(config: Config)
| 346 | } |
| 347 | |
| 348 | const validateConfig = (config: Config): void => { |
| 349 | if (!config || typeof config !== 'object') { |
| 350 | throw new PentestError( |
| 351 | 'Configuration must be a valid object', |
| 352 | 'config', |
| 353 | false, |
| 354 | {}, |
| 355 | ErrorCode.CONFIG_VALIDATION_FAILED, |
| 356 | ); |
| 357 | } |
| 358 | |
| 359 | if (Array.isArray(config)) { |
| 360 | throw new PentestError( |
| 361 | 'Configuration must be an object, not an array', |
| 362 | 'config', |
| 363 | false, |
| 364 | {}, |
| 365 | ErrorCode.CONFIG_VALIDATION_FAILED, |
| 366 | ); |
| 367 | } |
| 368 | |
| 369 | checkDeprecatedFields(config); |
| 370 | |
| 371 | const isValid = validateSchema(config); |
| 372 | if (!isValid) { |
| 373 | const errors = validateSchema.errors || []; |
| 374 | const errorMessages = formatAjvErrors(errors); |
| 375 | throw new PentestError( |
| 376 | `Configuration validation failed:\n - ${errorMessages.join('\n - ')}`, |
| 377 | 'config', |
| 378 | false, |
| 379 | { validationErrors: errorMessages }, |
| 380 | ErrorCode.CONFIG_VALIDATION_FAILED, |
| 381 | ); |
| 382 | } |
| 383 | |
| 384 | performSecurityValidation(config); |
| 385 | |
| 386 | const hasAnySteering = |
| 387 | !!config.rules || |
| 388 | !!config.authentication || |
| 389 | !!config.description || |
| 390 | !!config.vuln_classes || |
| 391 | config.exploit !== undefined || |
| 392 | !!config.report || |
| 393 | !!config.rules_of_engagement; |
| 394 | if (!hasAnySteering) { |
| 395 | console.warn('⚠️ Configuration file contains no steering fields. The pentest will run with all defaults.'); |
| 396 | } else if (config.rules && !config.rules.avoid && !config.rules.focus) { |
| 397 | console.warn('⚠️ Configuration file contains no rules. The pentest will run without any scoping restrictions.'); |
| 398 | } |
| 399 | }; |
| 400 | |
| 401 | const performSecurityValidation = (config: Config): void => { |
| 402 | if (config.authentication) { |
no test coverage detected