refactor: update injection display name and add max tokens docs
- Change agent prefix from [SQLi/Cmd] to [Injection] to reflect expanded scope - Add README documentation for CLAUDE_CODE_MAX_OUTPUT_TOKENS environment variable This update aligns the display naming with the expanded injection analysis scope that now covers SQLi, Command Injection, LFI/RFI, SSTI, Path Traversal, and Insecure Deserialization vulnerabilities. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This commit is contained in:
@@ -99,6 +99,16 @@ Shannon is available in two editions:
|
|||||||
|
|
||||||
You need either a **Claude Code OAuth token** or an **Anthropic API key** to run Shannon. Get your token from the [Anthropic Console](https://console.anthropic.com) and pass it to Docker via the `-e` flag.
|
You need either a **Claude Code OAuth token** or an **Anthropic API key** to run Shannon. Get your token from the [Anthropic Console](https://console.anthropic.com) and pass it to Docker via the `-e` flag.
|
||||||
|
|
||||||
|
### Environment Configuration (Optional)
|
||||||
|
|
||||||
|
To prevent Claude Code from hitting token limits during long report generation, set the max output tokens before running Shannon:
|
||||||
|
|
||||||
|
```bash
|
||||||
|
export CLAUDE_CODE_MAX_OUTPUT_TOKENS=64000
|
||||||
|
```
|
||||||
|
|
||||||
|
This is especially useful for extensive penetration testing reports or when analyzing large codebases.
|
||||||
|
|
||||||
### Quick Start with Docker
|
### Quick Start with Docker
|
||||||
|
|
||||||
#### Build the Container
|
#### Build the Container
|
||||||
|
|||||||
@@ -45,12 +45,12 @@ function summarizeTodoUpdate(input) {
|
|||||||
export function getAgentPrefix(description) {
|
export function getAgentPrefix(description) {
|
||||||
// Map agent names to their prefixes
|
// Map agent names to their prefixes
|
||||||
const agentPrefixes = {
|
const agentPrefixes = {
|
||||||
'injection-vuln': '[SQLi/Cmd]',
|
'injection-vuln': '[Injection]',
|
||||||
'xss-vuln': '[XSS]',
|
'xss-vuln': '[XSS]',
|
||||||
'auth-vuln': '[Auth]',
|
'auth-vuln': '[Auth]',
|
||||||
'authz-vuln': '[Authz]',
|
'authz-vuln': '[Authz]',
|
||||||
'ssrf-vuln': '[SSRF]',
|
'ssrf-vuln': '[SSRF]',
|
||||||
'injection-exploit': '[SQLi/Cmd]',
|
'injection-exploit': '[Injection]',
|
||||||
'xss-exploit': '[XSS]',
|
'xss-exploit': '[XSS]',
|
||||||
'auth-exploit': '[Auth]',
|
'auth-exploit': '[Auth]',
|
||||||
'authz-exploit': '[Authz]',
|
'authz-exploit': '[Authz]',
|
||||||
@@ -65,7 +65,7 @@ export function getAgentPrefix(description) {
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Fallback to partial matches for backwards compatibility
|
// Fallback to partial matches for backwards compatibility
|
||||||
if (description.includes('injection')) return '[SQLi/Cmd]';
|
if (description.includes('injection')) return '[Injection]';
|
||||||
if (description.includes('xss')) return '[XSS]';
|
if (description.includes('xss')) return '[XSS]';
|
||||||
if (description.includes('authz')) return '[Authz]'; // Check authz before auth
|
if (description.includes('authz')) return '[Authz]'; // Check authz before auth
|
||||||
if (description.includes('auth')) return '[Auth]';
|
if (description.includes('auth')) return '[Auth]';
|
||||||
|
|||||||
Reference in New Issue
Block a user