npm - @zerothreatai/vulnerability-registry - Versions diffs - 1.0.0 - Mend

@zerothreatai/vulnerability-registry 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (76) hide show

package/dist/categories/authentication.d.ts +8 -0
package/dist/categories/authentication.js +375 -0
package/dist/categories/configuration.d.ts +8 -0
package/dist/categories/configuration.js +903 -0
package/dist/categories/injection.d.ts +8 -0
package/dist/categories/injection.js +747 -0
package/dist/categories/sensitive-paths.d.ts +9 -0
package/dist/categories/sensitive-paths.js +1788 -0
package/dist/categories/ssrf.d.ts +8 -0
package/dist/categories/ssrf.js +247 -0
package/dist/categories/xss.d.ts +7 -0
package/dist/categories/xss.js +325 -0
package/dist/error-codes.d.ts +242 -0
package/dist/error-codes.js +312 -0
package/dist/index.d.ts +60 -0
package/dist/index.js +92 -0
package/dist/types.d.ts +86 -0
package/dist/types.js +6 -0
package/dist-cjs/categories/authentication.js +378 -0
package/dist-cjs/categories/configuration.js +906 -0
package/dist-cjs/categories/injection.js +750 -0
package/dist-cjs/categories/sensitive-paths.js +1791 -0
package/dist-cjs/categories/ssrf.js +250 -0
package/dist-cjs/categories/xss.js +328 -0
package/dist-cjs/error-codes.js +315 -0
package/dist-cjs/index.js +107 -0
package/dist-cjs/types.js +7 -0
package/package.json +35 -0
package/src/categories/authentication.d.ts +8 -0
package/src/categories/authentication.d.ts.map +1 -0
package/src/categories/authentication.js +378 -0
package/src/categories/authentication.js.map +1 -0
package/src/categories/authentication.ts +395 -0
package/src/categories/configuration.d.ts +8 -0
package/src/categories/configuration.d.ts.map +1 -0
package/src/categories/configuration.js +906 -0
package/src/categories/configuration.js.map +1 -0
package/src/categories/configuration.ts +948 -0
package/src/categories/injection.d.ts +8 -0
package/src/categories/injection.d.ts.map +1 -0
package/src/categories/injection.js +750 -0
package/src/categories/injection.js.map +1 -0
package/src/categories/injection.ts +785 -0
package/src/categories/sensitive-paths.d.ts +9 -0
package/src/categories/sensitive-paths.d.ts.map +1 -0
package/src/categories/sensitive-paths.js +1791 -0
package/src/categories/sensitive-paths.js.map +1 -0
package/src/categories/sensitive-paths.ts +1875 -0
package/src/categories/ssrf.d.ts +8 -0
package/src/categories/ssrf.d.ts.map +1 -0
package/src/categories/ssrf.js +250 -0
package/src/categories/ssrf.js.map +1 -0
package/src/categories/ssrf.ts +261 -0
package/src/categories/xss.d.ts +7 -0
package/src/categories/xss.d.ts.map +1 -0
package/src/categories/xss.js +328 -0
package/src/categories/xss.js.map +1 -0
package/src/categories/xss.ts +342 -0
package/src/error-codes.d.ts +242 -0
package/src/error-codes.d.ts.map +1 -0
package/src/error-codes.js +315 -0
package/src/error-codes.js.map +1 -0
package/src/error-codes.ts +334 -0
package/src/index.d.ts +60 -0
package/src/index.d.ts.map +1 -0
package/src/index.js +107 -0
package/src/index.js.map +1 -0
package/src/index.ts +126 -0
package/src/types.d.ts +86 -0
package/src/types.d.ts.map +1 -0
package/src/types.js +7 -0
package/src/types.js.map +1 -0
package/src/types.ts +109 -0
package/tsconfig.cjs.json +8 -0
package/tsconfig.json +21 -0
package/vulnerability-registry.zip +0 -0

package/src/error-codes.ts ADDED Viewed

@@ -0,0 +1,334 @@
+/**
+ * Vulnerability Registry - Error Codes
+ *
+ * Central enum containing all vulnerability error codes across all scanners.
+ * Each code maps to a complete VulnerabilityDefinition.
+ */
+export enum VulnerabilityCode {
+    // ========================================
+    // SQL INJECTION (SQLI_*)
+    // ========================================
+    SQLI_ERROR_BASED = 'SQLI_ERROR_BASED',
+    SQLI_BOOLEAN_BASED = 'SQLI_BOOLEAN_BASED',
+    SQLI_TIME_BASED = 'SQLI_TIME_BASED',
+    SQLI_STACK_BASED = 'SQLI_STACK_BASED',
+    SQLI_UNION_BASED = 'SQLI_UNION_BASED',
+    // ========================================
+    // CROSS-SITE SCRIPTING (XSS_*)
+    // ========================================
+    XSS_REFLECTED = 'XSS_REFLECTED',
+    XSS_STORED = 'XSS_STORED',
+    XSS_DOM_BASED = 'XSS_DOM_BASED',
+    XSS_SVG_INJECTION = 'XSS_SVG_INJECTION',
+    XSS_CSTI_ANGULAR = 'XSS_CSTI_ANGULAR',
+    XSS_CSTI_VUE = 'XSS_CSTI_VUE',
+    XSS_EVENT_HANDLER = 'XSS_EVENT_HANDLER',
+    XSS_SCRIPT_INJECTION = 'XSS_SCRIPT_INJECTION',
+    XSS_HTML_INJECTION = 'XSS_HTML_INJECTION',
+    XSS_ATTRIBUTE_INJECTION = 'XSS_ATTRIBUTE_INJECTION',
+    XSS_JS_CONTEXT = 'XSS_JS_CONTEXT',
+    XSS_CSS_INJECTION = 'XSS_CSS_INJECTION',
+    XSS_CSP_BYPASS = 'XSS_CSP_BYPASS',
+    XSS_TEMPLATE_LITERAL = 'XSS_TEMPLATE_LITERAL',
+    XSS_MUTATION_BASED = 'XSS_MUTATION_BASED',
+    // ========================================
+    // COMMAND INJECTION (CMDI_*)
+    // ========================================
+    CMDI_OOB_CONFIRMED = 'CMDI_OOB_CONFIRMED',
+    CMDI_REFLECTED = 'CMDI_REFLECTED',
+    CMDI_TIME_BASED = 'CMDI_TIME_BASED',
+    CMDI_ERROR_BASED = 'CMDI_ERROR_BASED',
+    // ========================================
+    // SERVER-SIDE REQUEST FORGERY (SSRF_*)
+    // ========================================
+    SSRF_CLOUD_METADATA = 'SSRF_CLOUD_METADATA',
+    SSRF_INTERNAL_SERVICE = 'SSRF_INTERNAL_SERVICE',
+    SSRF_PROTOCOL_SMUGGLING = 'SSRF_PROTOCOL_SMUGGLING',
+    SSRF_BLIND_OOB = 'SSRF_BLIND_OOB',
+    SSRF_FILTER_BYPASS = 'SSRF_FILTER_BYPASS',
+    // ========================================
+    // SERVER-SIDE TEMPLATE INJECTION (SSTI_*)
+    // ========================================
+    SSTI_JINJA2 = 'SSTI_JINJA2',
+    SSTI_TWIG = 'SSTI_TWIG',
+    SSTI_FREEMARKER = 'SSTI_FREEMARKER',
+    SSTI_VELOCITY = 'SSTI_VELOCITY',
+    SSTI_THYMELEAF = 'SSTI_THYMELEAF',
+    SSTI_ERB = 'SSTI_ERB',
+    SSTI_EJS = 'SSTI_EJS',
+    SSTI_PUG = 'SSTI_PUG',
+    SSTI_SMARTY = 'SSTI_SMARTY',
+    SSTI_MAKO = 'SSTI_MAKO',
+    SSTI_GENERIC = 'SSTI_GENERIC',
+    // ========================================
+    // XML EXTERNAL ENTITY (XXE_*)
+    // ========================================
+    XXE_CLASSIC = 'XXE_CLASSIC',
+    XXE_BLIND = 'XXE_BLIND',
+    XXE_OOB = 'XXE_OOB',
+    XXE_ERROR_BASED = 'XXE_ERROR_BASED',
+    XXE_PARAMETER_ENTITY = 'XXE_PARAMETER_ENTITY',
+    // ========================================
+    // XPATH INJECTION (XPATH_*)
+    // ========================================
+    XPATH_AUTH_BYPASS = 'XPATH_AUTH_BYPASS',
+    XPATH_DATA_EXTRACTION = 'XPATH_DATA_EXTRACTION',
+    XPATH_BLIND = 'XPATH_BLIND',
+    XPATH_ERROR_BASED = 'XPATH_ERROR_BASED',
+    // ========================================
+    // LOCAL FILE INCLUSION (LFI_*)
+    // ========================================
+    LFI_PATH_TRAVERSAL = 'LFI_PATH_TRAVERSAL',
+    LFI_FILTER_BYPASS = 'LFI_FILTER_BYPASS',
+    LFI_SOURCE_DISCLOSURE = 'LFI_SOURCE_DISCLOSURE',
+    LFI_WRAPPER_PROTOCOL = 'LFI_WRAPPER_PROTOCOL',
+    LFI_PROC_DISCLOSURE = 'LFI_PROC_DISCLOSURE',
+    // ========================================
+    // JWT VULNERABILITIES (JWT_*)
+    // ========================================
+    JWT_NONE_ALGORITHM = 'JWT_NONE_ALGORITHM',
+    JWT_WEAK_SECRET = 'JWT_WEAK_SECRET',
+    JWT_KEY_CONFUSION = 'JWT_KEY_CONFUSION',
+    JWT_EXPIRED_TOKEN = 'JWT_EXPIRED_TOKEN',
+    JWT_MISSING_CLAIMS = 'JWT_MISSING_CLAIMS',
+    JWT_CLAIM_TAMPERING = 'JWT_CLAIM_TAMPERING',
+    JWT_KID_INJECTION = 'JWT_KID_INJECTION',
+    JWT_JKU_INJECTION = 'JWT_JKU_INJECTION',
+    JWT_EMBEDDED_JWK = 'JWT_EMBEDDED_JWK',
+    JWT_X5C_INJECTION = 'JWT_X5C_INJECTION',
+    // ========================================
+    // OPEN REDIRECT (REDIRECT_*)
+    // ========================================
+    REDIRECT_HEADER_INJECTION = 'REDIRECT_HEADER_INJECTION',
+    REDIRECT_META_REFRESH = 'REDIRECT_META_REFRESH',
+    REDIRECT_JS_NAVIGATION = 'REDIRECT_JS_NAVIGATION',
+    // ========================================
+    // BROKEN ACCESS CONTROL (BAC_*)
+    // ========================================
+    BAC_ANONYMOUS_ACCESS = 'BAC_ANONYMOUS_ACCESS',
+    BAC_HORIZONTAL_PRIVILEGE = 'BAC_HORIZONTAL_PRIVILEGE',
+    BAC_VERTICAL_PRIVILEGE = 'BAC_VERTICAL_PRIVILEGE',
+    BAC_IDOR = 'BAC_IDOR',
+    // ========================================
+    // SECURITY HEADERS (HEADER_*)
+    // ========================================
+    HEADER_MISSING_CSP = 'HEADER_MISSING_CSP',
+    HEADER_MISSING_HSTS = 'HEADER_MISSING_HSTS',
+    HEADER_MISSING_XFRAME = 'HEADER_MISSING_XFRAME',
+    HEADER_MISSING_XCONTENT_TYPE = 'HEADER_MISSING_XCONTENT_TYPE',
+    HEADER_MISSING_XSS_PROTECTION = 'HEADER_MISSING_XSS_PROTECTION',
+    HEADER_MISSING_REFERRER_POLICY = 'HEADER_MISSING_REFERRER_POLICY',
+    HEADER_MISSING_PERMISSIONS_POLICY = 'HEADER_MISSING_PERMISSIONS_POLICY',
+    HEADER_WEAK_CSP = 'HEADER_WEAK_CSP',
+    HEADER_CORS_MISCONFIGURED = 'HEADER_CORS_MISCONFIGURED',
+    HEADER_COEP_WITHOUT_COOP = 'HEADER_COEP_WITHOUT_COOP',
+    HEADER_CORP_UNUSUAL = 'HEADER_CORP_UNUSUAL',
+    HEADER_EXPECT_CT_PRESENT = 'HEADER_EXPECT_CT_PRESENT',
+    HEADER_SERVER_HEADER_PRESENT = 'HEADER_SERVER_HEADER_PRESENT',
+    HEADER_X_POWERED_BY_PRESENT = 'HEADER_X_POWERED_BY_PRESENT',
+    HEADER_X_XSS_PROTECTION_ENABLED = 'HEADER_X_XSS_PROTECTION_ENABLED',
+    COOKIE_SAMESITE_NONE_WITHOUT_SECURE = 'COOKIE_SAMESITE_NONE_WITHOUT_SECURE',
+    COOKIE_SESSION_MISSING_SECURE = 'COOKIE_SESSION_MISSING_SECURE',
+    COOKIE_MISSING_SECURE = 'COOKIE_MISSING_SECURE',
+    COOKIE_SESSION_MISSING_HTTPONLY = 'COOKIE_SESSION_MISSING_HTTPONLY',
+    COOKIE_MISSING_HTTPONLY = 'COOKIE_MISSING_HTTPONLY',
+    COOKIE_MISSING_SAMESITE = 'COOKIE_MISSING_SAMESITE',
+    COOKIE_HOST_PREFIX_INVALID = 'COOKIE_HOST_PREFIX_INVALID',
+    COOKIE_SECURE_PREFIX_INVALID = 'COOKIE_SECURE_PREFIX_INVALID',
+    HEADER_DRIFT_CSP = 'HEADER_DRIFT_CSP',
+    HEADER_DRIFT_HSTS = 'HEADER_DRIFT_HSTS',
+    HEADER_DRIFT_XCONTENT_TYPE = 'HEADER_DRIFT_XCONTENT_TYPE',
+    HEADER_DRIFT_REFERRER_POLICY = 'HEADER_DRIFT_REFERRER_POLICY',
+    HEADER_DRIFT_XFRAME = 'HEADER_DRIFT_XFRAME',
+    HEADER_DRIFT_PERMISSIONS_POLICY = 'HEADER_DRIFT_PERMISSIONS_POLICY',
+    HEADER_DRIFT_COOP = 'HEADER_DRIFT_COOP',
+    HEADER_DRIFT_COEP = 'HEADER_DRIFT_COEP',
+    HEADER_DRIFT_CORP = 'HEADER_DRIFT_CORP',
+    // ========================================
+    // HOST HEADER INJECTION (HOST_*)
+    // ========================================
+    HOST_CACHE_POISONING = 'HOST_CACHE_POISONING',
+    HOST_PASSWORD_RESET = 'HOST_PASSWORD_RESET',
+    HOST_REDIRECT = 'HOST_REDIRECT',
+    // ========================================
+    // DIRECTORY BROWSING (DIRBROWSE_*)
+    // ========================================
+    DIRBROWSE_ENABLED = 'DIRBROWSE_ENABLED',
+    DIRBROWSE_SENSITIVE = 'DIRBROWSE_SENSITIVE',
+    // ========================================
+    // MASS ASSIGNMENT (MASSASSIGN_*)
+    // ========================================
+    MASSASSIGN_PROTOTYPE_POLLUTION = 'MASSASSIGN_PROTOTYPE_POLLUTION',
+    MASSASSIGN_ROLE_ESCALATION = 'MASSASSIGN_ROLE_ESCALATION',
+    MASSASSIGN_HIDDEN_FIELD = 'MASSASSIGN_HIDDEN_FIELD',
+    // ========================================
+    // DESERIALIZATION (DESER_*)
+    // ========================================
+    DESER_JAVA = 'DESER_JAVA',
+    DESER_PHP = 'DESER_PHP',
+    DESER_PYTHON = 'DESER_PYTHON',
+    DESER_DOTNET = 'DESER_DOTNET',
+    DESER_RUBY = 'DESER_RUBY',
+    DESER_NODE = 'DESER_NODE',
+    // ========================================
+    // SENSITIVE PATH SCOUT - CRITICAL (SENS_CRIT_*)
+    // ========================================
+    SENS_CRIT_AWS_CREDENTIALS = 'SENS_CRIT_AWS_CREDENTIALS',
+    SENS_CRIT_SSH_PRIVATE_KEY = 'SENS_CRIT_SSH_PRIVATE_KEY',
+    SENS_CRIT_SSL_PRIVATE_KEY = 'SENS_CRIT_SSL_PRIVATE_KEY',
+    SENS_CRIT_RAILS_MASTER_KEY = 'SENS_CRIT_RAILS_MASTER_KEY',
+    SENS_CRIT_TERRAFORM_STATE = 'SENS_CRIT_TERRAFORM_STATE',
+    SENS_CRIT_FIREBASE_ADMIN_SDK = 'SENS_CRIT_FIREBASE_ADMIN_SDK',
+    SENS_CRIT_KUBE_CONFIG = 'SENS_CRIT_KUBE_CONFIG',
+    SENS_CRIT_AZURE_STORAGE_KEY = 'SENS_CRIT_AZURE_STORAGE_KEY',
+    SENS_CRIT_CONSUL_KV = 'SENS_CRIT_CONSUL_KV',
+    SENS_CRIT_VAULT_SECRET = 'SENS_CRIT_VAULT_SECRET',
+    SENS_CRIT_DOCKER_SECRET = 'SENS_CRIT_DOCKER_SECRET',
+    // ========================================
+    // SENSITIVE PATH SCOUT - HIGH (SENS_HIGH_*)
+    // ========================================
+    SENS_HIGH_GIT_EXPOSED = 'SENS_HIGH_GIT_EXPOSED',
+    SENS_HIGH_GIT_CONFIG = 'SENS_HIGH_GIT_CONFIG',
+    SENS_HIGH_WORDPRESS_CONFIG = 'SENS_HIGH_WORDPRESS_CONFIG',
+    SENS_HIGH_SPRING_ACTUATOR = 'SENS_HIGH_SPRING_ACTUATOR',
+    SENS_HIGH_SPRING_HEAPDUMP = 'SENS_HIGH_SPRING_HEAPDUMP',
+    SENS_HIGH_DATABASE_BACKUP = 'SENS_HIGH_DATABASE_BACKUP',
+    SENS_HIGH_PHPINFO = 'SENS_HIGH_PHPINFO',
+    SENS_HIGH_LARAVEL_DEBUG = 'SENS_HIGH_LARAVEL_DEBUG',
+    SENS_HIGH_GCP_SERVICE_ACCOUNT = 'SENS_HIGH_GCP_SERVICE_ACCOUNT',
+    SENS_HIGH_GRAPHQL_INTROSPECTION = 'SENS_HIGH_GRAPHQL_INTROSPECTION',
+    SENS_HIGH_PHPMYADMIN = 'SENS_HIGH_PHPMYADMIN',
+    SENS_HIGH_MONGODB_CONFIG = 'SENS_HIGH_MONGODB_CONFIG',
+    SENS_HIGH_JAVA_KEYSTORE = 'SENS_HIGH_JAVA_KEYSTORE',
+    SENS_HIGH_PHP_SESSION = 'SENS_HIGH_PHP_SESSION',
+    SENS_HIGH_ENV_FILE = 'SENS_HIGH_ENV_FILE',
+    SENS_HIGH_BACKUP_FILE = 'SENS_HIGH_BACKUP_FILE',
+    SENS_HIGH_HTPASSWD = 'SENS_HIGH_HTPASSWD',
+    SENS_HIGH_DS_STORE = 'SENS_HIGH_DS_STORE',
+    // ========================================
+    // SENSITIVE PATH SCOUT - MEDIUM (SENS_MED_*)
+    // ========================================
+    SENS_MED_SWAGGER_DOCS = 'SENS_MED_SWAGGER_DOCS',
+    SENS_MED_APACHE_STATUS = 'SENS_MED_APACHE_STATUS',
+    SENS_MED_PROMETHEUS_METRICS = 'SENS_MED_PROMETHEUS_METRICS',
+    SENS_MED_DOCKERFILE = 'SENS_MED_DOCKERFILE',
+    SENS_MED_FIREBASE_CONFIG = 'SENS_MED_FIREBASE_CONFIG',
+    SENS_MED_SOURCE_MAP = 'SENS_MED_SOURCE_MAP',
+    SENS_MED_ELASTICSEARCH = 'SENS_MED_ELASTICSEARCH',
+    SENS_MED_ADMIN_PANEL = 'SENS_MED_ADMIN_PANEL',
+    SENS_MED_COMPOSER_LOCK = 'SENS_MED_COMPOSER_LOCK',
+    SENS_MED_PACKAGE_LOCK = 'SENS_MED_PACKAGE_LOCK',
+    SENS_MED_GEMFILE_LOCK = 'SENS_MED_GEMFILE_LOCK',
+    SENS_MED_ROBOTS_TXT = 'SENS_MED_ROBOTS_TXT',
+    SENS_MED_SITEMAP = 'SENS_MED_SITEMAP',
+    SENS_MED_CROSSDOMAIN_XML = 'SENS_MED_CROSSDOMAIN_XML',
+    // ========================================
+    // SENSITIVE PATH SCOUT - LOW (SENS_LOW_*)
+    // ========================================
+    SENS_LOW_TRAVIS_CI = 'SENS_LOW_TRAVIS_CI',
+    SENS_LOW_JENKINSFILE = 'SENS_LOW_JENKINSFILE',
+    SENS_LOW_CIRCLECI = 'SENS_LOW_CIRCLECI',
+    SENS_LOW_GITLAB_CI = 'SENS_LOW_GITLAB_CI',
+    SENS_LOW_README = 'SENS_LOW_README',
+    SENS_LOW_CHANGELOG = 'SENS_LOW_CHANGELOG',
+    SENS_LOW_LICENSE = 'SENS_LOW_LICENSE',
+    // ========================================
+    // SENSITIVE PATH SCOUT - EXTENDED
+    // ========================================
+    // HIGH
+    SENS_HIGH_WEB_SERVER_CONFIGURATION_FILE_DETECTED = 'SENS_HIGH_WEB_SERVER_CONFIGURATION_FILE_DETECTED',
+    SENS_HIGH_APPSETTINGS_JSON_EXPOSED = 'SENS_HIGH_APPSETTINGS_JSON_EXPOSED',
+    SENS_HIGH_SPRING_CONFIG_EXPOSED = 'SENS_HIGH_SPRING_CONFIG_EXPOSED',
+    SENS_HIGH_NPMRC_EXPOSED = 'SENS_HIGH_NPMRC_EXPOSED',
+    SENS_HIGH_RAILS_DATABASE_YML_EXPOSED = 'SENS_HIGH_RAILS_DATABASE_YML_EXPOSED',
+    SENS_HIGH_DRUPAL_SETTINGS_PHP_EXPOSED = 'SENS_HIGH_DRUPAL_SETTINGS_PHP_EXPOSED',
+    SENS_HIGH_MAGENTO_ENV_PHP_EXPOSED = 'SENS_HIGH_MAGENTO_ENV_PHP_EXPOSED',
+    SENS_HIGH_JOLOKIA_EXPOSED = 'SENS_HIGH_JOLOKIA_EXPOSED',
+    SENS_HIGH_SVN_WORKING_COPY_DATABASE_EXPOSED = 'SENS_HIGH_SVN_WORKING_COPY_DATABASE_EXPOSED',
+    SENS_HIGH_SUBVERSION_REPOSITORY_DETECTED = 'SENS_HIGH_SUBVERSION_REPOSITORY_DETECTED',
+    SENS_HIGH_SPRING_BOOT_THREAD_DUMP_EXPOSED = 'SENS_HIGH_SPRING_BOOT_THREAD_DUMP_EXPOSED',
+    SENS_HIGH_REDIS_RDB_DUMP_DETECTED = 'SENS_HIGH_REDIS_RDB_DUMP_DETECTED',
+    SENS_HIGH_TRACE_AXD = 'SENS_HIGH_TRACE_AXD',
+    SENS_HIGH_ELMAH_AXD_EXPOSED = 'SENS_HIGH_ELMAH_AXD_EXPOSED',
+    SENS_HIGH_SQLITE_DATABASE_DETECTED = 'SENS_HIGH_SQLITE_DATABASE_DETECTED',
+    SENS_HIGH_AWS_CONFIG_EXPOSED = 'SENS_HIGH_AWS_CONFIG_EXPOSED',
+    SENS_HIGH_AZURE_CREDENTIALS_EXPOSED = 'SENS_HIGH_AZURE_CREDENTIALS_EXPOSED',
+    SENS_HIGH_HELM_VALUES_EXPOSED = 'SENS_HIGH_HELM_VALUES_EXPOSED',
+    SENS_HIGH_TERRAFORM_VARS_EXPOSED = 'SENS_HIGH_TERRAFORM_VARS_EXPOSED',
+    SENS_HIGH_LARAVEL_LOG_EXPOSED = 'SENS_HIGH_LARAVEL_LOG_EXPOSED',
+    SENS_HIGH_WORD_PRESS_DEBUG_LOG_EXPOSED = 'SENS_HIGH_WORD_PRESS_DEBUG_LOG_EXPOSED',
+    SENS_HIGH_ADMINER_EXPOSED = 'SENS_HIGH_ADMINER_EXPOSED',
+    SENS_HIGH_DEBUG_ENDPOINT_EXPOSED = 'SENS_HIGH_DEBUG_ENDPOINT_EXPOSED',
+    SENS_HIGH_GO_DEBUG_VARS_EXPOSED = 'SENS_HIGH_GO_DEBUG_VARS_EXPOSED',
+    SENS_HIGH_GO_PPROF_EXPOSED = 'SENS_HIGH_GO_PPROF_EXPOSED',
+    SENS_HIGH_AZURE_STORAGE_CONFIG_EXPOSED = 'SENS_HIGH_AZURE_STORAGE_CONFIG_EXPOSED',
+    SENS_HIGH_MONGO_RC_EXPOSED = 'SENS_HIGH_MONGO_RC_EXPOSED',
+    // MEDIUM
+    SENS_MED_UN_PROTECTED_CONFIG_JSON = 'SENS_MED_UN_PROTECTED_CONFIG_JSON',
+    SENS_MED_MERCURIAL_REPOSITORY_FOUND = 'SENS_MED_MERCURIAL_REPOSITORY_FOUND',
+    SENS_MED_MERCURIAL_HGRC_EXPOSED = 'SENS_MED_MERCURIAL_HGRC_EXPOSED',
+    SENS_MED_CVS_ROOT_EXPOSED = 'SENS_MED_CVS_ROOT_EXPOSED',
+    SENS_MED_CVS_ENTRIES_EXPOSED = 'SENS_MED_CVS_ENTRIES_EXPOSED',
+    SENS_MED_BAZAAR_REPO_EXPOSED = 'SENS_MED_BAZAAR_REPO_EXPOSED',
+    SENS_MED_DOCKER_COMPOSE_CONFIGURATION_DETECTED = 'SENS_MED_DOCKER_COMPOSE_CONFIGURATION_DETECTED',
+    SENS_MED_LARAVEL_LOG_VIEWER_ENABLED = 'SENS_MED_LARAVEL_LOG_VIEWER_ENABLED',
+    SENS_MED_APACHE_HTACCESS_FILE_DETECTED = 'SENS_MED_APACHE_HTACCESS_FILE_DETECTED',
+    SENS_MED_APACHE_SERVER_INFO_EXPOSED = 'SENS_MED_APACHE_SERVER_INFO_EXPOSED',
+    SENS_MED_PACKAGE_DEPENDENCIES_DETECTED = 'SENS_MED_PACKAGE_DEPENDENCIES_DETECTED',
+    SENS_MED_PHP_COMPOSER_DEPENDENCIES_DETECTED = 'SENS_MED_PHP_COMPOSER_DEPENDENCIES_DETECTED',
+    SENS_MED_SSH_PUBLIC_KEY_EXPOSED = 'SENS_MED_SSH_PUBLIC_KEY_EXPOSED',
+    SENS_MED_SSL_CERTIFICATE_EXPOSED = 'SENS_MED_SSL_CERTIFICATE_EXPOSED',
+    SENS_MED_GRAPH_QL_ENDPOINT_EXPOSED = 'SENS_MED_GRAPH_QL_ENDPOINT_EXPOSED',
+    SENS_MED_GRAPHI_QL_EXPOSED = 'SENS_MED_GRAPHI_QL_EXPOSED',
+    SENS_MED_TERRAFORM_LOCK_EXPOSED = 'SENS_MED_TERRAFORM_LOCK_EXPOSED',
+    SENS_MED_ERROR_LOG_EXPOSED = 'SENS_MED_ERROR_LOG_EXPOSED',
+    SENS_MED_ACCESS_LOG_EXPOSED = 'SENS_MED_ACCESS_LOG_EXPOSED',
+    SENS_MED_DEBUG_LOG_EXPOSED = 'SENS_MED_DEBUG_LOG_EXPOSED',
+    SENS_MED_APPLICATION_LOG_EXPOSED = 'SENS_MED_APPLICATION_LOG_EXPOSED',
+    SENS_MED_WSDL_EXPOSED = 'SENS_MED_WSDL_EXPOSED',
+    SENS_MED_WORD_PRESS_XML_RPC_EXPOSED = 'SENS_MED_WORD_PRESS_XML_RPC_EXPOSED',
+    // LOW
+    SENS_LOW_TOML_PROJECT_FILE_EXPOSED = 'SENS_LOW_TOML_PROJECT_FILE_EXPOSED',
+    SENS_LOW_ATLASSIAN_BITBUCKET_PIPELINES_CONFIGURATION_DETECTED = 'SENS_LOW_ATLASSIAN_BITBUCKET_PIPELINES_CONFIGURATION_DETECTED',
+    SENS_LOW_AZURE_PIPELINES_CONFIGURATION_DETECTED = 'SENS_LOW_AZURE_PIPELINES_CONFIGURATION_DETECTED',
+    SENS_LOW_AWS_CODE_BUILD_BUILDSPEC_DETECTED = 'SENS_LOW_AWS_CODE_BUILD_BUILDSPEC_DETECTED',
+    SENS_LOW_GITHUB_ACTIONS_WORKFLOW_DETECTED = 'SENS_LOW_GITHUB_ACTIONS_WORKFLOW_DETECTED',
+    SENS_LOW_PYTHON_REQUIREMENTS_DETECTED = 'SENS_LOW_PYTHON_REQUIREMENTS_DETECTED',
+    SENS_LOW_TEST_ENDPOINT_EXPOSED = 'SENS_LOW_TEST_ENDPOINT_EXPOSED',
+    SENS_LOW_STAGING_ENDPOINT_EXPOSED = 'SENS_LOW_STAGING_ENDPOINT_EXPOSED',
+    SENS_LOW_EDITOR_BACKUP_FILE_DETECTED = 'SENS_LOW_EDITOR_BACKUP_FILE_DETECTED',
+    SENS_LOW_VIM_SWAP_FILE_DETECTED = 'SENS_LOW_VIM_SWAP_FILE_DETECTED',
+    SENS_LOW_DIRECTORY_LISTING_ENABLED = 'SENS_LOW_DIRECTORY_LISTING_ENABLED',
+    SENS_LOW_AWSSAM_TEMPLATE_EXPOSED = 'SENS_LOW_AWSSAM_TEMPLATE_EXPOSED',
+    SENS_LOW_SERVERLESS_CONFIG_EXPOSED = 'SENS_LOW_SERVERLESS_CONFIG_EXPOSED',
+    SENS_LOW_CLOUD_FORMATION_TEMPLATE_EXPOSED = 'SENS_LOW_CLOUD_FORMATION_TEMPLATE_EXPOSED',
+    // ========================================
+    // CLICKJACKING (CLICK_*)
+    // ========================================
+    CLICK_FRAMEABLE = 'CLICK_FRAMEABLE',
+    CLICK_PARTIAL_PROTECTION = 'CLICK_PARTIAL_PROTECTION',
+}
+export default VulnerabilityCode;

package/src/index.d.ts ADDED Viewed

@@ -0,0 +1,60 @@
+/**
+ * Vulnerability Registry - Main Entry Point
+ *
+ * Exports all vulnerability codes, definitions, and lookup utilities
+ */
+import { VulnerabilityCode } from './error-codes.js';
+import type { VulnerabilityDefinition, VulnerabilityLookup, Severity, VulnerabilityCategory } from './types.js';
+import { INJECTION_VULNERABILITIES } from './categories/injection.js';
+import { XSS_VULNERABILITIES } from './categories/xss.js';
+import { SSRF_VULNERABILITIES } from './categories/ssrf.js';
+import { AUTH_VULNERABILITIES } from './categories/authentication.js';
+import { CONFIG_VULNERABILITIES } from './categories/configuration.js';
+import { SENSITIVE_PATH_VULNERABILITIES } from './categories/sensitive-paths.js';
+/**
+ * Complete vulnerability registry combining all categories
+ */
+export declare const VULNERABILITY_REGISTRY: Record<string, VulnerabilityDefinition>;
+/**
+ * Get vulnerability definition by code
+ */
+export declare function getVulnerabilityDefinition(code: VulnerabilityCode | string): VulnerabilityLookup;
+/**
+ * Get all vulnerabilities for a specific scanner
+ */
+export declare function getVulnerabilitiesByScanner(scanner: string): VulnerabilityDefinition[];
+/**
+ * Get all vulnerabilities for a specific category
+ */
+export declare function getVulnerabilitiesByCategory(category: VulnerabilityCategory): VulnerabilityDefinition[];
+/**
+ * Get all vulnerabilities for a specific severity
+ */
+export declare function getVulnerabilitiesBySeverity(severity: Severity): VulnerabilityDefinition[];
+/**
+ * Get all vulnerability codes
+ */
+export declare function getAllVulnerabilityCodes(): VulnerabilityCode[];
+/**
+ * Get total count of registered vulnerabilities
+ */
+export declare function getVulnerabilityCount(): number;
+/**
+ * Create a finding with vulnerability definition
+ */
+export declare function createFinding(code: VulnerabilityCode | string, overrides?: Partial<VulnerabilityDefinition>): VulnerabilityDefinition | null;
+export { VulnerabilityCode } from './error-codes.js';
+export type { VulnerabilityDefinition, VulnerabilityLookup, CVSSProfile, CWEReference, OWASPReference, Severity, VulnerabilityCategory, } from './types.js';
+export { INJECTION_VULNERABILITIES, XSS_VULNERABILITIES, SSRF_VULNERABILITIES, AUTH_VULNERABILITIES, CONFIG_VULNERABILITIES, SENSITIVE_PATH_VULNERABILITIES, };
+declare const _default: {
+    VulnerabilityCode: typeof VulnerabilityCode;
+    VULNERABILITY_REGISTRY: Record<string, VulnerabilityDefinition>;
+    getVulnerabilityDefinition: typeof getVulnerabilityDefinition;
+    getVulnerabilitiesByScanner: typeof getVulnerabilitiesByScanner;
+    getVulnerabilitiesByCategory: typeof getVulnerabilitiesByCategory;
+    getVulnerabilitiesBySeverity: typeof getVulnerabilitiesBySeverity;
+    getAllVulnerabilityCodes: typeof getAllVulnerabilityCodes;
+    getVulnerabilityCount: typeof getVulnerabilityCount;
+    createFinding: typeof createFinding;
+};
+export default _default;

package/src/index.d.ts.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.d.ts","sourceRoot":"","sources":["index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,OAAO,KAAK,EAAE,uBAAuB,EAAE,mBAAmB,EAA6C,QAAQ,EAAE,qBAAqB,EAAE,MAAM,YAAY,CAAC;AAG3J,OAAO,EAAE,yBAAyB,EAAE,MAAM,2BAA2B,CAAC;AACtE,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AACtE,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AACvE,OAAO,EAAE,8BAA8B,EAAE,MAAM,iCAAiC,CAAC;AAEjF;;GAEG;AACH,eAAO,MAAM,sBAAsB,EAAE,MAAM,CAAC,MAAM,EAAE,uBAAuB,CAO1E,CAAC;AAEF;;GAEG;AACH,wBAAgB,0BAA0B,CAAC,IAAI,EAAE,iBAAiB,GAAG,MAAM,GAAG,mBAAmB,CAMhG;AAED;;GAEG;AACH,wBAAgB,2BAA2B,CAAC,OAAO,EAAE,MAAM,GAAG,uBAAuB,EAAE,CAEtF;AAED;;GAEG;AACH,wBAAgB,4BAA4B,CAAC,QAAQ,EAAE,qBAAqB,GAAG,uBAAuB,EAAE,CAEvG;AAED;;GAEG;AACH,wBAAgB,4BAA4B,CAAC,QAAQ,EAAE,QAAQ,GAAG,uBAAuB,EAAE,CAE1F;AAED;;GAEG;AACH,wBAAgB,wBAAwB,IAAI,iBAAiB,EAAE,CAE9D;AAED;;GAEG;AACH,wBAAgB,qBAAqB,IAAI,MAAM,CAE9C;AAED;;GAEG;AACH,wBAAgB,aAAa,CACzB,IAAI,EAAE,iBAAiB,GAAG,MAAM,EAChC,SAAS,CAAC,EAAE,OAAO,CAAC,uBAAuB,CAAC,GAC7C,uBAAuB,GAAG,IAAI,CAUhC;AAGD,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AACrD,YAAY,EACR,uBAAuB,EACvB,mBAAmB,EACnB,WAAW,EACX,YAAY,EACZ,cAAc,EACd,QAAQ,EACR,qBAAqB,GACxB,MAAM,YAAY,CAAC;AAGpB,OAAO,EACH,yBAAyB,EACzB,mBAAmB,EACnB,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,8BAA8B,GACjC,CAAC;;;;;;;;;;;;AAEF,wBAUE"}

package/src/index.js ADDED Viewed

@@ -0,0 +1,107 @@
+"use strict";
+/**
+ * Vulnerability Registry - Main Entry Point
+ *
+ * Exports all vulnerability codes, definitions, and lookup utilities
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SENSITIVE_PATH_VULNERABILITIES = exports.CONFIG_VULNERABILITIES = exports.AUTH_VULNERABILITIES = exports.SSRF_VULNERABILITIES = exports.XSS_VULNERABILITIES = exports.INJECTION_VULNERABILITIES = exports.VulnerabilityCode = exports.VULNERABILITY_REGISTRY = void 0;
+exports.getVulnerabilityDefinition = getVulnerabilityDefinition;
+exports.getVulnerabilitiesByScanner = getVulnerabilitiesByScanner;
+exports.getVulnerabilitiesByCategory = getVulnerabilitiesByCategory;
+exports.getVulnerabilitiesBySeverity = getVulnerabilitiesBySeverity;
+exports.getAllVulnerabilityCodes = getAllVulnerabilityCodes;
+exports.getVulnerabilityCount = getVulnerabilityCount;
+exports.createFinding = createFinding;
+const error_codes_js_1 = require("./error-codes.js");
+// Import all category definitions
+const injection_js_1 = require("./categories/injection.js");
+Object.defineProperty(exports, "INJECTION_VULNERABILITIES", { enumerable: true, get: function () { return injection_js_1.INJECTION_VULNERABILITIES; } });
+const xss_js_1 = require("./categories/xss.js");
+Object.defineProperty(exports, "XSS_VULNERABILITIES", { enumerable: true, get: function () { return xss_js_1.XSS_VULNERABILITIES; } });
+const ssrf_js_1 = require("./categories/ssrf.js");
+Object.defineProperty(exports, "SSRF_VULNERABILITIES", { enumerable: true, get: function () { return ssrf_js_1.SSRF_VULNERABILITIES; } });
+const authentication_js_1 = require("./categories/authentication.js");
+Object.defineProperty(exports, "AUTH_VULNERABILITIES", { enumerable: true, get: function () { return authentication_js_1.AUTH_VULNERABILITIES; } });
+const configuration_js_1 = require("./categories/configuration.js");
+Object.defineProperty(exports, "CONFIG_VULNERABILITIES", { enumerable: true, get: function () { return configuration_js_1.CONFIG_VULNERABILITIES; } });
+const sensitive_paths_js_1 = require("./categories/sensitive-paths.js");
+Object.defineProperty(exports, "SENSITIVE_PATH_VULNERABILITIES", { enumerable: true, get: function () { return sensitive_paths_js_1.SENSITIVE_PATH_VULNERABILITIES; } });
+/**
+ * Complete vulnerability registry combining all categories
+ */
+exports.VULNERABILITY_REGISTRY = {
+    ...injection_js_1.INJECTION_VULNERABILITIES,
+    ...xss_js_1.XSS_VULNERABILITIES,
+    ...ssrf_js_1.SSRF_VULNERABILITIES,
+    ...authentication_js_1.AUTH_VULNERABILITIES,
+    ...configuration_js_1.CONFIG_VULNERABILITIES,
+    ...sensitive_paths_js_1.SENSITIVE_PATH_VULNERABILITIES,
+};
+/**
+ * Get vulnerability definition by code
+ */
+function getVulnerabilityDefinition(code) {
+    const definition = exports.VULNERABILITY_REGISTRY[code];
+    if (definition) {
+        return { found: true, definition };
+    }
+    return { found: false };
+}
+/**
+ * Get all vulnerabilities for a specific scanner
+ */
+function getVulnerabilitiesByScanner(scanner) {
+    return Object.values(exports.VULNERABILITY_REGISTRY).filter(v => v.scanner === scanner);
+}
+/**
+ * Get all vulnerabilities for a specific category
+ */
+function getVulnerabilitiesByCategory(category) {
+    return Object.values(exports.VULNERABILITY_REGISTRY).filter(v => v.category === category);
+}
+/**
+ * Get all vulnerabilities for a specific severity
+ */
+function getVulnerabilitiesBySeverity(severity) {
+    return Object.values(exports.VULNERABILITY_REGISTRY).filter(v => v.severity === severity);
+}
+/**
+ * Get all vulnerability codes
+ */
+function getAllVulnerabilityCodes() {
+    return Object.values(error_codes_js_1.VulnerabilityCode);
+}
+/**
+ * Get total count of registered vulnerabilities
+ */
+function getVulnerabilityCount() {
+    return Object.keys(exports.VULNERABILITY_REGISTRY).length;
+}
+/**
+ * Create a finding with vulnerability definition
+ */
+function createFinding(code, overrides) {
+    const lookup = getVulnerabilityDefinition(code);
+    if (!lookup.found || !lookup.definition) {
+        return null;
+    }
+    return {
+        ...lookup.definition,
+        ...overrides,
+    };
+}
+// Re-export all types and enums
+var error_codes_js_2 = require("./error-codes.js");
+Object.defineProperty(exports, "VulnerabilityCode", { enumerable: true, get: function () { return error_codes_js_2.VulnerabilityCode; } });
+exports.default = {
+    VulnerabilityCode: error_codes_js_1.VulnerabilityCode,
+    VULNERABILITY_REGISTRY: exports.VULNERABILITY_REGISTRY,
+    getVulnerabilityDefinition,
+    getVulnerabilitiesByScanner,
+    getVulnerabilitiesByCategory,
+    getVulnerabilitiesBySeverity,
+    getAllVulnerabilityCodes,
+    getVulnerabilityCount,
+    createFinding,
+};

package/src/index.js.map ADDED Viewed

@@ -0,0 +1 @@

+ {"version":3,"file":"index.js","sourceRoot":"","sources":["index.ts"],"names":[],"mappings":"AAAA;;;;GAIG;AAEH,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAGrD,kCAAkC;AAClC,OAAO,EAAE,yBAAyB,EAAE,MAAM,2BAA2B,CAAC;AACtE,OAAO,EAAE,mBAAmB,EAAE,MAAM,qBAAqB,CAAC;AAC1D,OAAO,EAAE,oBAAoB,EAAE,MAAM,sBAAsB,CAAC;AAC5D,OAAO,EAAE,oBAAoB,EAAE,MAAM,gCAAgC,CAAC;AACtE,OAAO,EAAE,sBAAsB,EAAE,MAAM,+BAA+B,CAAC;AACvE,OAAO,EAAE,8BAA8B,EAAE,MAAM,iCAAiC,CAAC;AAEjF;;GAEG;AACH,MAAM,CAAC,MAAM,sBAAsB,GAA4C;IAC3E,GAAG,yBAAyB;IAC5B,GAAG,mBAAmB;IACtB,GAAG,oBAAoB;IACvB,GAAG,oBAAoB;IACvB,GAAG,sBAAsB;IACzB,GAAG,8BAA8B;CACpC,CAAC;AAEF;;GAEG;AACH,MAAM,UAAU,0BAA0B,CAAC,IAAgC;IACvE,MAAM,UAAU,GAAG,sBAAsB,CAAC,IAAI,CAAC,CAAC;IAChD,IAAI,UAAU,EAAE,CAAC;QACb,OAAO,EAAE,KAAK,EAAE,IAAI,EAAE,UAAU,EAAE,CAAC;IACvC,CAAC;IACD,OAAO,EAAE,KAAK,EAAE,KAAK,EAAE,CAAC;AAC5B,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,2BAA2B,CAAC,OAAe;IACvD,OAAO,MAAM,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,OAAO,KAAK,OAAO,CAAC,CAAC;AACpF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,4BAA4B,CAAC,QAA+B;IACxE,OAAO,MAAM,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AACtF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,4BAA4B,CAAC,QAAkB;IAC3D,OAAO,MAAM,CAAC,MAAM,CAAC,sBAAsB,CAAC,CAAC,MAAM,CAAC,CAAC,CAAC,EAAE,CAAC,CAAC,CAAC,QAAQ,KAAK,QAAQ,CAAC,CAAC;AACtF,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,wBAAwB;IACpC,OAAO,MAAM,CAAC,MAAM,CAAC,iBAAiB,CAAC,CAAC;AAC5C,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,qBAAqB;IACjC,OAAO,MAAM,CAAC,IAAI,CAAC,sBAAsB,CAAC,CAAC,MAAM,CAAC;AACtD,CAAC;AAED;;GAEG;AACH,MAAM,UAAU,aAAa,CACzB,IAAgC,EAChC,SAA4C;IAE5C,MAAM,MAAM,GAAG,0BAA0B,CAAC,IAAI,CAAC,CAAC;IAChD,IAAI,CAAC,MAAM,CAAC,KAAK,IAAI,CAAC,MAAM,CAAC,UAAU,EAAE,CAAC;QACtC,OAAO,IAAI,CAAC;IAChB,CAAC;IAED,OAAO;QACH,GAAG,MAAM,CAAC,UAAU;QACpB,GAAG,SAAS;KACf,CAAC;AACN,CAAC;AAED,gCAAgC;AAChC,OAAO,EAAE,iBAAiB,EAAE,MAAM,kBAAkB,CAAC;AAWrD,gDAAgD;AAChD,OAAO,EACH,yBAAyB,EACzB,mBAAmB,EACnB,oBAAoB,EACpB,oBAAoB,EACpB,sBAAsB,EACtB,8BAA8B,GACjC,CAAC;AAEF,eAAe;IACX,iBAAiB;IACjB,sBAAsB;IACtB,0BAA0B;IAC1B,2BAA2B;IAC3B,4BAA4B;IAC5B,4BAA4B;IAC5B,wBAAwB;IACxB,qBAAqB;IACrB,aAAa;CAChB,CAAC"}

package/src/index.ts ADDED Viewed

@@ -0,0 +1,126 @@
+/**
+ * Vulnerability Registry - Main Entry Point
+ *
+ * Exports all vulnerability codes, definitions, and lookup utilities
+ */
+import { VulnerabilityCode } from './error-codes.js';
+import type { VulnerabilityDefinition, VulnerabilityLookup, CVSSProfile, CWEReference, OWASPReference, Severity, VulnerabilityCategory } from './types.js';
+// Import all category definitions
+import { INJECTION_VULNERABILITIES } from './categories/injection.js';
+import { XSS_VULNERABILITIES } from './categories/xss.js';
+import { SSRF_VULNERABILITIES } from './categories/ssrf.js';
+import { AUTH_VULNERABILITIES } from './categories/authentication.js';
+import { CONFIG_VULNERABILITIES } from './categories/configuration.js';
+import { SENSITIVE_PATH_VULNERABILITIES } from './categories/sensitive-paths.js';
+/**
+ * Complete vulnerability registry combining all categories
+ */
+export const VULNERABILITY_REGISTRY: Record<string, VulnerabilityDefinition> = {
+    ...INJECTION_VULNERABILITIES,
+    ...XSS_VULNERABILITIES,
+    ...SSRF_VULNERABILITIES,
+    ...AUTH_VULNERABILITIES,
+    ...CONFIG_VULNERABILITIES,
+    ...SENSITIVE_PATH_VULNERABILITIES,
+};
+/**
+ * Get vulnerability definition by code
+ */
+export function getVulnerabilityDefinition(code: VulnerabilityCode | string): VulnerabilityLookup {
+    const definition = VULNERABILITY_REGISTRY[code];
+    if (definition) {
+        return { found: true, definition };
+    }
+    return { found: false };
+}
+/**
+ * Get all vulnerabilities for a specific scanner
+ */
+export function getVulnerabilitiesByScanner(scanner: string): VulnerabilityDefinition[] {
+    return Object.values(VULNERABILITY_REGISTRY).filter(v => v.scanner === scanner);
+}
+/**
+ * Get all vulnerabilities for a specific category
+ */
+export function getVulnerabilitiesByCategory(category: VulnerabilityCategory): VulnerabilityDefinition[] {
+    return Object.values(VULNERABILITY_REGISTRY).filter(v => v.category === category);
+}
+/**
+ * Get all vulnerabilities for a specific severity
+ */
+export function getVulnerabilitiesBySeverity(severity: Severity): VulnerabilityDefinition[] {
+    return Object.values(VULNERABILITY_REGISTRY).filter(v => v.severity === severity);
+}
+/**
+ * Get all vulnerability codes
+ */
+export function getAllVulnerabilityCodes(): VulnerabilityCode[] {
+    return Object.values(VulnerabilityCode);
+}
+/**
+ * Get total count of registered vulnerabilities
+ */
+export function getVulnerabilityCount(): number {
+    return Object.keys(VULNERABILITY_REGISTRY).length;
+}
+/**
+ * Create a finding with vulnerability definition
+ */
+export function createFinding(
+    code: VulnerabilityCode | string,
+    overrides?: Partial<VulnerabilityDefinition>
+): VulnerabilityDefinition | null {
+    const lookup = getVulnerabilityDefinition(code);
+    if (!lookup.found || !lookup.definition) {
+        return null;
+    }
+    return {
+        ...lookup.definition,
+        ...overrides,
+    };
+}
+// Re-export all types and enums
+export { VulnerabilityCode } from './error-codes.js';
+export type {
+    VulnerabilityDefinition,
+    VulnerabilityLookup,
+    CVSSProfile,
+    CWEReference,
+    OWASPReference,
+    Severity,
+    VulnerabilityCategory,
+} from './types.js';
+// Export category definitions for direct access
+export {
+    INJECTION_VULNERABILITIES,
+    XSS_VULNERABILITIES,
+    SSRF_VULNERABILITIES,
+    AUTH_VULNERABILITIES,
+    CONFIG_VULNERABILITIES,
+    SENSITIVE_PATH_VULNERABILITIES,
+};
+export default {
+    VulnerabilityCode,
+    VULNERABILITY_REGISTRY,
+    getVulnerabilityDefinition,
+    getVulnerabilitiesByScanner,
+    getVulnerabilitiesByCategory,
+    getVulnerabilitiesBySeverity,
+    getAllVulnerabilityCodes,
+    getVulnerabilityCount,
+    createFinding,
+};