lucky_sec_tester
LuckySecTester is a thin wrapper around the Bright SecTester used to ensure a smooth Lucky integration.
Use this in your specs and CI to test security vulnerabilities.
Installation
-
Add the dependency to your
shard.yml
:development_dependencies: lucky_sec_tester: github: luckyframework/lucky_sec_tester
-
Run
shards install
Usage
Create a new file in spec/setup/sec_tester.cr
# spec/setup/sec_tester.cr
require "lucky_sec_tester"
LuckySecTester.configure do |settings|
# This is your API key
settings.bright_token = ENV["BRIGHT_TOKEN"]
# Your project ID which could be environment based, or for app specific
# if your company has many projects
settings.project_id = LuckyEnv.staging? "staging-id123" : "default-id123"
end
Next, you'll create your spec directory for all of your security tests. Since these tests will make external API calls, we can use a compiler flag to optionally enable them.
# spec/security_flows/security_spec.cr
{% skip_file unless flag?(:test_security) %}
require "../spec_helper"
describe "Security Testing" do
# TODO: ...
end
private def scanner
LuckySecTester.new
end
Development
TODO Write development instructions here
Contributing
- Fork it (https://github.com/luckyframework/lucky_sec_tester/fork)
- Create your feature branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add some feature'
) - Push to the branch (
git push origin my-new-feature
) - Create a new Pull Request
Contributors
- Jeremy Woertink - creator and maintainer