Internals
Application data structure
.
APPDATA_PATH/
productN/
product-info.json
appN/
.sr_lock
app-info.json
r-<tool>-<ts>.json
...
scanN/
.scan_happened
sr.json
...Product metadata:
title: str
description: str
avail_to: list[email] # email: strApplication metadata:
title: str
description: str
type_: str # "WEB_APP" | "REST_API"json
// Scan-request JSON schema:
{
"type": "object",
"required": ["endpoints"],
"additionalProperties": false,
"properties": {
// What to scan
"endpoints": {"type": "array",
"items": {"type": "string"}},
// Additional headers e.g. for authorization or other specific needs
"headers": {"type": "array",
"items": {"type": "array", "minItems": 2, "maxItems": 2,
"prefixItems": [{"type": "string"},
{"type": "string"}]}},
// OpenAPI-specification (enables API-Fuzzing mode,
// of DAST-scan for web-app, when absent)
"oas": {"type": "object", "properties": {
"file": {"type": "string"},
"url": {"type": "string"}
}, "oneOf": [{"required": ["file"]},
{"required": ["url"]}]}
}
}