report

package
v0.8.5 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Dec 15, 2024 License: MIT Imports: 11 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var IssueReportStatuses = []IssueReportStatus{
	IssueReportStatusPassed,
	IssueReportStatusFailed,
	IssueReportStatusSkipped,
	IssueReportStatusNone,
}

Functions

This section is empty.

Types

type CAPEC added in v0.6.1 

type CAPEC string
const (
	CAPEC_31_Manipulating_HTTP_Cookies CAPEC = "CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies"
)

type CVSS added in v0.6.1 

type CVSS struct {
	Version float64 `json:"version" yaml:"version"`
	Vector  string  `json:"vector" yaml:"vector"`
	Score   float64 `json:"score" yaml:"score"`
}

type CWE added in v0.6.1 

type CWE string
const (
	CWE_16_Configuration CWE = "CWE-16: Configuration"

	CWE_287_Improper_Authentication                  CWE = "CWE-287: Improper Authentication"
	CWE_345_Insufficient_Verification_Authenticity   CWE = "CWE-345: Insufficient Verification of Data Authenticity"
	CWE_489_Active_Debug_Code                        CWE = "CWE-489: Active Debug Code"
	CWE_613_Insufficient_Session_Expiration          CWE = "CWE-613: Insufficient Session Expiration"
	CWE_614_Sensitive_Cookie_Without_Secure_Flag     CWE = "CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute"
	CWE_942_Overly_Permissive_CORS_Policy            CWE = "CWE-942: Permissive Cross-domain Policy with Untrusted Domains"
	CWE_1004_Sensitive_Cookie_Without_Http_Only      CWE = "CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag"
	CWE_1021_Improper_Restriction_Rendered_UI        CWE = "CWE-1021: Improper Restriction of Rendered UI Layers or Frames"
	CWE_1275_Sensitive_Cookie_With_Improper_SameSite CWE = "CWE-1275: Sensitive Cookie with Improper SameSite Attribute"
)

type Classifications added in v0.6.1 

type Classifications struct {
	OWASP OWASP `json:"owasp,omitempty" yaml:"owasp,omitempty"`
	CWE   CWE   `json:"cwe,omitempty" yaml:"cwe,omitempty"`
	CAPEC CAPEC `json:"capec,omitempty" yaml:"capec,omitempty"`
}

type CurlReport added in v0.8.2 

type CurlReport struct {
	Method  string         `json:"method" yaml:"method"`
	URL     string         `json:"url" yaml:"url"`
	Data    interface{}    `json:"data,omitempty" yaml:"data,omitempty"`
	Header  http.Header    `json:"headers,omitempty" yaml:"headers,omitempty"`
	Cookies []*http.Cookie `json:"cookies,omitempty" yaml:"cookies,omitempty"`

	SecuritySchemes []OperationSecurityScheme `json:"securitySchemes" yaml:"securitySchemes"`

	Issues []*IssueReport `json:"issues" yaml:"issues"`
}

func NewCurlReport added in v0.8.2 

func NewCurlReport(method string, url string, data interface{}, header http.Header, cookies []*http.Cookie, securitySchemes []*auth.SecurityScheme) *CurlReport

func (*CurlReport) AddReport added in v0.8.2 

func (cr *CurlReport) AddReport(r *ScanReport)

type GraphQLOperationReport added in v0.8.2 

type GraphQLOperationReport struct {
	ID   string   `json:"id" yaml:"id"`
	Tags []string `json:"tags" yaml:"tags"`

	SecuritySchemes []OperationSecurityScheme `json:"securitySchemes" yaml:"securitySchemes"`
	Issues          []*IssueReport            `json:"issues" yaml:"issues"`
}

func NewGraphQLOperationReport added in v0.8.2 

func NewGraphQLOperationReport() GraphQLOperationReport

type GraphQLOperationsMethods added in v0.8.2 

type GraphQLOperationsMethods map[string]GraphQLOperationReport

type GraphQLReport added in v0.8.2 

type GraphQLReport struct {
	URL string `json:"url" yaml:"url"`

	Queries   GraphQLOperationsMethods `json:"queries" yaml:"queries"`
	Mutations GraphQLOperationsMethods `json:"mutations" yaml:"mutations"`
}

func NewGraphQLReport added in v0.8.2 

func NewGraphQLReport(url string, securitySchemes []*auth.SecurityScheme) *GraphQLReport

func (*GraphQLReport) AddReport added in v0.8.2 

func (gr *GraphQLReport) AddReport(r *ScanReport)

type Issue added in v0.6.1 

type Issue struct {
	ID   string `json:"id" yaml:"id"`
	Name string `json:"name" yaml:"name"`
	URL  string `json:"url,omitempty" yaml:"url,omitempty"`
	CVSS CVSS   `json:"cvss" yaml:"cvss"`

	Classifications *Classifications `json:"classifications,omitempty" yaml:"classifications,omitempty"`
}

type IssueReport added in v0.8.2 

type IssueReport struct {
	Issue  `json:",inline" yaml:",inline"`
	Status IssueReportStatus `json:"status" yaml:"status"`

	Operation      *operation.Operation `json:"-" yaml:"-"`
	SecurityScheme *auth.SecurityScheme `json:"-" yaml:"-"`
}

func NewIssueReport added in v0.8.2 

func NewIssueReport(issue Issue) *IssueReport

func (*IssueReport) Clone added in v0.8.2 

func (vr *IssueReport) Clone() *IssueReport

func (*IssueReport) Fail added in v0.8.2 

func (vr *IssueReport) Fail() *IssueReport

func (*IssueReport) HasBeenSkipped added in v0.8.2 

func (vr *IssueReport) HasBeenSkipped() bool

func (*IssueReport) HasFailed added in v0.8.2 

func (vr *IssueReport) HasFailed() bool

func (*IssueReport) HasPassed added in v0.8.2 

func (vr *IssueReport) HasPassed() bool

func (*IssueReport) IsCriticalRiskSeverity added in v0.8.2 

func (vr *IssueReport) IsCriticalRiskSeverity() bool

func (*IssueReport) IsHighRiskSeverity added in v0.8.2 

func (vr *IssueReport) IsHighRiskSeverity() bool

func (*IssueReport) IsInfoRiskSeverity added in v0.8.2 

func (vr *IssueReport) IsInfoRiskSeverity() bool

func (*IssueReport) IsLowRiskSeverity added in v0.8.2 

func (vr *IssueReport) IsLowRiskSeverity() bool

func (*IssueReport) IsMediumRiskSeverity added in v0.8.2 

func (vr *IssueReport) IsMediumRiskSeverity() bool

func (*IssueReport) Pass added in v0.8.2 

func (vr *IssueReport) Pass() *IssueReport

func (*IssueReport) SeverityLevelString added in v0.8.2 

func (vr *IssueReport) SeverityLevelString() string

func (*IssueReport) Skip added in v0.8.2 

func (vr *IssueReport) Skip() *IssueReport

func (*IssueReport) String added in v0.8.2 

func (vr *IssueReport) String() string

func (*IssueReport) WithBooleanStatus added in v0.8.2 

func (vr *IssueReport) WithBooleanStatus(status bool) *IssueReport

func (*IssueReport) WithOperation added in v0.8.2 

func (vr *IssueReport) WithOperation(operation *operation.Operation) *IssueReport

func (*IssueReport) WithSecurityScheme added in v0.8.2 

func (vr *IssueReport) WithSecurityScheme(securityScheme *auth.SecurityScheme) *IssueReport

func (*IssueReport) WithStatus added in v0.8.2 

func (vr *IssueReport) WithStatus(status IssueReportStatus) *IssueReport

type IssueReportStatus added in v0.8.2 

type IssueReportStatus string
const (
	IssueReportStatusPassed  IssueReportStatus = "passed"
	IssueReportStatusFailed  IssueReportStatus = "failed"
	IssueReportStatusSkipped IssueReportStatus = "skipped"
	IssueReportStatusNone    IssueReportStatus = "none"
)

func (IssueReportStatus) String added in v0.8.2 

func (vrs IssueReportStatus) String() string

type OWASP added in v0.6.1 

type OWASP string
const (
	OWASP_2023_BOLA                            OWASP = "API1:2023 Broken Object Level Authorization"
	OWASP_2023_BrokenAuthentication            OWASP = "API2:2023 Broken Authentication"
	OWASP_2023_BOPL                            OWASP = "API3:2023 Broken Object Property Level Authorization"
	OWASP_2023_UnrestrictedResourceConsumption OWASP = "API4:2023 Unrestricted Resource Consumption"
	OWASP_2023_BFLA                            OWASP = "API5:2023 Broken Function Level Authorization"
	OWASP_2023_UnrestrictedAccessBusiness      OWASP = "API6:2023 Unrestricted Access to Sensitive Business Flows"
	OWASP_2023_SSRF                            OWASP = "API7:2023 Server Side Request Forgery"
	OWASP_2023_SecurityMisconfiguration        OWASP = "API8:2023 Security Misconfiguration"
	OWASP_2023_ImproperInventory               OWASP = "API9:2023 Improper Inventory Management"
	OWASP_2023_UnsafeConsumption               OWASP = "API10:2023 Unsafe Consumption of APIs"
)

type OpenAPIReport added in v0.8.2 

type OpenAPIReport struct {
	Paths OpenAPIReportPaths `json:"paths" yaml:"paths"`
}

func NewOpenAPIReport added in v0.8.2 

func NewOpenAPIReport(doc *openapi3.T, operations operation.Operations) *OpenAPIReport

func (*OpenAPIReport) AddReport added in v0.8.2 

func (or *OpenAPIReport) AddReport(r *ScanReport)

type OpenAPIReportMethods added in v0.8.2 

type OpenAPIReportMethods map[string]OpenAPIReportOperation

type OpenAPIReportOperation added in v0.8.2 

type OpenAPIReportOperation struct {
	ID   string   `json:"operationId" yaml:"operationId"`
	Tags []string `json:"tags,omitempty" yaml:"tags,omitempty"`

	SecuritySchemes []OperationSecurityScheme `json:"securitySchemes" yaml:"securitySchemes"`

	Issues []*IssueReport `json:"issues" yaml:"issues"`
}

func NewOpenAPIReportOperation added in v0.8.2 

func NewOpenAPIReportOperation(operation *openapi3.Operation, requestOperation *operation.Operation) OpenAPIReportOperation

type OpenAPIReportPaths added in v0.8.2 

type OpenAPIReportPaths map[string]OpenAPIReportMethods

type OperationSecurityScheme added in v0.8.2 

type OperationSecurityScheme struct {
	Type        auth.Type         `json:"type" yaml:"type"`
	Scheme      auth.SchemeName   `json:"scheme" yaml:"scheme"`
	In          *auth.SchemeIn    `json:"in" yaml:"in"`
	TokenFormat *auth.TokenFormat `json:"token_format" yaml:"token_format"`

	Name string `json:"name" yaml:"name"`
}

func NewOperationSecurityScheme added in v0.8.2 

func NewOperationSecurityScheme(securityScheme *auth.SecurityScheme) OperationSecurityScheme

type OptionsReport added in v0.8.2 

type OptionsReport struct{} // TODO

func NewOptionsReport added in v0.8.2 

func NewOptionsReport() OptionsReport

type Reporter 

type Reporter struct {
	Schema string `json:"$schema" yaml:"$schema"`

	Options     OptionsReport  `json:"options" yaml:"options"`
	Curl        *CurlReport    `json:"curl,omitempty" yaml:"curl,omitempty"`
	OpenAPI     *OpenAPIReport `json:"openapi,omitempty" yaml:"openapi,omitempty"`
	GraphQL     *GraphQLReport `json:"graphql,omitempty" yaml:"graphql,omitempty"`
	ScanReports []*ScanReport  `json:"reports" yaml:"reports"`
}

func NewReporter 

func NewReporter() *Reporter

func NewReporterWithCurl added in v0.8.2 

func NewReporterWithCurl(method string, url string, data interface{}, header http.Header, cookies []*http.Cookie, securitySchemes []*auth.SecurityScheme) *Reporter

func NewReporterWithGraphQL added in v0.8.2 

func NewReporterWithGraphQL(url string, securitySchemes []*auth.SecurityScheme) *Reporter

func NewReporterWithOpenAPIDoc added in v0.8.2 

func NewReporterWithOpenAPIDoc(openapi *openapi3.T, operations operation.Operations) *Reporter

func (*Reporter) AddReport 

func (rr *Reporter) AddReport(r *ScanReport)

func (*Reporter) GetErrors added in v0.6.1 

func (rr *Reporter) GetErrors() []error

func (*Reporter) GetFailedIssueReports added in v0.8.2 

func (rr *Reporter) GetFailedIssueReports() []*IssueReport

func (*Reporter) GetIssueReports added in v0.8.2 

func (rr *Reporter) GetIssueReports() []*IssueReport

func (*Reporter) GetReportsByIssueStatus added in v0.8.2 

func (rr *Reporter) GetReportsByIssueStatus(status IssueReportStatus) []*ScanReport

func (*Reporter) GetScanReportByID added in v0.8.2 

func (rr *Reporter) GetScanReportByID(id string) *ScanReport

func (*Reporter) GetScanReports added in v0.8.2 

func (rr *Reporter) GetScanReports() []*ScanReport

func (*Reporter) HasHighRiskOrHigherSeverityIssue added in v0.8.2 

func (rr *Reporter) HasHighRiskOrHigherSeverityIssue() bool

func (*Reporter) HasHigherThanSeverityThresholdIssue added in v0.8.2 

func (rr *Reporter) HasHigherThanSeverityThresholdIssue(threshold float64) bool

func (*Reporter) HasIssue added in v0.8.2 

func (rr *Reporter) HasIssue() bool

type ScanReport 

type ScanReport struct {
	ID        string    `json:"id" yaml:"id"`
	Name      string    `json:"name" yaml:"name"`
	StartTime time.Time `json:"startTime" yaml:"startTime"`
	EndTime   time.Time `json:"endTime,omitempty" yaml:"endTime,omitempty"`

	Operation *ScanReportOperation `json:"operation,omitempty" yaml:"operation,omitempty"`

	Data   interface{}      `json:"data,omitempty" yaml:"data,omitempty"`
	Scans  []ScanReportScan `json:"scans" yaml:"scans"`
	Issues []*IssueReport   `json:"issues" yaml:"issues"`
}

func NewScanReport 

func NewScanReport(id string, name string, operation *operation.Operation) *ScanReport

func (*ScanReport) AddIssueReport added in v0.8.2 

func (r *ScanReport) AddIssueReport(vr *IssueReport) *ScanReport

func (*ScanReport) AddScanAttempt 

func (r *ScanReport) AddScanAttempt(a *scan.IssueScanAttempt) *ScanReport

func (*ScanReport) End 

func (r *ScanReport) End() *ScanReport

func (*ScanReport) GetData added in v0.6.1 

func (r *ScanReport) GetData() interface{}

func (*ScanReport) GetErrors added in v0.6.1 

func (r *ScanReport) GetErrors() []error

func (*ScanReport) GetFailedIssueReports added in v0.8.2 

func (r *ScanReport) GetFailedIssueReports() []*IssueReport

func (*ScanReport) GetIssueReports added in v0.8.2 

func (r *ScanReport) GetIssueReports() []*IssueReport

func (*ScanReport) GetScanAttempts 

func (r *ScanReport) GetScanAttempts() []ScanReportScan

func (*ScanReport) HasData added in v0.6.1 

func (r *ScanReport) HasData() bool

func (*ScanReport) HasFailedIssueReport added in v0.8.2 

func (r *ScanReport) HasFailedIssueReport() bool

func (*ScanReport) Start 

func (r *ScanReport) Start() *ScanReport

func (*ScanReport) WithData added in v0.6.1 

func (r *ScanReport) WithData(data interface{}) *ScanReport

type ScanReportOperation added in v0.8.2 

type ScanReportOperation struct {
	ID string `json:"id" yaml:"id"`
}

type ScanReportRequest added in v0.8.2 

type ScanReportRequest struct {
	Method  string         `json:"method" yaml:"method"`
	URL     string         `json:"url" yaml:"url"`
	Body    *string        `json:"body,omitempty" yaml:"body,omitempty"`
	Cookies []*http.Cookie `json:"cookies,omitempty" yaml:"cookies,omitempty"`
	Header  http.Header    `json:"headers,omitempty" yaml:"headers,omitempty"`
}

type ScanReportResponse added in v0.8.2 

type ScanReportResponse struct {
	StatusCode int            `json:"statusCode" yaml:"statusCode"`
	Body       *string        `json:"body,omitempty" yaml:"body,omitempty"`
	Cookies    []*http.Cookie `json:"cookies,omitempty" yaml:"cookies,omitempty"`
	Header     http.Header    `json:"headers,omitempty" yaml:"headers,omitempty"`
}

type ScanReportScan added in v0.8.2 

type ScanReportScan struct {
	Request  *ScanReportRequest  `json:"request,omitempty" yaml:"request,omitempty"`
	Response *ScanReportResponse `json:"response,omitempty" yaml:"response,omitempty"`
	Err      error               `json:"error,omitempty" yaml:"error,omitempty"`
}

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.