report

package

v0.6.1 Latest Latest Go to latest Published: Jul 6, 2024 License: MIT Imports: 5 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/cerberauth/vulnapi

Links

Open Source Insights

Documentation ¶

Index ¶

type CAPEC
type CVSS
type CWE
type Classifications
type Issue
type OWASP
type Reporter
- func NewReporter() *Reporter
type ScanReport
- func NewScanReport(id string, name string, operaton *request.Operation) *ScanReport
type VulnerabilityReport
- func NewVulnerabilityReport(issue Issue) *VulnerabilityReport
type VulnerabilityReportStatus
type VulnerabilityScanAttempt

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CAPEC ¶ added in v0.6.1

type CAPEC string

const (
	CAPEC_31_Manipulating_HTTP_Cookies CAPEC = "CAPEC-31: Accessing/Intercepting/Modifying HTTP Cookies"
)

type CVSS ¶ added in v0.6.1

type CVSS struct {
	Version float64 `json:"version" yaml:"version"`
	Vector  string  `json:"vector" yaml:"vector"`
	Score   float64 `json:"score" yaml:"score"`
}

type CWE ¶ added in v0.6.1

type CWE string

const (
	CWE_16_Configuration CWE = "CWE-16: Configuration"

	CWE_345_Insufficient_Verification_Authenticity   CWE = "CWE-345: Insufficient Verification of Data Authenticity"
	CWE_489_Active_Debug_Code                        CWE = "CWE-489: Active Debug Code"
	CWE_613_Insufficient_Session_Expiration          CWE = "CWE-613: Insufficient Session Expiration"
	CWE_614_Sensitive_Cookie_Without_Secure_Flag     CWE = "CWE-614: Sensitive Cookie in HTTPS Session Without 'Secure' Attribute"
	CWE_942_Overly_Permissive_CORS_Policy            CWE = "CWE-942: Permissive Cross-domain Policy with Untrusted Domains"
	CWE_1004_Sensitive_Cookie_Without_Http_Only      CWE = "CWE-1004: Sensitive Cookie Without 'HttpOnly' Flag"
	CWE_1021_Improper_Restriction_Rendered_UI        CWE = "CWE-1021: Improper Restriction of Rendered UI Layers or Frames"
	CWE_1275_Sensitive_Cookie_With_Improper_SameSite CWE = "CWE-1275: Sensitive Cookie with Improper SameSite Attribute"
)

type Classifications ¶ added in v0.6.1

type Classifications struct {
	OWASP OWASP `json:"owasp,omitempty" yaml:"owasp,omitempty"`
	CWE   CWE   `json:"cwe,omitempty" yaml:"cwe,omitempty"`
	CAPEC CAPEC `json:"capec,omitempty" yaml:"capec,omitempty"`
}

type Issue ¶ added in v0.6.1

type Issue struct {
	ID   string `json:"id" yaml:"id"`
	Name string `json:"name" yaml:"name"`
	URL  string `json:"url" yaml:"url"`
	CVSS CVSS   `json:"cvss" yaml:"cvss"`

	Classifications *Classifications `json:"classifications,omitempty" yaml:"classifications,omitempty"`
}

type OWASP ¶ added in v0.6.1

type OWASP string

const (
	OWASP_2023_BOLA                            OWASP = "API1:2023 Broken Object Level Authorization"
	OWASP_2023_BrokenAuthentication            OWASP = "API2:2023 Broken Authentication"
	OWASP_2023_BOPL                            OWASP = "API3:2023 Broken Object Property Level Authorization"
	OWASP_2023_UnrestrictedResourceConsumption OWASP = "API4:2023 Unrestricted Resource Consumption"
	OWASP_2023_BFLA                            OWASP = "API5:2023 Broken Function Level Authorization"
	OWASP_2023_UnrestrictedAccessBusiness      OWASP = "API6:2023 Unrestricted Access to Sensitive Business Flows"
	OWASP_2023_SSRF                            OWASP = "API7:2023 Server Side Request Forgery"
	OWASP_2023_SecurityMisconfiguration        OWASP = "API8:2023 Security Misconfiguration"
	OWASP_2023_ImproperInventory               OWASP = "API9:2023 Improper Inventory Management"
	OWASP_2023_UnsafeConsumption               OWASP = "API10:2023 Unsafe Consumption of APIs"
)

type Reporter ¶

type Reporter struct {
	Reports []*ScanReport `json:"reports"`
}

func NewReporter ¶

func NewReporter() *Reporter

func (*Reporter) AddReport ¶

func (rr *Reporter) AddReport(r *ScanReport)

func (*Reporter) GetErrors ¶ added in v0.6.1

func (rr *Reporter) GetErrors() []error

func (*Reporter) GetFailedVulnerabilityReports ¶ added in v0.6.1

func (rr *Reporter) GetFailedVulnerabilityReports() []*VulnerabilityReport

func (*Reporter) GetReportByID ¶ added in v0.6.1

func (rr *Reporter) GetReportByID(id string) *ScanReport

func (*Reporter) GetReports ¶

func (rr *Reporter) GetReports() []*ScanReport

func (*Reporter) GetVulnerabilityReports ¶

func (rr *Reporter) GetVulnerabilityReports() []*VulnerabilityReport

func (*Reporter) HasHighRiskOrHigherSeverityVulnerability ¶ added in v0.6.1

func (rr *Reporter) HasHighRiskOrHigherSeverityVulnerability() bool

func (*Reporter) HasVulnerability ¶

func (rr *Reporter) HasVulnerability() bool

type ScanReport ¶

type ScanReport struct {
	ID        string    `json:"id"`
	Name      string    `json:"name"`
	StartTime time.Time `json:"start_time"`
	EndTime   time.Time `json:"end_time"`

	Operation *request.Operation `json:"operation"`

	Data  interface{}                 `json:"data" yaml:"data"`
	Scans []*VulnerabilityScanAttempt `json:"scans"`
	Vulns []*VulnerabilityReport      `json:"vulnerabilities"`
}

func NewScanReport ¶

func NewScanReport(id string, name string, operaton *request.Operation) *ScanReport

func (*ScanReport) AddScanAttempt ¶

func (sc *ScanReport) AddScanAttempt(a *VulnerabilityScanAttempt) *ScanReport

func (*ScanReport) AddVulnerabilityReport ¶

func (sc *ScanReport) AddVulnerabilityReport(vr *VulnerabilityReport) *ScanReport

func (*ScanReport) End ¶

func (sc *ScanReport) End() *ScanReport

func (*ScanReport) GetData ¶ added in v0.6.1

func (sc *ScanReport) GetData() interface{}

func (*ScanReport) GetErrors ¶ added in v0.6.1

func (sc *ScanReport) GetErrors() []error

func (*ScanReport) GetFailedVulnerabilityReports ¶ added in v0.6.1

func (sc *ScanReport) GetFailedVulnerabilityReports() []*VulnerabilityReport

func (*ScanReport) GetScanAttempts ¶

func (sc *ScanReport) GetScanAttempts() []*VulnerabilityScanAttempt

func (*ScanReport) GetVulnerabilityReports ¶

func (sc *ScanReport) GetVulnerabilityReports() []*VulnerabilityReport

func (*ScanReport) HasData ¶ added in v0.6.1

func (sc *ScanReport) HasData() bool

func (*ScanReport) HasFailedVulnerabilityReport ¶ added in v0.6.1

func (sc *ScanReport) HasFailedVulnerabilityReport() bool

func (*ScanReport) Start ¶

func (sc *ScanReport) Start() *ScanReport

func (*ScanReport) WithData ¶ added in v0.6.1

func (sc *ScanReport) WithData(data interface{}) *ScanReport

type VulnerabilityReport ¶

type VulnerabilityReport struct {
	Issue `json:",inline" yaml:",inline"`

	Operation      *request.Operation  `json:"operation" yaml:"operation"`
	SecurityScheme auth.SecurityScheme `json:"security_scheme" yaml:"security_scheme"`

	Status VulnerabilityReportStatus `json:"status" yaml:"status"`
}

func NewVulnerabilityReport ¶ added in v0.6.1

func NewVulnerabilityReport(issue Issue) *VulnerabilityReport

func (*VulnerabilityReport) Clone ¶ added in v0.6.1

func (vr *VulnerabilityReport) Clone() *VulnerabilityReport

func (*VulnerabilityReport) Fail ¶ added in v0.6.1

func (vr *VulnerabilityReport) Fail() *VulnerabilityReport

func (*VulnerabilityReport) HasBeenSkipped ¶ added in v0.6.1

func (vr *VulnerabilityReport) HasBeenSkipped() bool

func (*VulnerabilityReport) HasFailed ¶ added in v0.6.1

func (vr *VulnerabilityReport) HasFailed() bool

func (*VulnerabilityReport) HasPassed ¶ added in v0.6.1

func (vr *VulnerabilityReport) HasPassed() bool

func (*VulnerabilityReport) IsCriticalRiskSeverity ¶ added in v0.6.1

func (vr *VulnerabilityReport) IsCriticalRiskSeverity() bool

func (*VulnerabilityReport) IsHighRiskSeverity ¶

func (vr *VulnerabilityReport) IsHighRiskSeverity() bool

func (*VulnerabilityReport) IsInfoRiskSeverity ¶ added in v0.4.2

func (vr *VulnerabilityReport) IsInfoRiskSeverity() bool

func (*VulnerabilityReport) IsLowRiskSeverity ¶

func (vr *VulnerabilityReport) IsLowRiskSeverity() bool

func (*VulnerabilityReport) IsMediumRiskSeverity ¶

func (vr *VulnerabilityReport) IsMediumRiskSeverity() bool

func (*VulnerabilityReport) Pass ¶ added in v0.6.1

func (vr *VulnerabilityReport) Pass() *VulnerabilityReport

func (*VulnerabilityReport) SeverityLevelString ¶ added in v0.3.1

func (vr *VulnerabilityReport) SeverityLevelString() string

func (*VulnerabilityReport) Skip ¶ added in v0.6.1

func (vr *VulnerabilityReport) Skip() *VulnerabilityReport

func (*VulnerabilityReport) String ¶

func (vr *VulnerabilityReport) String() string

func (*VulnerabilityReport) WithBooleanStatus ¶ added in v0.6.1

func (vr *VulnerabilityReport) WithBooleanStatus(status bool) *VulnerabilityReport

func (*VulnerabilityReport) WithOperation ¶ added in v0.4.2

func (vr *VulnerabilityReport) WithOperation(operation *request.Operation) *VulnerabilityReport

func (*VulnerabilityReport) WithSecurityScheme ¶ added in v0.6.1

func (vr *VulnerabilityReport) WithSecurityScheme(ss auth.SecurityScheme) *VulnerabilityReport

func (*VulnerabilityReport) WithStatus ¶ added in v0.6.1

func (vr *VulnerabilityReport) WithStatus(status VulnerabilityReportStatus) *VulnerabilityReport

type VulnerabilityReportStatus ¶ added in v0.6.1

type VulnerabilityReportStatus string

const (
	VulnerabilityReportStatusPass VulnerabilityReportStatus = "pass"
	VulnerabilityReportStatusFail VulnerabilityReportStatus = "fail"
	VulnerabilityReportStatusSkip VulnerabilityReportStatus = "skip"
	VulnerabilityReportStatusNone VulnerabilityReportStatus = "none"
)

type VulnerabilityScanAttempt ¶

type VulnerabilityScanAttempt struct {
	Request  *http.Request  `json:"-"`
	Response *http.Response `json:"-"`

	Err error `json:"error"`
}

Source Files ¶

View all Source files

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL