@zerothreatai/vulnerability-registry 1.0.0

package/dist-cjs/error-codes.js

@@ -0,0 +1,315 @@
+"use strict";
+/**
+ * Vulnerability Registry - Error Codes
+ *
+ * Central enum containing all vulnerability error codes across all scanners.
+ * Each code maps to a complete VulnerabilityDefinition.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.VulnerabilityCode = void 0;
+var VulnerabilityCode;
+(function (VulnerabilityCode) {
+    // ========================================
+    // SQL INJECTION (SQLI_*)
+    // ========================================
+    VulnerabilityCode["SQLI_ERROR_BASED"] = "SQLI_ERROR_BASED";
+    VulnerabilityCode["SQLI_BOOLEAN_BASED"] = "SQLI_BOOLEAN_BASED";
+    VulnerabilityCode["SQLI_TIME_BASED"] = "SQLI_TIME_BASED";
+    VulnerabilityCode["SQLI_STACK_BASED"] = "SQLI_STACK_BASED";
+    VulnerabilityCode["SQLI_UNION_BASED"] = "SQLI_UNION_BASED";
+    // ========================================
+    // CROSS-SITE SCRIPTING (XSS_*)
+    // ========================================
+    VulnerabilityCode["XSS_REFLECTED"] = "XSS_REFLECTED";
+    VulnerabilityCode["XSS_STORED"] = "XSS_STORED";
+    VulnerabilityCode["XSS_DOM_BASED"] = "XSS_DOM_BASED";
+    VulnerabilityCode["XSS_SVG_INJECTION"] = "XSS_SVG_INJECTION";
+    VulnerabilityCode["XSS_CSTI_ANGULAR"] = "XSS_CSTI_ANGULAR";
+    VulnerabilityCode["XSS_CSTI_VUE"] = "XSS_CSTI_VUE";
+    VulnerabilityCode["XSS_EVENT_HANDLER"] = "XSS_EVENT_HANDLER";
+    VulnerabilityCode["XSS_SCRIPT_INJECTION"] = "XSS_SCRIPT_INJECTION";
+    VulnerabilityCode["XSS_HTML_INJECTION"] = "XSS_HTML_INJECTION";
+    VulnerabilityCode["XSS_ATTRIBUTE_INJECTION"] = "XSS_ATTRIBUTE_INJECTION";
+    VulnerabilityCode["XSS_JS_CONTEXT"] = "XSS_JS_CONTEXT";
+    VulnerabilityCode["XSS_CSS_INJECTION"] = "XSS_CSS_INJECTION";
+    VulnerabilityCode["XSS_CSP_BYPASS"] = "XSS_CSP_BYPASS";
+    VulnerabilityCode["XSS_TEMPLATE_LITERAL"] = "XSS_TEMPLATE_LITERAL";
+    VulnerabilityCode["XSS_MUTATION_BASED"] = "XSS_MUTATION_BASED";
+    // ========================================
+    // COMMAND INJECTION (CMDI_*)
+    // ========================================
+    VulnerabilityCode["CMDI_OOB_CONFIRMED"] = "CMDI_OOB_CONFIRMED";
+    VulnerabilityCode["CMDI_REFLECTED"] = "CMDI_REFLECTED";
+    VulnerabilityCode["CMDI_TIME_BASED"] = "CMDI_TIME_BASED";
+    VulnerabilityCode["CMDI_ERROR_BASED"] = "CMDI_ERROR_BASED";
+    // ========================================
+    // SERVER-SIDE REQUEST FORGERY (SSRF_*)
+    // ========================================
+    VulnerabilityCode["SSRF_CLOUD_METADATA"] = "SSRF_CLOUD_METADATA";
+    VulnerabilityCode["SSRF_INTERNAL_SERVICE"] = "SSRF_INTERNAL_SERVICE";
+    VulnerabilityCode["SSRF_PROTOCOL_SMUGGLING"] = "SSRF_PROTOCOL_SMUGGLING";
+    VulnerabilityCode["SSRF_BLIND_OOB"] = "SSRF_BLIND_OOB";
+    VulnerabilityCode["SSRF_FILTER_BYPASS"] = "SSRF_FILTER_BYPASS";
+    // ========================================
+    // SERVER-SIDE TEMPLATE INJECTION (SSTI_*)
+    // ========================================
+    VulnerabilityCode["SSTI_JINJA2"] = "SSTI_JINJA2";
+    VulnerabilityCode["SSTI_TWIG"] = "SSTI_TWIG";
+    VulnerabilityCode["SSTI_FREEMARKER"] = "SSTI_FREEMARKER";
+    VulnerabilityCode["SSTI_VELOCITY"] = "SSTI_VELOCITY";
+    VulnerabilityCode["SSTI_THYMELEAF"] = "SSTI_THYMELEAF";
+    VulnerabilityCode["SSTI_ERB"] = "SSTI_ERB";
+    VulnerabilityCode["SSTI_EJS"] = "SSTI_EJS";
+    VulnerabilityCode["SSTI_PUG"] = "SSTI_PUG";
+    VulnerabilityCode["SSTI_SMARTY"] = "SSTI_SMARTY";
+    VulnerabilityCode["SSTI_MAKO"] = "SSTI_MAKO";
+    VulnerabilityCode["SSTI_GENERIC"] = "SSTI_GENERIC";
+    // ========================================
+    // XML EXTERNAL ENTITY (XXE_*)
+    // ========================================
+    VulnerabilityCode["XXE_CLASSIC"] = "XXE_CLASSIC";
+    VulnerabilityCode["XXE_BLIND"] = "XXE_BLIND";
+    VulnerabilityCode["XXE_OOB"] = "XXE_OOB";
+    VulnerabilityCode["XXE_ERROR_BASED"] = "XXE_ERROR_BASED";
+    VulnerabilityCode["XXE_PARAMETER_ENTITY"] = "XXE_PARAMETER_ENTITY";
+    // ========================================
+    // XPATH INJECTION (XPATH_*)
+    // ========================================
+    VulnerabilityCode["XPATH_AUTH_BYPASS"] = "XPATH_AUTH_BYPASS";
+    VulnerabilityCode["XPATH_DATA_EXTRACTION"] = "XPATH_DATA_EXTRACTION";
+    VulnerabilityCode["XPATH_BLIND"] = "XPATH_BLIND";
+    VulnerabilityCode["XPATH_ERROR_BASED"] = "XPATH_ERROR_BASED";
+    // ========================================
+    // LOCAL FILE INCLUSION (LFI_*)
+    // ========================================
+    VulnerabilityCode["LFI_PATH_TRAVERSAL"] = "LFI_PATH_TRAVERSAL";
+    VulnerabilityCode["LFI_FILTER_BYPASS"] = "LFI_FILTER_BYPASS";
+    VulnerabilityCode["LFI_SOURCE_DISCLOSURE"] = "LFI_SOURCE_DISCLOSURE";
+    VulnerabilityCode["LFI_WRAPPER_PROTOCOL"] = "LFI_WRAPPER_PROTOCOL";
+    VulnerabilityCode["LFI_PROC_DISCLOSURE"] = "LFI_PROC_DISCLOSURE";
+    // ========================================
+    // JWT VULNERABILITIES (JWT_*)
+    // ========================================
+    VulnerabilityCode["JWT_NONE_ALGORITHM"] = "JWT_NONE_ALGORITHM";
+    VulnerabilityCode["JWT_WEAK_SECRET"] = "JWT_WEAK_SECRET";
+    VulnerabilityCode["JWT_KEY_CONFUSION"] = "JWT_KEY_CONFUSION";
+    VulnerabilityCode["JWT_EXPIRED_TOKEN"] = "JWT_EXPIRED_TOKEN";
+    VulnerabilityCode["JWT_MISSING_CLAIMS"] = "JWT_MISSING_CLAIMS";
+    VulnerabilityCode["JWT_CLAIM_TAMPERING"] = "JWT_CLAIM_TAMPERING";
+    VulnerabilityCode["JWT_KID_INJECTION"] = "JWT_KID_INJECTION";
+    VulnerabilityCode["JWT_JKU_INJECTION"] = "JWT_JKU_INJECTION";
+    VulnerabilityCode["JWT_EMBEDDED_JWK"] = "JWT_EMBEDDED_JWK";
+    VulnerabilityCode["JWT_X5C_INJECTION"] = "JWT_X5C_INJECTION";
+    // ========================================
+    // OPEN REDIRECT (REDIRECT_*)
+    // ========================================
+    VulnerabilityCode["REDIRECT_HEADER_INJECTION"] = "REDIRECT_HEADER_INJECTION";
+    VulnerabilityCode["REDIRECT_META_REFRESH"] = "REDIRECT_META_REFRESH";
+    VulnerabilityCode["REDIRECT_JS_NAVIGATION"] = "REDIRECT_JS_NAVIGATION";
+    // ========================================
+    // BROKEN ACCESS CONTROL (BAC_*)
+    // ========================================
+    VulnerabilityCode["BAC_ANONYMOUS_ACCESS"] = "BAC_ANONYMOUS_ACCESS";
+    VulnerabilityCode["BAC_HORIZONTAL_PRIVILEGE"] = "BAC_HORIZONTAL_PRIVILEGE";
+    VulnerabilityCode["BAC_VERTICAL_PRIVILEGE"] = "BAC_VERTICAL_PRIVILEGE";
+    VulnerabilityCode["BAC_IDOR"] = "BAC_IDOR";
+    // ========================================
+    // SECURITY HEADERS (HEADER_*)
+    // ========================================
+    VulnerabilityCode["HEADER_MISSING_CSP"] = "HEADER_MISSING_CSP";
+    VulnerabilityCode["HEADER_MISSING_HSTS"] = "HEADER_MISSING_HSTS";
+    VulnerabilityCode["HEADER_MISSING_XFRAME"] = "HEADER_MISSING_XFRAME";
+    VulnerabilityCode["HEADER_MISSING_XCONTENT_TYPE"] = "HEADER_MISSING_XCONTENT_TYPE";
+    VulnerabilityCode["HEADER_MISSING_XSS_PROTECTION"] = "HEADER_MISSING_XSS_PROTECTION";
+    VulnerabilityCode["HEADER_MISSING_REFERRER_POLICY"] = "HEADER_MISSING_REFERRER_POLICY";
+    VulnerabilityCode["HEADER_MISSING_PERMISSIONS_POLICY"] = "HEADER_MISSING_PERMISSIONS_POLICY";
+    VulnerabilityCode["HEADER_WEAK_CSP"] = "HEADER_WEAK_CSP";
+    VulnerabilityCode["HEADER_CORS_MISCONFIGURED"] = "HEADER_CORS_MISCONFIGURED";
+    VulnerabilityCode["HEADER_COEP_WITHOUT_COOP"] = "HEADER_COEP_WITHOUT_COOP";
+    VulnerabilityCode["HEADER_CORP_UNUSUAL"] = "HEADER_CORP_UNUSUAL";
+    VulnerabilityCode["HEADER_EXPECT_CT_PRESENT"] = "HEADER_EXPECT_CT_PRESENT";
+    VulnerabilityCode["HEADER_SERVER_HEADER_PRESENT"] = "HEADER_SERVER_HEADER_PRESENT";
+    VulnerabilityCode["HEADER_X_POWERED_BY_PRESENT"] = "HEADER_X_POWERED_BY_PRESENT";
+    VulnerabilityCode["HEADER_X_XSS_PROTECTION_ENABLED"] = "HEADER_X_XSS_PROTECTION_ENABLED";
+    VulnerabilityCode["COOKIE_SAMESITE_NONE_WITHOUT_SECURE"] = "COOKIE_SAMESITE_NONE_WITHOUT_SECURE";
+    VulnerabilityCode["COOKIE_SESSION_MISSING_SECURE"] = "COOKIE_SESSION_MISSING_SECURE";
+    VulnerabilityCode["COOKIE_MISSING_SECURE"] = "COOKIE_MISSING_SECURE";
+    VulnerabilityCode["COOKIE_SESSION_MISSING_HTTPONLY"] = "COOKIE_SESSION_MISSING_HTTPONLY";
+    VulnerabilityCode["COOKIE_MISSING_HTTPONLY"] = "COOKIE_MISSING_HTTPONLY";
+    VulnerabilityCode["COOKIE_MISSING_SAMESITE"] = "COOKIE_MISSING_SAMESITE";
+    VulnerabilityCode["COOKIE_HOST_PREFIX_INVALID"] = "COOKIE_HOST_PREFIX_INVALID";
+    VulnerabilityCode["COOKIE_SECURE_PREFIX_INVALID"] = "COOKIE_SECURE_PREFIX_INVALID";
+    VulnerabilityCode["HEADER_DRIFT_CSP"] = "HEADER_DRIFT_CSP";
+    VulnerabilityCode["HEADER_DRIFT_HSTS"] = "HEADER_DRIFT_HSTS";
+    VulnerabilityCode["HEADER_DRIFT_XCONTENT_TYPE"] = "HEADER_DRIFT_XCONTENT_TYPE";
+    VulnerabilityCode["HEADER_DRIFT_REFERRER_POLICY"] = "HEADER_DRIFT_REFERRER_POLICY";
+    VulnerabilityCode["HEADER_DRIFT_XFRAME"] = "HEADER_DRIFT_XFRAME";
+    VulnerabilityCode["HEADER_DRIFT_PERMISSIONS_POLICY"] = "HEADER_DRIFT_PERMISSIONS_POLICY";
+    VulnerabilityCode["HEADER_DRIFT_COOP"] = "HEADER_DRIFT_COOP";
+    VulnerabilityCode["HEADER_DRIFT_COEP"] = "HEADER_DRIFT_COEP";
+    VulnerabilityCode["HEADER_DRIFT_CORP"] = "HEADER_DRIFT_CORP";
+    // ========================================
+    // HOST HEADER INJECTION (HOST_*)
+    // ========================================
+    VulnerabilityCode["HOST_CACHE_POISONING"] = "HOST_CACHE_POISONING";
+    VulnerabilityCode["HOST_PASSWORD_RESET"] = "HOST_PASSWORD_RESET";
+    VulnerabilityCode["HOST_REDIRECT"] = "HOST_REDIRECT";
+    // ========================================
+    // DIRECTORY BROWSING (DIRBROWSE_*)
+    // ========================================
+    VulnerabilityCode["DIRBROWSE_ENABLED"] = "DIRBROWSE_ENABLED";
+    VulnerabilityCode["DIRBROWSE_SENSITIVE"] = "DIRBROWSE_SENSITIVE";
+    // ========================================
+    // MASS ASSIGNMENT (MASSASSIGN_*)
+    // ========================================
+    VulnerabilityCode["MASSASSIGN_PROTOTYPE_POLLUTION"] = "MASSASSIGN_PROTOTYPE_POLLUTION";
+    VulnerabilityCode["MASSASSIGN_ROLE_ESCALATION"] = "MASSASSIGN_ROLE_ESCALATION";
+    VulnerabilityCode["MASSASSIGN_HIDDEN_FIELD"] = "MASSASSIGN_HIDDEN_FIELD";
+    // ========================================
+    // DESERIALIZATION (DESER_*)
+    // ========================================
+    VulnerabilityCode["DESER_JAVA"] = "DESER_JAVA";
+    VulnerabilityCode["DESER_PHP"] = "DESER_PHP";
+    VulnerabilityCode["DESER_PYTHON"] = "DESER_PYTHON";
+    VulnerabilityCode["DESER_DOTNET"] = "DESER_DOTNET";
+    VulnerabilityCode["DESER_RUBY"] = "DESER_RUBY";
+    VulnerabilityCode["DESER_NODE"] = "DESER_NODE";
+    // ========================================
+    // SENSITIVE PATH SCOUT - CRITICAL (SENS_CRIT_*)
+    // ========================================
+    VulnerabilityCode["SENS_CRIT_AWS_CREDENTIALS"] = "SENS_CRIT_AWS_CREDENTIALS";
+    VulnerabilityCode["SENS_CRIT_SSH_PRIVATE_KEY"] = "SENS_CRIT_SSH_PRIVATE_KEY";
+    VulnerabilityCode["SENS_CRIT_SSL_PRIVATE_KEY"] = "SENS_CRIT_SSL_PRIVATE_KEY";
+    VulnerabilityCode["SENS_CRIT_RAILS_MASTER_KEY"] = "SENS_CRIT_RAILS_MASTER_KEY";
+    VulnerabilityCode["SENS_CRIT_TERRAFORM_STATE"] = "SENS_CRIT_TERRAFORM_STATE";
+    VulnerabilityCode["SENS_CRIT_FIREBASE_ADMIN_SDK"] = "SENS_CRIT_FIREBASE_ADMIN_SDK";
+    VulnerabilityCode["SENS_CRIT_KUBE_CONFIG"] = "SENS_CRIT_KUBE_CONFIG";
+    VulnerabilityCode["SENS_CRIT_AZURE_STORAGE_KEY"] = "SENS_CRIT_AZURE_STORAGE_KEY";
+    VulnerabilityCode["SENS_CRIT_CONSUL_KV"] = "SENS_CRIT_CONSUL_KV";
+    VulnerabilityCode["SENS_CRIT_VAULT_SECRET"] = "SENS_CRIT_VAULT_SECRET";
+    VulnerabilityCode["SENS_CRIT_DOCKER_SECRET"] = "SENS_CRIT_DOCKER_SECRET";
+    // ========================================
+    // SENSITIVE PATH SCOUT - HIGH (SENS_HIGH_*)
+    // ========================================
+    VulnerabilityCode["SENS_HIGH_GIT_EXPOSED"] = "SENS_HIGH_GIT_EXPOSED";
+    VulnerabilityCode["SENS_HIGH_GIT_CONFIG"] = "SENS_HIGH_GIT_CONFIG";
+    VulnerabilityCode["SENS_HIGH_WORDPRESS_CONFIG"] = "SENS_HIGH_WORDPRESS_CONFIG";
+    VulnerabilityCode["SENS_HIGH_SPRING_ACTUATOR"] = "SENS_HIGH_SPRING_ACTUATOR";
+    VulnerabilityCode["SENS_HIGH_SPRING_HEAPDUMP"] = "SENS_HIGH_SPRING_HEAPDUMP";
+    VulnerabilityCode["SENS_HIGH_DATABASE_BACKUP"] = "SENS_HIGH_DATABASE_BACKUP";
+    VulnerabilityCode["SENS_HIGH_PHPINFO"] = "SENS_HIGH_PHPINFO";
+    VulnerabilityCode["SENS_HIGH_LARAVEL_DEBUG"] = "SENS_HIGH_LARAVEL_DEBUG";
+    VulnerabilityCode["SENS_HIGH_GCP_SERVICE_ACCOUNT"] = "SENS_HIGH_GCP_SERVICE_ACCOUNT";
+    VulnerabilityCode["SENS_HIGH_GRAPHQL_INTROSPECTION"] = "SENS_HIGH_GRAPHQL_INTROSPECTION";
+    VulnerabilityCode["SENS_HIGH_PHPMYADMIN"] = "SENS_HIGH_PHPMYADMIN";
+    VulnerabilityCode["SENS_HIGH_MONGODB_CONFIG"] = "SENS_HIGH_MONGODB_CONFIG";
+    VulnerabilityCode["SENS_HIGH_JAVA_KEYSTORE"] = "SENS_HIGH_JAVA_KEYSTORE";
+    VulnerabilityCode["SENS_HIGH_PHP_SESSION"] = "SENS_HIGH_PHP_SESSION";
+    VulnerabilityCode["SENS_HIGH_ENV_FILE"] = "SENS_HIGH_ENV_FILE";
+    VulnerabilityCode["SENS_HIGH_BACKUP_FILE"] = "SENS_HIGH_BACKUP_FILE";
+    VulnerabilityCode["SENS_HIGH_HTPASSWD"] = "SENS_HIGH_HTPASSWD";
+    VulnerabilityCode["SENS_HIGH_DS_STORE"] = "SENS_HIGH_DS_STORE";
+    // ========================================
+    // SENSITIVE PATH SCOUT - MEDIUM (SENS_MED_*)
+    // ========================================
+    VulnerabilityCode["SENS_MED_SWAGGER_DOCS"] = "SENS_MED_SWAGGER_DOCS";
+    VulnerabilityCode["SENS_MED_APACHE_STATUS"] = "SENS_MED_APACHE_STATUS";
+    VulnerabilityCode["SENS_MED_PROMETHEUS_METRICS"] = "SENS_MED_PROMETHEUS_METRICS";
+    VulnerabilityCode["SENS_MED_DOCKERFILE"] = "SENS_MED_DOCKERFILE";
+    VulnerabilityCode["SENS_MED_FIREBASE_CONFIG"] = "SENS_MED_FIREBASE_CONFIG";
+    VulnerabilityCode["SENS_MED_SOURCE_MAP"] = "SENS_MED_SOURCE_MAP";
+    VulnerabilityCode["SENS_MED_ELASTICSEARCH"] = "SENS_MED_ELASTICSEARCH";
+    VulnerabilityCode["SENS_MED_ADMIN_PANEL"] = "SENS_MED_ADMIN_PANEL";
+    VulnerabilityCode["SENS_MED_COMPOSER_LOCK"] = "SENS_MED_COMPOSER_LOCK";
+    VulnerabilityCode["SENS_MED_PACKAGE_LOCK"] = "SENS_MED_PACKAGE_LOCK";
+    VulnerabilityCode["SENS_MED_GEMFILE_LOCK"] = "SENS_MED_GEMFILE_LOCK";
+    VulnerabilityCode["SENS_MED_ROBOTS_TXT"] = "SENS_MED_ROBOTS_TXT";
+    VulnerabilityCode["SENS_MED_SITEMAP"] = "SENS_MED_SITEMAP";
+    VulnerabilityCode["SENS_MED_CROSSDOMAIN_XML"] = "SENS_MED_CROSSDOMAIN_XML";
+    // ========================================
+    // SENSITIVE PATH SCOUT - LOW (SENS_LOW_*)
+    // ========================================
+    VulnerabilityCode["SENS_LOW_TRAVIS_CI"] = "SENS_LOW_TRAVIS_CI";
+    VulnerabilityCode["SENS_LOW_JENKINSFILE"] = "SENS_LOW_JENKINSFILE";
+    VulnerabilityCode["SENS_LOW_CIRCLECI"] = "SENS_LOW_CIRCLECI";
+    VulnerabilityCode["SENS_LOW_GITLAB_CI"] = "SENS_LOW_GITLAB_CI";
+    VulnerabilityCode["SENS_LOW_README"] = "SENS_LOW_README";
+    VulnerabilityCode["SENS_LOW_CHANGELOG"] = "SENS_LOW_CHANGELOG";
+    VulnerabilityCode["SENS_LOW_LICENSE"] = "SENS_LOW_LICENSE";
+    // ========================================
+    // SENSITIVE PATH SCOUT - EXTENDED
+    // ========================================
+    // HIGH
+    VulnerabilityCode["SENS_HIGH_WEB_SERVER_CONFIGURATION_FILE_DETECTED"] = "SENS_HIGH_WEB_SERVER_CONFIGURATION_FILE_DETECTED";
+    VulnerabilityCode["SENS_HIGH_APPSETTINGS_JSON_EXPOSED"] = "SENS_HIGH_APPSETTINGS_JSON_EXPOSED";
+    VulnerabilityCode["SENS_HIGH_SPRING_CONFIG_EXPOSED"] = "SENS_HIGH_SPRING_CONFIG_EXPOSED";
+    VulnerabilityCode["SENS_HIGH_NPMRC_EXPOSED"] = "SENS_HIGH_NPMRC_EXPOSED";
+    VulnerabilityCode["SENS_HIGH_RAILS_DATABASE_YML_EXPOSED"] = "SENS_HIGH_RAILS_DATABASE_YML_EXPOSED";
+    VulnerabilityCode["SENS_HIGH_DRUPAL_SETTINGS_PHP_EXPOSED"] = "SENS_HIGH_DRUPAL_SETTINGS_PHP_EXPOSED";
+    VulnerabilityCode["SENS_HIGH_MAGENTO_ENV_PHP_EXPOSED"] = "SENS_HIGH_MAGENTO_ENV_PHP_EXPOSED";
+    VulnerabilityCode["SENS_HIGH_JOLOKIA_EXPOSED"] = "SENS_HIGH_JOLOKIA_EXPOSED";
+    VulnerabilityCode["SENS_HIGH_SVN_WORKING_COPY_DATABASE_EXPOSED"] = "SENS_HIGH_SVN_WORKING_COPY_DATABASE_EXPOSED";
+    VulnerabilityCode["SENS_HIGH_SUBVERSION_REPOSITORY_DETECTED"] = "SENS_HIGH_SUBVERSION_REPOSITORY_DETECTED";
+    VulnerabilityCode["SENS_HIGH_SPRING_BOOT_THREAD_DUMP_EXPOSED"] = "SENS_HIGH_SPRING_BOOT_THREAD_DUMP_EXPOSED";
+    VulnerabilityCode["SENS_HIGH_REDIS_RDB_DUMP_DETECTED"] = "SENS_HIGH_REDIS_RDB_DUMP_DETECTED";
+    VulnerabilityCode["SENS_HIGH_TRACE_AXD"] = "SENS_HIGH_TRACE_AXD";
+    VulnerabilityCode["SENS_HIGH_ELMAH_AXD_EXPOSED"] = "SENS_HIGH_ELMAH_AXD_EXPOSED";
+    VulnerabilityCode["SENS_HIGH_SQLITE_DATABASE_DETECTED"] = "SENS_HIGH_SQLITE_DATABASE_DETECTED";
+    VulnerabilityCode["SENS_HIGH_AWS_CONFIG_EXPOSED"] = "SENS_HIGH_AWS_CONFIG_EXPOSED";
+    VulnerabilityCode["SENS_HIGH_AZURE_CREDENTIALS_EXPOSED"] = "SENS_HIGH_AZURE_CREDENTIALS_EXPOSED";
+    VulnerabilityCode["SENS_HIGH_HELM_VALUES_EXPOSED"] = "SENS_HIGH_HELM_VALUES_EXPOSED";
+    VulnerabilityCode["SENS_HIGH_TERRAFORM_VARS_EXPOSED"] = "SENS_HIGH_TERRAFORM_VARS_EXPOSED";
+    VulnerabilityCode["SENS_HIGH_LARAVEL_LOG_EXPOSED"] = "SENS_HIGH_LARAVEL_LOG_EXPOSED";
+    VulnerabilityCode["SENS_HIGH_WORD_PRESS_DEBUG_LOG_EXPOSED"] = "SENS_HIGH_WORD_PRESS_DEBUG_LOG_EXPOSED";
+    VulnerabilityCode["SENS_HIGH_ADMINER_EXPOSED"] = "SENS_HIGH_ADMINER_EXPOSED";
+    VulnerabilityCode["SENS_HIGH_DEBUG_ENDPOINT_EXPOSED"] = "SENS_HIGH_DEBUG_ENDPOINT_EXPOSED";
+    VulnerabilityCode["SENS_HIGH_GO_DEBUG_VARS_EXPOSED"] = "SENS_HIGH_GO_DEBUG_VARS_EXPOSED";
+    VulnerabilityCode["SENS_HIGH_GO_PPROF_EXPOSED"] = "SENS_HIGH_GO_PPROF_EXPOSED";
+    VulnerabilityCode["SENS_HIGH_AZURE_STORAGE_CONFIG_EXPOSED"] = "SENS_HIGH_AZURE_STORAGE_CONFIG_EXPOSED";
+    VulnerabilityCode["SENS_HIGH_MONGO_RC_EXPOSED"] = "SENS_HIGH_MONGO_RC_EXPOSED";
+    // MEDIUM
+    VulnerabilityCode["SENS_MED_UN_PROTECTED_CONFIG_JSON"] = "SENS_MED_UN_PROTECTED_CONFIG_JSON";
+    VulnerabilityCode["SENS_MED_MERCURIAL_REPOSITORY_FOUND"] = "SENS_MED_MERCURIAL_REPOSITORY_FOUND";
+    VulnerabilityCode["SENS_MED_MERCURIAL_HGRC_EXPOSED"] = "SENS_MED_MERCURIAL_HGRC_EXPOSED";
+    VulnerabilityCode["SENS_MED_CVS_ROOT_EXPOSED"] = "SENS_MED_CVS_ROOT_EXPOSED";
+    VulnerabilityCode["SENS_MED_CVS_ENTRIES_EXPOSED"] = "SENS_MED_CVS_ENTRIES_EXPOSED";
+    VulnerabilityCode["SENS_MED_BAZAAR_REPO_EXPOSED"] = "SENS_MED_BAZAAR_REPO_EXPOSED";
+    VulnerabilityCode["SENS_MED_DOCKER_COMPOSE_CONFIGURATION_DETECTED"] = "SENS_MED_DOCKER_COMPOSE_CONFIGURATION_DETECTED";
+    VulnerabilityCode["SENS_MED_LARAVEL_LOG_VIEWER_ENABLED"] = "SENS_MED_LARAVEL_LOG_VIEWER_ENABLED";
+    VulnerabilityCode["SENS_MED_APACHE_HTACCESS_FILE_DETECTED"] = "SENS_MED_APACHE_HTACCESS_FILE_DETECTED";
+    VulnerabilityCode["SENS_MED_APACHE_SERVER_INFO_EXPOSED"] = "SENS_MED_APACHE_SERVER_INFO_EXPOSED";
+    VulnerabilityCode["SENS_MED_PACKAGE_DEPENDENCIES_DETECTED"] = "SENS_MED_PACKAGE_DEPENDENCIES_DETECTED";
+    VulnerabilityCode["SENS_MED_PHP_COMPOSER_DEPENDENCIES_DETECTED"] = "SENS_MED_PHP_COMPOSER_DEPENDENCIES_DETECTED";
+    VulnerabilityCode["SENS_MED_SSH_PUBLIC_KEY_EXPOSED"] = "SENS_MED_SSH_PUBLIC_KEY_EXPOSED";
+    VulnerabilityCode["SENS_MED_SSL_CERTIFICATE_EXPOSED"] = "SENS_MED_SSL_CERTIFICATE_EXPOSED";
+    VulnerabilityCode["SENS_MED_GRAPH_QL_ENDPOINT_EXPOSED"] = "SENS_MED_GRAPH_QL_ENDPOINT_EXPOSED";
+    VulnerabilityCode["SENS_MED_GRAPHI_QL_EXPOSED"] = "SENS_MED_GRAPHI_QL_EXPOSED";
+    VulnerabilityCode["SENS_MED_TERRAFORM_LOCK_EXPOSED"] = "SENS_MED_TERRAFORM_LOCK_EXPOSED";
+    VulnerabilityCode["SENS_MED_ERROR_LOG_EXPOSED"] = "SENS_MED_ERROR_LOG_EXPOSED";
+    VulnerabilityCode["SENS_MED_ACCESS_LOG_EXPOSED"] = "SENS_MED_ACCESS_LOG_EXPOSED";
+    VulnerabilityCode["SENS_MED_DEBUG_LOG_EXPOSED"] = "SENS_MED_DEBUG_LOG_EXPOSED";
+    VulnerabilityCode["SENS_MED_APPLICATION_LOG_EXPOSED"] = "SENS_MED_APPLICATION_LOG_EXPOSED";
+    VulnerabilityCode["SENS_MED_WSDL_EXPOSED"] = "SENS_MED_WSDL_EXPOSED";
+    VulnerabilityCode["SENS_MED_WORD_PRESS_XML_RPC_EXPOSED"] = "SENS_MED_WORD_PRESS_XML_RPC_EXPOSED";
+    // LOW
+    VulnerabilityCode["SENS_LOW_TOML_PROJECT_FILE_EXPOSED"] = "SENS_LOW_TOML_PROJECT_FILE_EXPOSED";
+    VulnerabilityCode["SENS_LOW_ATLASSIAN_BITBUCKET_PIPELINES_CONFIGURATION_DETECTED"] = "SENS_LOW_ATLASSIAN_BITBUCKET_PIPELINES_CONFIGURATION_DETECTED";
+    VulnerabilityCode["SENS_LOW_AZURE_PIPELINES_CONFIGURATION_DETECTED"] = "SENS_LOW_AZURE_PIPELINES_CONFIGURATION_DETECTED";
+    VulnerabilityCode["SENS_LOW_AWS_CODE_BUILD_BUILDSPEC_DETECTED"] = "SENS_LOW_AWS_CODE_BUILD_BUILDSPEC_DETECTED";
+    VulnerabilityCode["SENS_LOW_GITHUB_ACTIONS_WORKFLOW_DETECTED"] = "SENS_LOW_GITHUB_ACTIONS_WORKFLOW_DETECTED";
+    VulnerabilityCode["SENS_LOW_PYTHON_REQUIREMENTS_DETECTED"] = "SENS_LOW_PYTHON_REQUIREMENTS_DETECTED";
+    VulnerabilityCode["SENS_LOW_TEST_ENDPOINT_EXPOSED"] = "SENS_LOW_TEST_ENDPOINT_EXPOSED";
+    VulnerabilityCode["SENS_LOW_STAGING_ENDPOINT_EXPOSED"] = "SENS_LOW_STAGING_ENDPOINT_EXPOSED";
+    VulnerabilityCode["SENS_LOW_EDITOR_BACKUP_FILE_DETECTED"] = "SENS_LOW_EDITOR_BACKUP_FILE_DETECTED";
+    VulnerabilityCode["SENS_LOW_VIM_SWAP_FILE_DETECTED"] = "SENS_LOW_VIM_SWAP_FILE_DETECTED";
+    VulnerabilityCode["SENS_LOW_DIRECTORY_LISTING_ENABLED"] = "SENS_LOW_DIRECTORY_LISTING_ENABLED";
+    VulnerabilityCode["SENS_LOW_AWSSAM_TEMPLATE_EXPOSED"] = "SENS_LOW_AWSSAM_TEMPLATE_EXPOSED";
+    VulnerabilityCode["SENS_LOW_SERVERLESS_CONFIG_EXPOSED"] = "SENS_LOW_SERVERLESS_CONFIG_EXPOSED";
+    VulnerabilityCode["SENS_LOW_CLOUD_FORMATION_TEMPLATE_EXPOSED"] = "SENS_LOW_CLOUD_FORMATION_TEMPLATE_EXPOSED";
+    // ========================================
+    // CLICKJACKING (CLICK_*)
+    // ========================================
+    VulnerabilityCode["CLICK_FRAMEABLE"] = "CLICK_FRAMEABLE";
+    VulnerabilityCode["CLICK_PARTIAL_PROTECTION"] = "CLICK_PARTIAL_PROTECTION";
+})(VulnerabilityCode || (exports.VulnerabilityCode = VulnerabilityCode = {}));
+exports.default = VulnerabilityCode;

package/dist-cjs/index.js

@@ -0,0 +1,107 @@
+"use strict";
+/**
+ * Vulnerability Registry - Main Entry Point
+ *
+ * Exports all vulnerability codes, definitions, and lookup utilities
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SENSITIVE_PATH_VULNERABILITIES = exports.CONFIG_VULNERABILITIES = exports.AUTH_VULNERABILITIES = exports.SSRF_VULNERABILITIES = exports.XSS_VULNERABILITIES = exports.INJECTION_VULNERABILITIES = exports.VulnerabilityCode = exports.VULNERABILITY_REGISTRY = void 0;
+exports.getVulnerabilityDefinition = getVulnerabilityDefinition;
+exports.getVulnerabilitiesByScanner = getVulnerabilitiesByScanner;
+exports.getVulnerabilitiesByCategory = getVulnerabilitiesByCategory;
+exports.getVulnerabilitiesBySeverity = getVulnerabilitiesBySeverity;
+exports.getAllVulnerabilityCodes = getAllVulnerabilityCodes;
+exports.getVulnerabilityCount = getVulnerabilityCount;
+exports.createFinding = createFinding;
+const error_codes_js_1 = require("./error-codes.js");
+// Import all category definitions
+const injection_js_1 = require("./categories/injection.js");
+Object.defineProperty(exports, "INJECTION_VULNERABILITIES", { enumerable: true, get: function () { return injection_js_1.INJECTION_VULNERABILITIES; } });
+const xss_js_1 = require("./categories/xss.js");
+Object.defineProperty(exports, "XSS_VULNERABILITIES", { enumerable: true, get: function () { return xss_js_1.XSS_VULNERABILITIES; } });
+const ssrf_js_1 = require("./categories/ssrf.js");
+Object.defineProperty(exports, "SSRF_VULNERABILITIES", { enumerable: true, get: function () { return ssrf_js_1.SSRF_VULNERABILITIES; } });
+const authentication_js_1 = require("./categories/authentication.js");
+Object.defineProperty(exports, "AUTH_VULNERABILITIES", { enumerable: true, get: function () { return authentication_js_1.AUTH_VULNERABILITIES; } });
+const configuration_js_1 = require("./categories/configuration.js");
+Object.defineProperty(exports, "CONFIG_VULNERABILITIES", { enumerable: true, get: function () { return configuration_js_1.CONFIG_VULNERABILITIES; } });
+const sensitive_paths_js_1 = require("./categories/sensitive-paths.js");
+Object.defineProperty(exports, "SENSITIVE_PATH_VULNERABILITIES", { enumerable: true, get: function () { return sensitive_paths_js_1.SENSITIVE_PATH_VULNERABILITIES; } });
+/**
+ * Complete vulnerability registry combining all categories
+ */
+exports.VULNERABILITY_REGISTRY = {
+    ...injection_js_1.INJECTION_VULNERABILITIES,
+    ...xss_js_1.XSS_VULNERABILITIES,
+    ...ssrf_js_1.SSRF_VULNERABILITIES,
+    ...authentication_js_1.AUTH_VULNERABILITIES,
+    ...configuration_js_1.CONFIG_VULNERABILITIES,
+    ...sensitive_paths_js_1.SENSITIVE_PATH_VULNERABILITIES,
+};
+/**
+ * Get vulnerability definition by code
+ */
+function getVulnerabilityDefinition(code) {
+    const definition = exports.VULNERABILITY_REGISTRY[code];
+    if (definition) {
+        return { found: true, definition };
+    }
+    return { found: false };
+}
+/**
+ * Get all vulnerabilities for a specific scanner
+ */
+function getVulnerabilitiesByScanner(scanner) {
+    return Object.values(exports.VULNERABILITY_REGISTRY).filter(v => v.scanner === scanner);
+}
+/**
+ * Get all vulnerabilities for a specific category
+ */
+function getVulnerabilitiesByCategory(category) {
+    return Object.values(exports.VULNERABILITY_REGISTRY).filter(v => v.category === category);
+}
+/**
+ * Get all vulnerabilities for a specific severity
+ */
+function getVulnerabilitiesBySeverity(severity) {
+    return Object.values(exports.VULNERABILITY_REGISTRY).filter(v => v.severity === severity);
+}
+/**
+ * Get all vulnerability codes
+ */
+function getAllVulnerabilityCodes() {
+    return Object.values(error_codes_js_1.VulnerabilityCode);
+}
+/**
+ * Get total count of registered vulnerabilities
+ */
+function getVulnerabilityCount() {
+    return Object.keys(exports.VULNERABILITY_REGISTRY).length;
+}
+/**
+ * Create a finding with vulnerability definition
+ */
+function createFinding(code, overrides) {
+    const lookup = getVulnerabilityDefinition(code);
+    if (!lookup.found || !lookup.definition) {
+        return null;
+    }
+    return {
+        ...lookup.definition,
+        ...overrides,
+    };
+}
+// Re-export all types and enums
+var error_codes_js_2 = require("./error-codes.js");
+Object.defineProperty(exports, "VulnerabilityCode", { enumerable: true, get: function () { return error_codes_js_2.VulnerabilityCode; } });
+exports.default = {
+    VulnerabilityCode: error_codes_js_1.VulnerabilityCode,
+    VULNERABILITY_REGISTRY: exports.VULNERABILITY_REGISTRY,
+    getVulnerabilityDefinition,
+    getVulnerabilitiesByScanner,
+    getVulnerabilitiesByCategory,
+    getVulnerabilitiesBySeverity,
+    getAllVulnerabilityCodes,
+    getVulnerabilityCount,
+    createFinding,
+};

package/dist-cjs/types.js

@@ -0,0 +1,7 @@
+"use strict";
+/**
+ * Vulnerability Registry - Core Types
+ *
+ * Central type definitions for all vulnerability definitions.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });

package/package.json

@@ -0,0 +1,35 @@
+{
+    "name": "@zerothreatai/vulnerability-registry",
+    "version": "1.0.0",
+    "description": "Centralized vulnerability definitions, CVSS scores, and references for ZeroThreat scanners",
+    "main": "dist/index.js",
+    "types": "dist/index.d.ts",
+    "type": "module",
+    "scripts": {
+        "build:esm": "tsc -p tsconfig.json",
+        "build:cjs": "tsc -p tsconfig.cjs.json",
+        "build": "npm run build:esm && npm run build:cjs",
+        "test": "vitest run"
+    },
+    "exports": {
+        ".": {
+            "types": "./dist/index.d.ts",
+            "import": "./dist/index.js",
+            "require": "./dist-cjs/index.js"
+        },
+        "./types": {
+            "types": "./dist/types.d.ts",
+            "import": "./dist/types.js",
+            "require": "./dist-cjs/types.js"
+        },
+        "./error-codes": {
+            "types": "./dist/error-codes.d.ts",
+            "import": "./dist/error-codes.js",
+            "require": "./dist-cjs/error-codes.js"
+        }
+    },
+    "devDependencies": {
+        "typescript": "^5.0.0",
+        "vitest": "^1.0.0"
+    }
+}

package/src/categories/authentication.d.ts

@@ -0,0 +1,8 @@
+/**
+ * Vulnerability Registry - Authentication & Access Control
+ *
+ * Definitions for JWT, Broken Access Control, and related issues
+ */
+import type { VulnerabilityDefinition } from '../types.js';
+export declare const AUTH_VULNERABILITIES: Record<string, VulnerabilityDefinition>;
+export default AUTH_VULNERABILITIES;

package/src/categories/authentication.d.ts.map

@@ -0,0 +1 @@
+{"version":3,"file":"authentication.d.ts","sourceRoot":"","sources":["authentication.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAGH,OAAO,KAAK,EAAE,uBAAuB,EAAE,MAAM,aAAa,CAAC;AAE3D,eAAO,MAAM,oBAAoB,EAAE,MAAM,CAAC,MAAM,EAAE,uBAAuB,CA+XxE,CAAC;AAEF,eAAe,oBAAoB,CAAC"}