, HTTP: &models.HTTPAttackSurfaceIgnore{ Paths: []string{"/auth"}, Methods: []string{"POST"}, diff --git a/pkg/models/attack_surface.go b/pkg/models/attack_surface.go index 39a3806..597d310 100644 --- a/pkg/models/attack_surface.go +++ b/pkg/models/attack_surface.go @@ -5,8 +5,7 @@ type AttackSurface struct { Enable bool `yaml:"enable"` EnableDNSEnumeration bool `yaml:"enable_dns_enumeration"` AWSIntegration *AWSIntegration `yaml:"aws_integration"` - IPAddresses []string `yaml:"ip_addresses,omitempty"` - DomainNames []string `yaml:"domain_names,omitempty"` + Hosts []string `yaml:"hosts,omitempty"` IncludeOnly []AttackSurfaceIncludeOnly `yaml:"include_only,omitempty"` Ignore []AttackSurfaceIgnore `yaml:"ignore,omitempty"` } @@ -20,18 +19,18 @@ type AWSIntegration struct { } type AttackSurfaceIncludeOnly struct { - DomainNames []string `yaml:"domain_names,omitempty"` - HTTP *HTTPAttackSurfaceIncludeOnly `yaml:"http,omitempty"` + Hosts []string `yaml:"hosts,omitempty"` + HTTP *HTTPAttackSurfaceIncludeOnly `yaml:"http,omitempty"` } type HTTPAttackSurfaceIncludeOnly struct { - Paths []string `yaml:"paths,omitempty"` + Methods []string `yaml:"methods,omitempty"` + Paths []string `yaml:"paths,omitempty"` } type AttackSurfaceIgnore struct { // empty fields are equivalent to * - IPAddresses []string `yaml:"ip_addresses,omitempty"` - DomainNames []string `yaml:"domain_names,omitempty"` + Hosts []string `yaml:"hosts,omitempty"` TransportProtocols []string `yaml:"transport_protocols,omitempty"` Ports []string `yaml:"ports,omitempty"` HTTP *HTTPAttackSurfaceIgnore `yaml:"http,omitempty"` diff --git a/tests/integration_test.go b/tests/integration_test.go index 065ec28..b79a091 100644 --- a/tests/integration_test.go +++ b/tests/integration_test.go @@ -156,13 +156,13 @@ func TestIntegration(t *testing.T) { AttackSurface: &models.AttackSurface{ Enable: true, EnableDNSEnumeration: true, - IPAddresses: []string{"10.11.12.13", "10.0.0.1-254"}, - DomainNames: []string{"example.com", "prod.hosting.com"}, + Hosts: []string{"example.com", "prod.hosting.com", "10.11.12.13", "10.0.0.*"}, IncludeOnly: []models.AttackSurfaceIncludeOnly{ { - DomainNames: []string{"live.prod.hosting.com"}, + Hosts: []string{"live.prod.hosting.com"}, HTTP: &models.HTTPAttackSurfaceIncludeOnly{ - Paths: []string{"/main", "/api/**/create"}, + Methods: []string{"GET", "POST"}, + Paths: []string{"/main", "/api/**/create"}, }, }, }, @@ -173,15 +173,15 @@ func TestIntegration(t *testing.T) { }, }, { - DomainNames: []string{"jira.example.com", "*.testing.example.com"}, + Hosts: []string{"jira.example.com", "*.testing.example.com"}, }, { - IPAddresses: []string{"100.110.120.130"}, + Hosts: []string{"100.110.120.130"}, TransportProtocols: []string{"tcp"}, Ports: []string{"22", "8080", "9990-9999"}, }, { - DomainNames: []string{"dev.*", "staging.*"}, + Hosts: []string{"dev.*", "staging.*"}, HTTP: &models.HTTPAttackSurfaceIgnore{ Paths: []string{"/auth"}, Methods: []string{"POST"}, diff --git a/tests/nullify.yaml b/tests/nullify.yaml index 0231e47..95f7d7e 100644 --- a/tests/nullify.yaml +++ b/tests/nullify.yaml @@ -97,20 +97,20 @@ integrations: attack_surface: enable: true enable_dns_enumeration: true - ip_addresses: [10.11.12.13, 10.0.0.1-254] - domain_names: [example.com, prod.hosting.com] + hosts: [example.com, prod.hosting.com, 10.11.12.13, 10.0.0.*] include_only: - - domain_names: [live.prod.hosting.com] + - hosts: [live.prod.hosting.com] http: + methods: [GET, POST] paths: [/main, /api/**/create] ignore: - http: methods: [DELETE] - - domain_names: [jira.example.com, "*.testing.example.com"] - - ip_addresses: [100.110.120.130] + - hosts: [jira.example.com, "*.testing.example.com"] + - hosts: [100.110.120.130] transport_protocols: [tcp] ports: [22, 8080, 9990-9999] - - domain_names: ["dev.*", "staging.*"] + - hosts: ["dev.*", "staging.*"] http: paths: [/auth] methods: [POST]