@zerothreatai/vulnerability-registry 1.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/categories/authentication.d.ts +8 -0
- package/dist/categories/authentication.js +375 -0
- package/dist/categories/configuration.d.ts +8 -0
- package/dist/categories/configuration.js +903 -0
- package/dist/categories/injection.d.ts +8 -0
- package/dist/categories/injection.js +747 -0
- package/dist/categories/sensitive-paths.d.ts +9 -0
- package/dist/categories/sensitive-paths.js +1788 -0
- package/dist/categories/ssrf.d.ts +8 -0
- package/dist/categories/ssrf.js +247 -0
- package/dist/categories/xss.d.ts +7 -0
- package/dist/categories/xss.js +325 -0
- package/dist/error-codes.d.ts +242 -0
- package/dist/error-codes.js +312 -0
- package/dist/index.d.ts +60 -0
- package/dist/index.js +92 -0
- package/dist/types.d.ts +86 -0
- package/dist/types.js +6 -0
- package/dist-cjs/categories/authentication.js +378 -0
- package/dist-cjs/categories/configuration.js +906 -0
- package/dist-cjs/categories/injection.js +750 -0
- package/dist-cjs/categories/sensitive-paths.js +1791 -0
- package/dist-cjs/categories/ssrf.js +250 -0
- package/dist-cjs/categories/xss.js +328 -0
- package/dist-cjs/error-codes.js +315 -0
- package/dist-cjs/index.js +107 -0
- package/dist-cjs/types.js +7 -0
- package/package.json +35 -0
- package/src/categories/authentication.d.ts +8 -0
- package/src/categories/authentication.d.ts.map +1 -0
- package/src/categories/authentication.js +378 -0
- package/src/categories/authentication.js.map +1 -0
- package/src/categories/authentication.ts +395 -0
- package/src/categories/configuration.d.ts +8 -0
- package/src/categories/configuration.d.ts.map +1 -0
- package/src/categories/configuration.js +906 -0
- package/src/categories/configuration.js.map +1 -0
- package/src/categories/configuration.ts +948 -0
- package/src/categories/injection.d.ts +8 -0
- package/src/categories/injection.d.ts.map +1 -0
- package/src/categories/injection.js +750 -0
- package/src/categories/injection.js.map +1 -0
- package/src/categories/injection.ts +785 -0
- package/src/categories/sensitive-paths.d.ts +9 -0
- package/src/categories/sensitive-paths.d.ts.map +1 -0
- package/src/categories/sensitive-paths.js +1791 -0
- package/src/categories/sensitive-paths.js.map +1 -0
- package/src/categories/sensitive-paths.ts +1875 -0
- package/src/categories/ssrf.d.ts +8 -0
- package/src/categories/ssrf.d.ts.map +1 -0
- package/src/categories/ssrf.js +250 -0
- package/src/categories/ssrf.js.map +1 -0
- package/src/categories/ssrf.ts +261 -0
- package/src/categories/xss.d.ts +7 -0
- package/src/categories/xss.d.ts.map +1 -0
- package/src/categories/xss.js +328 -0
- package/src/categories/xss.js.map +1 -0
- package/src/categories/xss.ts +342 -0
- package/src/error-codes.d.ts +242 -0
- package/src/error-codes.d.ts.map +1 -0
- package/src/error-codes.js +315 -0
- package/src/error-codes.js.map +1 -0
- package/src/error-codes.ts +334 -0
- package/src/index.d.ts +60 -0
- package/src/index.d.ts.map +1 -0
- package/src/index.js +107 -0
- package/src/index.js.map +1 -0
- package/src/index.ts +126 -0
- package/src/types.d.ts +86 -0
- package/src/types.d.ts.map +1 -0
- package/src/types.js +7 -0
- package/src/types.js.map +1 -0
- package/src/types.ts +109 -0
- package/tsconfig.cjs.json +8 -0
- package/tsconfig.json +21 -0
- package/vulnerability-registry.zip +0 -0
|
@@ -0,0 +1,242 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Vulnerability Registry - Error Codes
|
|
3
|
+
*
|
|
4
|
+
* Central enum containing all vulnerability error codes across all scanners.
|
|
5
|
+
* Each code maps to a complete VulnerabilityDefinition.
|
|
6
|
+
*/
|
|
7
|
+
export declare enum VulnerabilityCode {
|
|
8
|
+
SQLI_ERROR_BASED = "SQLI_ERROR_BASED",
|
|
9
|
+
SQLI_BOOLEAN_BASED = "SQLI_BOOLEAN_BASED",
|
|
10
|
+
SQLI_TIME_BASED = "SQLI_TIME_BASED",
|
|
11
|
+
SQLI_STACK_BASED = "SQLI_STACK_BASED",
|
|
12
|
+
SQLI_UNION_BASED = "SQLI_UNION_BASED",
|
|
13
|
+
XSS_REFLECTED = "XSS_REFLECTED",
|
|
14
|
+
XSS_STORED = "XSS_STORED",
|
|
15
|
+
XSS_DOM_BASED = "XSS_DOM_BASED",
|
|
16
|
+
XSS_SVG_INJECTION = "XSS_SVG_INJECTION",
|
|
17
|
+
XSS_CSTI_ANGULAR = "XSS_CSTI_ANGULAR",
|
|
18
|
+
XSS_CSTI_VUE = "XSS_CSTI_VUE",
|
|
19
|
+
XSS_EVENT_HANDLER = "XSS_EVENT_HANDLER",
|
|
20
|
+
XSS_SCRIPT_INJECTION = "XSS_SCRIPT_INJECTION",
|
|
21
|
+
XSS_HTML_INJECTION = "XSS_HTML_INJECTION",
|
|
22
|
+
XSS_ATTRIBUTE_INJECTION = "XSS_ATTRIBUTE_INJECTION",
|
|
23
|
+
XSS_JS_CONTEXT = "XSS_JS_CONTEXT",
|
|
24
|
+
XSS_CSS_INJECTION = "XSS_CSS_INJECTION",
|
|
25
|
+
XSS_CSP_BYPASS = "XSS_CSP_BYPASS",
|
|
26
|
+
XSS_TEMPLATE_LITERAL = "XSS_TEMPLATE_LITERAL",
|
|
27
|
+
XSS_MUTATION_BASED = "XSS_MUTATION_BASED",
|
|
28
|
+
CMDI_OOB_CONFIRMED = "CMDI_OOB_CONFIRMED",
|
|
29
|
+
CMDI_REFLECTED = "CMDI_REFLECTED",
|
|
30
|
+
CMDI_TIME_BASED = "CMDI_TIME_BASED",
|
|
31
|
+
CMDI_ERROR_BASED = "CMDI_ERROR_BASED",
|
|
32
|
+
SSRF_CLOUD_METADATA = "SSRF_CLOUD_METADATA",
|
|
33
|
+
SSRF_INTERNAL_SERVICE = "SSRF_INTERNAL_SERVICE",
|
|
34
|
+
SSRF_PROTOCOL_SMUGGLING = "SSRF_PROTOCOL_SMUGGLING",
|
|
35
|
+
SSRF_BLIND_OOB = "SSRF_BLIND_OOB",
|
|
36
|
+
SSRF_FILTER_BYPASS = "SSRF_FILTER_BYPASS",
|
|
37
|
+
SSTI_JINJA2 = "SSTI_JINJA2",
|
|
38
|
+
SSTI_TWIG = "SSTI_TWIG",
|
|
39
|
+
SSTI_FREEMARKER = "SSTI_FREEMARKER",
|
|
40
|
+
SSTI_VELOCITY = "SSTI_VELOCITY",
|
|
41
|
+
SSTI_THYMELEAF = "SSTI_THYMELEAF",
|
|
42
|
+
SSTI_ERB = "SSTI_ERB",
|
|
43
|
+
SSTI_EJS = "SSTI_EJS",
|
|
44
|
+
SSTI_PUG = "SSTI_PUG",
|
|
45
|
+
SSTI_SMARTY = "SSTI_SMARTY",
|
|
46
|
+
SSTI_MAKO = "SSTI_MAKO",
|
|
47
|
+
SSTI_GENERIC = "SSTI_GENERIC",
|
|
48
|
+
XXE_CLASSIC = "XXE_CLASSIC",
|
|
49
|
+
XXE_BLIND = "XXE_BLIND",
|
|
50
|
+
XXE_OOB = "XXE_OOB",
|
|
51
|
+
XXE_ERROR_BASED = "XXE_ERROR_BASED",
|
|
52
|
+
XXE_PARAMETER_ENTITY = "XXE_PARAMETER_ENTITY",
|
|
53
|
+
XPATH_AUTH_BYPASS = "XPATH_AUTH_BYPASS",
|
|
54
|
+
XPATH_DATA_EXTRACTION = "XPATH_DATA_EXTRACTION",
|
|
55
|
+
XPATH_BLIND = "XPATH_BLIND",
|
|
56
|
+
XPATH_ERROR_BASED = "XPATH_ERROR_BASED",
|
|
57
|
+
LFI_PATH_TRAVERSAL = "LFI_PATH_TRAVERSAL",
|
|
58
|
+
LFI_FILTER_BYPASS = "LFI_FILTER_BYPASS",
|
|
59
|
+
LFI_SOURCE_DISCLOSURE = "LFI_SOURCE_DISCLOSURE",
|
|
60
|
+
LFI_WRAPPER_PROTOCOL = "LFI_WRAPPER_PROTOCOL",
|
|
61
|
+
LFI_PROC_DISCLOSURE = "LFI_PROC_DISCLOSURE",
|
|
62
|
+
JWT_NONE_ALGORITHM = "JWT_NONE_ALGORITHM",
|
|
63
|
+
JWT_WEAK_SECRET = "JWT_WEAK_SECRET",
|
|
64
|
+
JWT_KEY_CONFUSION = "JWT_KEY_CONFUSION",
|
|
65
|
+
JWT_EXPIRED_TOKEN = "JWT_EXPIRED_TOKEN",
|
|
66
|
+
JWT_MISSING_CLAIMS = "JWT_MISSING_CLAIMS",
|
|
67
|
+
JWT_CLAIM_TAMPERING = "JWT_CLAIM_TAMPERING",
|
|
68
|
+
JWT_KID_INJECTION = "JWT_KID_INJECTION",
|
|
69
|
+
JWT_JKU_INJECTION = "JWT_JKU_INJECTION",
|
|
70
|
+
JWT_EMBEDDED_JWK = "JWT_EMBEDDED_JWK",
|
|
71
|
+
JWT_X5C_INJECTION = "JWT_X5C_INJECTION",
|
|
72
|
+
REDIRECT_HEADER_INJECTION = "REDIRECT_HEADER_INJECTION",
|
|
73
|
+
REDIRECT_META_REFRESH = "REDIRECT_META_REFRESH",
|
|
74
|
+
REDIRECT_JS_NAVIGATION = "REDIRECT_JS_NAVIGATION",
|
|
75
|
+
BAC_ANONYMOUS_ACCESS = "BAC_ANONYMOUS_ACCESS",
|
|
76
|
+
BAC_HORIZONTAL_PRIVILEGE = "BAC_HORIZONTAL_PRIVILEGE",
|
|
77
|
+
BAC_VERTICAL_PRIVILEGE = "BAC_VERTICAL_PRIVILEGE",
|
|
78
|
+
BAC_IDOR = "BAC_IDOR",
|
|
79
|
+
HEADER_MISSING_CSP = "HEADER_MISSING_CSP",
|
|
80
|
+
HEADER_MISSING_HSTS = "HEADER_MISSING_HSTS",
|
|
81
|
+
HEADER_MISSING_XFRAME = "HEADER_MISSING_XFRAME",
|
|
82
|
+
HEADER_MISSING_XCONTENT_TYPE = "HEADER_MISSING_XCONTENT_TYPE",
|
|
83
|
+
HEADER_MISSING_XSS_PROTECTION = "HEADER_MISSING_XSS_PROTECTION",
|
|
84
|
+
HEADER_MISSING_REFERRER_POLICY = "HEADER_MISSING_REFERRER_POLICY",
|
|
85
|
+
HEADER_MISSING_PERMISSIONS_POLICY = "HEADER_MISSING_PERMISSIONS_POLICY",
|
|
86
|
+
HEADER_WEAK_CSP = "HEADER_WEAK_CSP",
|
|
87
|
+
HEADER_CORS_MISCONFIGURED = "HEADER_CORS_MISCONFIGURED",
|
|
88
|
+
HEADER_COEP_WITHOUT_COOP = "HEADER_COEP_WITHOUT_COOP",
|
|
89
|
+
HEADER_CORP_UNUSUAL = "HEADER_CORP_UNUSUAL",
|
|
90
|
+
HEADER_EXPECT_CT_PRESENT = "HEADER_EXPECT_CT_PRESENT",
|
|
91
|
+
HEADER_SERVER_HEADER_PRESENT = "HEADER_SERVER_HEADER_PRESENT",
|
|
92
|
+
HEADER_X_POWERED_BY_PRESENT = "HEADER_X_POWERED_BY_PRESENT",
|
|
93
|
+
HEADER_X_XSS_PROTECTION_ENABLED = "HEADER_X_XSS_PROTECTION_ENABLED",
|
|
94
|
+
COOKIE_SAMESITE_NONE_WITHOUT_SECURE = "COOKIE_SAMESITE_NONE_WITHOUT_SECURE",
|
|
95
|
+
COOKIE_SESSION_MISSING_SECURE = "COOKIE_SESSION_MISSING_SECURE",
|
|
96
|
+
COOKIE_MISSING_SECURE = "COOKIE_MISSING_SECURE",
|
|
97
|
+
COOKIE_SESSION_MISSING_HTTPONLY = "COOKIE_SESSION_MISSING_HTTPONLY",
|
|
98
|
+
COOKIE_MISSING_HTTPONLY = "COOKIE_MISSING_HTTPONLY",
|
|
99
|
+
COOKIE_MISSING_SAMESITE = "COOKIE_MISSING_SAMESITE",
|
|
100
|
+
COOKIE_HOST_PREFIX_INVALID = "COOKIE_HOST_PREFIX_INVALID",
|
|
101
|
+
COOKIE_SECURE_PREFIX_INVALID = "COOKIE_SECURE_PREFIX_INVALID",
|
|
102
|
+
HEADER_DRIFT_CSP = "HEADER_DRIFT_CSP",
|
|
103
|
+
HEADER_DRIFT_HSTS = "HEADER_DRIFT_HSTS",
|
|
104
|
+
HEADER_DRIFT_XCONTENT_TYPE = "HEADER_DRIFT_XCONTENT_TYPE",
|
|
105
|
+
HEADER_DRIFT_REFERRER_POLICY = "HEADER_DRIFT_REFERRER_POLICY",
|
|
106
|
+
HEADER_DRIFT_XFRAME = "HEADER_DRIFT_XFRAME",
|
|
107
|
+
HEADER_DRIFT_PERMISSIONS_POLICY = "HEADER_DRIFT_PERMISSIONS_POLICY",
|
|
108
|
+
HEADER_DRIFT_COOP = "HEADER_DRIFT_COOP",
|
|
109
|
+
HEADER_DRIFT_COEP = "HEADER_DRIFT_COEP",
|
|
110
|
+
HEADER_DRIFT_CORP = "HEADER_DRIFT_CORP",
|
|
111
|
+
HOST_CACHE_POISONING = "HOST_CACHE_POISONING",
|
|
112
|
+
HOST_PASSWORD_RESET = "HOST_PASSWORD_RESET",
|
|
113
|
+
HOST_REDIRECT = "HOST_REDIRECT",
|
|
114
|
+
DIRBROWSE_ENABLED = "DIRBROWSE_ENABLED",
|
|
115
|
+
DIRBROWSE_SENSITIVE = "DIRBROWSE_SENSITIVE",
|
|
116
|
+
MASSASSIGN_PROTOTYPE_POLLUTION = "MASSASSIGN_PROTOTYPE_POLLUTION",
|
|
117
|
+
MASSASSIGN_ROLE_ESCALATION = "MASSASSIGN_ROLE_ESCALATION",
|
|
118
|
+
MASSASSIGN_HIDDEN_FIELD = "MASSASSIGN_HIDDEN_FIELD",
|
|
119
|
+
DESER_JAVA = "DESER_JAVA",
|
|
120
|
+
DESER_PHP = "DESER_PHP",
|
|
121
|
+
DESER_PYTHON = "DESER_PYTHON",
|
|
122
|
+
DESER_DOTNET = "DESER_DOTNET",
|
|
123
|
+
DESER_RUBY = "DESER_RUBY",
|
|
124
|
+
DESER_NODE = "DESER_NODE",
|
|
125
|
+
SENS_CRIT_AWS_CREDENTIALS = "SENS_CRIT_AWS_CREDENTIALS",
|
|
126
|
+
SENS_CRIT_SSH_PRIVATE_KEY = "SENS_CRIT_SSH_PRIVATE_KEY",
|
|
127
|
+
SENS_CRIT_SSL_PRIVATE_KEY = "SENS_CRIT_SSL_PRIVATE_KEY",
|
|
128
|
+
SENS_CRIT_RAILS_MASTER_KEY = "SENS_CRIT_RAILS_MASTER_KEY",
|
|
129
|
+
SENS_CRIT_TERRAFORM_STATE = "SENS_CRIT_TERRAFORM_STATE",
|
|
130
|
+
SENS_CRIT_FIREBASE_ADMIN_SDK = "SENS_CRIT_FIREBASE_ADMIN_SDK",
|
|
131
|
+
SENS_CRIT_KUBE_CONFIG = "SENS_CRIT_KUBE_CONFIG",
|
|
132
|
+
SENS_CRIT_AZURE_STORAGE_KEY = "SENS_CRIT_AZURE_STORAGE_KEY",
|
|
133
|
+
SENS_CRIT_CONSUL_KV = "SENS_CRIT_CONSUL_KV",
|
|
134
|
+
SENS_CRIT_VAULT_SECRET = "SENS_CRIT_VAULT_SECRET",
|
|
135
|
+
SENS_CRIT_DOCKER_SECRET = "SENS_CRIT_DOCKER_SECRET",
|
|
136
|
+
SENS_HIGH_GIT_EXPOSED = "SENS_HIGH_GIT_EXPOSED",
|
|
137
|
+
SENS_HIGH_GIT_CONFIG = "SENS_HIGH_GIT_CONFIG",
|
|
138
|
+
SENS_HIGH_WORDPRESS_CONFIG = "SENS_HIGH_WORDPRESS_CONFIG",
|
|
139
|
+
SENS_HIGH_SPRING_ACTUATOR = "SENS_HIGH_SPRING_ACTUATOR",
|
|
140
|
+
SENS_HIGH_SPRING_HEAPDUMP = "SENS_HIGH_SPRING_HEAPDUMP",
|
|
141
|
+
SENS_HIGH_DATABASE_BACKUP = "SENS_HIGH_DATABASE_BACKUP",
|
|
142
|
+
SENS_HIGH_PHPINFO = "SENS_HIGH_PHPINFO",
|
|
143
|
+
SENS_HIGH_LARAVEL_DEBUG = "SENS_HIGH_LARAVEL_DEBUG",
|
|
144
|
+
SENS_HIGH_GCP_SERVICE_ACCOUNT = "SENS_HIGH_GCP_SERVICE_ACCOUNT",
|
|
145
|
+
SENS_HIGH_GRAPHQL_INTROSPECTION = "SENS_HIGH_GRAPHQL_INTROSPECTION",
|
|
146
|
+
SENS_HIGH_PHPMYADMIN = "SENS_HIGH_PHPMYADMIN",
|
|
147
|
+
SENS_HIGH_MONGODB_CONFIG = "SENS_HIGH_MONGODB_CONFIG",
|
|
148
|
+
SENS_HIGH_JAVA_KEYSTORE = "SENS_HIGH_JAVA_KEYSTORE",
|
|
149
|
+
SENS_HIGH_PHP_SESSION = "SENS_HIGH_PHP_SESSION",
|
|
150
|
+
SENS_HIGH_ENV_FILE = "SENS_HIGH_ENV_FILE",
|
|
151
|
+
SENS_HIGH_BACKUP_FILE = "SENS_HIGH_BACKUP_FILE",
|
|
152
|
+
SENS_HIGH_HTPASSWD = "SENS_HIGH_HTPASSWD",
|
|
153
|
+
SENS_HIGH_DS_STORE = "SENS_HIGH_DS_STORE",
|
|
154
|
+
SENS_MED_SWAGGER_DOCS = "SENS_MED_SWAGGER_DOCS",
|
|
155
|
+
SENS_MED_APACHE_STATUS = "SENS_MED_APACHE_STATUS",
|
|
156
|
+
SENS_MED_PROMETHEUS_METRICS = "SENS_MED_PROMETHEUS_METRICS",
|
|
157
|
+
SENS_MED_DOCKERFILE = "SENS_MED_DOCKERFILE",
|
|
158
|
+
SENS_MED_FIREBASE_CONFIG = "SENS_MED_FIREBASE_CONFIG",
|
|
159
|
+
SENS_MED_SOURCE_MAP = "SENS_MED_SOURCE_MAP",
|
|
160
|
+
SENS_MED_ELASTICSEARCH = "SENS_MED_ELASTICSEARCH",
|
|
161
|
+
SENS_MED_ADMIN_PANEL = "SENS_MED_ADMIN_PANEL",
|
|
162
|
+
SENS_MED_COMPOSER_LOCK = "SENS_MED_COMPOSER_LOCK",
|
|
163
|
+
SENS_MED_PACKAGE_LOCK = "SENS_MED_PACKAGE_LOCK",
|
|
164
|
+
SENS_MED_GEMFILE_LOCK = "SENS_MED_GEMFILE_LOCK",
|
|
165
|
+
SENS_MED_ROBOTS_TXT = "SENS_MED_ROBOTS_TXT",
|
|
166
|
+
SENS_MED_SITEMAP = "SENS_MED_SITEMAP",
|
|
167
|
+
SENS_MED_CROSSDOMAIN_XML = "SENS_MED_CROSSDOMAIN_XML",
|
|
168
|
+
SENS_LOW_TRAVIS_CI = "SENS_LOW_TRAVIS_CI",
|
|
169
|
+
SENS_LOW_JENKINSFILE = "SENS_LOW_JENKINSFILE",
|
|
170
|
+
SENS_LOW_CIRCLECI = "SENS_LOW_CIRCLECI",
|
|
171
|
+
SENS_LOW_GITLAB_CI = "SENS_LOW_GITLAB_CI",
|
|
172
|
+
SENS_LOW_README = "SENS_LOW_README",
|
|
173
|
+
SENS_LOW_CHANGELOG = "SENS_LOW_CHANGELOG",
|
|
174
|
+
SENS_LOW_LICENSE = "SENS_LOW_LICENSE",
|
|
175
|
+
SENS_HIGH_WEB_SERVER_CONFIGURATION_FILE_DETECTED = "SENS_HIGH_WEB_SERVER_CONFIGURATION_FILE_DETECTED",
|
|
176
|
+
SENS_HIGH_APPSETTINGS_JSON_EXPOSED = "SENS_HIGH_APPSETTINGS_JSON_EXPOSED",
|
|
177
|
+
SENS_HIGH_SPRING_CONFIG_EXPOSED = "SENS_HIGH_SPRING_CONFIG_EXPOSED",
|
|
178
|
+
SENS_HIGH_NPMRC_EXPOSED = "SENS_HIGH_NPMRC_EXPOSED",
|
|
179
|
+
SENS_HIGH_RAILS_DATABASE_YML_EXPOSED = "SENS_HIGH_RAILS_DATABASE_YML_EXPOSED",
|
|
180
|
+
SENS_HIGH_DRUPAL_SETTINGS_PHP_EXPOSED = "SENS_HIGH_DRUPAL_SETTINGS_PHP_EXPOSED",
|
|
181
|
+
SENS_HIGH_MAGENTO_ENV_PHP_EXPOSED = "SENS_HIGH_MAGENTO_ENV_PHP_EXPOSED",
|
|
182
|
+
SENS_HIGH_JOLOKIA_EXPOSED = "SENS_HIGH_JOLOKIA_EXPOSED",
|
|
183
|
+
SENS_HIGH_SVN_WORKING_COPY_DATABASE_EXPOSED = "SENS_HIGH_SVN_WORKING_COPY_DATABASE_EXPOSED",
|
|
184
|
+
SENS_HIGH_SUBVERSION_REPOSITORY_DETECTED = "SENS_HIGH_SUBVERSION_REPOSITORY_DETECTED",
|
|
185
|
+
SENS_HIGH_SPRING_BOOT_THREAD_DUMP_EXPOSED = "SENS_HIGH_SPRING_BOOT_THREAD_DUMP_EXPOSED",
|
|
186
|
+
SENS_HIGH_REDIS_RDB_DUMP_DETECTED = "SENS_HIGH_REDIS_RDB_DUMP_DETECTED",
|
|
187
|
+
SENS_HIGH_TRACE_AXD = "SENS_HIGH_TRACE_AXD",
|
|
188
|
+
SENS_HIGH_ELMAH_AXD_EXPOSED = "SENS_HIGH_ELMAH_AXD_EXPOSED",
|
|
189
|
+
SENS_HIGH_SQLITE_DATABASE_DETECTED = "SENS_HIGH_SQLITE_DATABASE_DETECTED",
|
|
190
|
+
SENS_HIGH_AWS_CONFIG_EXPOSED = "SENS_HIGH_AWS_CONFIG_EXPOSED",
|
|
191
|
+
SENS_HIGH_AZURE_CREDENTIALS_EXPOSED = "SENS_HIGH_AZURE_CREDENTIALS_EXPOSED",
|
|
192
|
+
SENS_HIGH_HELM_VALUES_EXPOSED = "SENS_HIGH_HELM_VALUES_EXPOSED",
|
|
193
|
+
SENS_HIGH_TERRAFORM_VARS_EXPOSED = "SENS_HIGH_TERRAFORM_VARS_EXPOSED",
|
|
194
|
+
SENS_HIGH_LARAVEL_LOG_EXPOSED = "SENS_HIGH_LARAVEL_LOG_EXPOSED",
|
|
195
|
+
SENS_HIGH_WORD_PRESS_DEBUG_LOG_EXPOSED = "SENS_HIGH_WORD_PRESS_DEBUG_LOG_EXPOSED",
|
|
196
|
+
SENS_HIGH_ADMINER_EXPOSED = "SENS_HIGH_ADMINER_EXPOSED",
|
|
197
|
+
SENS_HIGH_DEBUG_ENDPOINT_EXPOSED = "SENS_HIGH_DEBUG_ENDPOINT_EXPOSED",
|
|
198
|
+
SENS_HIGH_GO_DEBUG_VARS_EXPOSED = "SENS_HIGH_GO_DEBUG_VARS_EXPOSED",
|
|
199
|
+
SENS_HIGH_GO_PPROF_EXPOSED = "SENS_HIGH_GO_PPROF_EXPOSED",
|
|
200
|
+
SENS_HIGH_AZURE_STORAGE_CONFIG_EXPOSED = "SENS_HIGH_AZURE_STORAGE_CONFIG_EXPOSED",
|
|
201
|
+
SENS_HIGH_MONGO_RC_EXPOSED = "SENS_HIGH_MONGO_RC_EXPOSED",
|
|
202
|
+
SENS_MED_UN_PROTECTED_CONFIG_JSON = "SENS_MED_UN_PROTECTED_CONFIG_JSON",
|
|
203
|
+
SENS_MED_MERCURIAL_REPOSITORY_FOUND = "SENS_MED_MERCURIAL_REPOSITORY_FOUND",
|
|
204
|
+
SENS_MED_MERCURIAL_HGRC_EXPOSED = "SENS_MED_MERCURIAL_HGRC_EXPOSED",
|
|
205
|
+
SENS_MED_CVS_ROOT_EXPOSED = "SENS_MED_CVS_ROOT_EXPOSED",
|
|
206
|
+
SENS_MED_CVS_ENTRIES_EXPOSED = "SENS_MED_CVS_ENTRIES_EXPOSED",
|
|
207
|
+
SENS_MED_BAZAAR_REPO_EXPOSED = "SENS_MED_BAZAAR_REPO_EXPOSED",
|
|
208
|
+
SENS_MED_DOCKER_COMPOSE_CONFIGURATION_DETECTED = "SENS_MED_DOCKER_COMPOSE_CONFIGURATION_DETECTED",
|
|
209
|
+
SENS_MED_LARAVEL_LOG_VIEWER_ENABLED = "SENS_MED_LARAVEL_LOG_VIEWER_ENABLED",
|
|
210
|
+
SENS_MED_APACHE_HTACCESS_FILE_DETECTED = "SENS_MED_APACHE_HTACCESS_FILE_DETECTED",
|
|
211
|
+
SENS_MED_APACHE_SERVER_INFO_EXPOSED = "SENS_MED_APACHE_SERVER_INFO_EXPOSED",
|
|
212
|
+
SENS_MED_PACKAGE_DEPENDENCIES_DETECTED = "SENS_MED_PACKAGE_DEPENDENCIES_DETECTED",
|
|
213
|
+
SENS_MED_PHP_COMPOSER_DEPENDENCIES_DETECTED = "SENS_MED_PHP_COMPOSER_DEPENDENCIES_DETECTED",
|
|
214
|
+
SENS_MED_SSH_PUBLIC_KEY_EXPOSED = "SENS_MED_SSH_PUBLIC_KEY_EXPOSED",
|
|
215
|
+
SENS_MED_SSL_CERTIFICATE_EXPOSED = "SENS_MED_SSL_CERTIFICATE_EXPOSED",
|
|
216
|
+
SENS_MED_GRAPH_QL_ENDPOINT_EXPOSED = "SENS_MED_GRAPH_QL_ENDPOINT_EXPOSED",
|
|
217
|
+
SENS_MED_GRAPHI_QL_EXPOSED = "SENS_MED_GRAPHI_QL_EXPOSED",
|
|
218
|
+
SENS_MED_TERRAFORM_LOCK_EXPOSED = "SENS_MED_TERRAFORM_LOCK_EXPOSED",
|
|
219
|
+
SENS_MED_ERROR_LOG_EXPOSED = "SENS_MED_ERROR_LOG_EXPOSED",
|
|
220
|
+
SENS_MED_ACCESS_LOG_EXPOSED = "SENS_MED_ACCESS_LOG_EXPOSED",
|
|
221
|
+
SENS_MED_DEBUG_LOG_EXPOSED = "SENS_MED_DEBUG_LOG_EXPOSED",
|
|
222
|
+
SENS_MED_APPLICATION_LOG_EXPOSED = "SENS_MED_APPLICATION_LOG_EXPOSED",
|
|
223
|
+
SENS_MED_WSDL_EXPOSED = "SENS_MED_WSDL_EXPOSED",
|
|
224
|
+
SENS_MED_WORD_PRESS_XML_RPC_EXPOSED = "SENS_MED_WORD_PRESS_XML_RPC_EXPOSED",
|
|
225
|
+
SENS_LOW_TOML_PROJECT_FILE_EXPOSED = "SENS_LOW_TOML_PROJECT_FILE_EXPOSED",
|
|
226
|
+
SENS_LOW_ATLASSIAN_BITBUCKET_PIPELINES_CONFIGURATION_DETECTED = "SENS_LOW_ATLASSIAN_BITBUCKET_PIPELINES_CONFIGURATION_DETECTED",
|
|
227
|
+
SENS_LOW_AZURE_PIPELINES_CONFIGURATION_DETECTED = "SENS_LOW_AZURE_PIPELINES_CONFIGURATION_DETECTED",
|
|
228
|
+
SENS_LOW_AWS_CODE_BUILD_BUILDSPEC_DETECTED = "SENS_LOW_AWS_CODE_BUILD_BUILDSPEC_DETECTED",
|
|
229
|
+
SENS_LOW_GITHUB_ACTIONS_WORKFLOW_DETECTED = "SENS_LOW_GITHUB_ACTIONS_WORKFLOW_DETECTED",
|
|
230
|
+
SENS_LOW_PYTHON_REQUIREMENTS_DETECTED = "SENS_LOW_PYTHON_REQUIREMENTS_DETECTED",
|
|
231
|
+
SENS_LOW_TEST_ENDPOINT_EXPOSED = "SENS_LOW_TEST_ENDPOINT_EXPOSED",
|
|
232
|
+
SENS_LOW_STAGING_ENDPOINT_EXPOSED = "SENS_LOW_STAGING_ENDPOINT_EXPOSED",
|
|
233
|
+
SENS_LOW_EDITOR_BACKUP_FILE_DETECTED = "SENS_LOW_EDITOR_BACKUP_FILE_DETECTED",
|
|
234
|
+
SENS_LOW_VIM_SWAP_FILE_DETECTED = "SENS_LOW_VIM_SWAP_FILE_DETECTED",
|
|
235
|
+
SENS_LOW_DIRECTORY_LISTING_ENABLED = "SENS_LOW_DIRECTORY_LISTING_ENABLED",
|
|
236
|
+
SENS_LOW_AWSSAM_TEMPLATE_EXPOSED = "SENS_LOW_AWSSAM_TEMPLATE_EXPOSED",
|
|
237
|
+
SENS_LOW_SERVERLESS_CONFIG_EXPOSED = "SENS_LOW_SERVERLESS_CONFIG_EXPOSED",
|
|
238
|
+
SENS_LOW_CLOUD_FORMATION_TEMPLATE_EXPOSED = "SENS_LOW_CLOUD_FORMATION_TEMPLATE_EXPOSED",
|
|
239
|
+
CLICK_FRAMEABLE = "CLICK_FRAMEABLE",
|
|
240
|
+
CLICK_PARTIAL_PROTECTION = "CLICK_PARTIAL_PROTECTION"
|
|
241
|
+
}
|
|
242
|
+
export default VulnerabilityCode;
|
|
@@ -0,0 +1,312 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Vulnerability Registry - Error Codes
|
|
3
|
+
*
|
|
4
|
+
* Central enum containing all vulnerability error codes across all scanners.
|
|
5
|
+
* Each code maps to a complete VulnerabilityDefinition.
|
|
6
|
+
*/
|
|
7
|
+
export var VulnerabilityCode;
|
|
8
|
+
(function (VulnerabilityCode) {
|
|
9
|
+
// ========================================
|
|
10
|
+
// SQL INJECTION (SQLI_*)
|
|
11
|
+
// ========================================
|
|
12
|
+
VulnerabilityCode["SQLI_ERROR_BASED"] = "SQLI_ERROR_BASED";
|
|
13
|
+
VulnerabilityCode["SQLI_BOOLEAN_BASED"] = "SQLI_BOOLEAN_BASED";
|
|
14
|
+
VulnerabilityCode["SQLI_TIME_BASED"] = "SQLI_TIME_BASED";
|
|
15
|
+
VulnerabilityCode["SQLI_STACK_BASED"] = "SQLI_STACK_BASED";
|
|
16
|
+
VulnerabilityCode["SQLI_UNION_BASED"] = "SQLI_UNION_BASED";
|
|
17
|
+
// ========================================
|
|
18
|
+
// CROSS-SITE SCRIPTING (XSS_*)
|
|
19
|
+
// ========================================
|
|
20
|
+
VulnerabilityCode["XSS_REFLECTED"] = "XSS_REFLECTED";
|
|
21
|
+
VulnerabilityCode["XSS_STORED"] = "XSS_STORED";
|
|
22
|
+
VulnerabilityCode["XSS_DOM_BASED"] = "XSS_DOM_BASED";
|
|
23
|
+
VulnerabilityCode["XSS_SVG_INJECTION"] = "XSS_SVG_INJECTION";
|
|
24
|
+
VulnerabilityCode["XSS_CSTI_ANGULAR"] = "XSS_CSTI_ANGULAR";
|
|
25
|
+
VulnerabilityCode["XSS_CSTI_VUE"] = "XSS_CSTI_VUE";
|
|
26
|
+
VulnerabilityCode["XSS_EVENT_HANDLER"] = "XSS_EVENT_HANDLER";
|
|
27
|
+
VulnerabilityCode["XSS_SCRIPT_INJECTION"] = "XSS_SCRIPT_INJECTION";
|
|
28
|
+
VulnerabilityCode["XSS_HTML_INJECTION"] = "XSS_HTML_INJECTION";
|
|
29
|
+
VulnerabilityCode["XSS_ATTRIBUTE_INJECTION"] = "XSS_ATTRIBUTE_INJECTION";
|
|
30
|
+
VulnerabilityCode["XSS_JS_CONTEXT"] = "XSS_JS_CONTEXT";
|
|
31
|
+
VulnerabilityCode["XSS_CSS_INJECTION"] = "XSS_CSS_INJECTION";
|
|
32
|
+
VulnerabilityCode["XSS_CSP_BYPASS"] = "XSS_CSP_BYPASS";
|
|
33
|
+
VulnerabilityCode["XSS_TEMPLATE_LITERAL"] = "XSS_TEMPLATE_LITERAL";
|
|
34
|
+
VulnerabilityCode["XSS_MUTATION_BASED"] = "XSS_MUTATION_BASED";
|
|
35
|
+
// ========================================
|
|
36
|
+
// COMMAND INJECTION (CMDI_*)
|
|
37
|
+
// ========================================
|
|
38
|
+
VulnerabilityCode["CMDI_OOB_CONFIRMED"] = "CMDI_OOB_CONFIRMED";
|
|
39
|
+
VulnerabilityCode["CMDI_REFLECTED"] = "CMDI_REFLECTED";
|
|
40
|
+
VulnerabilityCode["CMDI_TIME_BASED"] = "CMDI_TIME_BASED";
|
|
41
|
+
VulnerabilityCode["CMDI_ERROR_BASED"] = "CMDI_ERROR_BASED";
|
|
42
|
+
// ========================================
|
|
43
|
+
// SERVER-SIDE REQUEST FORGERY (SSRF_*)
|
|
44
|
+
// ========================================
|
|
45
|
+
VulnerabilityCode["SSRF_CLOUD_METADATA"] = "SSRF_CLOUD_METADATA";
|
|
46
|
+
VulnerabilityCode["SSRF_INTERNAL_SERVICE"] = "SSRF_INTERNAL_SERVICE";
|
|
47
|
+
VulnerabilityCode["SSRF_PROTOCOL_SMUGGLING"] = "SSRF_PROTOCOL_SMUGGLING";
|
|
48
|
+
VulnerabilityCode["SSRF_BLIND_OOB"] = "SSRF_BLIND_OOB";
|
|
49
|
+
VulnerabilityCode["SSRF_FILTER_BYPASS"] = "SSRF_FILTER_BYPASS";
|
|
50
|
+
// ========================================
|
|
51
|
+
// SERVER-SIDE TEMPLATE INJECTION (SSTI_*)
|
|
52
|
+
// ========================================
|
|
53
|
+
VulnerabilityCode["SSTI_JINJA2"] = "SSTI_JINJA2";
|
|
54
|
+
VulnerabilityCode["SSTI_TWIG"] = "SSTI_TWIG";
|
|
55
|
+
VulnerabilityCode["SSTI_FREEMARKER"] = "SSTI_FREEMARKER";
|
|
56
|
+
VulnerabilityCode["SSTI_VELOCITY"] = "SSTI_VELOCITY";
|
|
57
|
+
VulnerabilityCode["SSTI_THYMELEAF"] = "SSTI_THYMELEAF";
|
|
58
|
+
VulnerabilityCode["SSTI_ERB"] = "SSTI_ERB";
|
|
59
|
+
VulnerabilityCode["SSTI_EJS"] = "SSTI_EJS";
|
|
60
|
+
VulnerabilityCode["SSTI_PUG"] = "SSTI_PUG";
|
|
61
|
+
VulnerabilityCode["SSTI_SMARTY"] = "SSTI_SMARTY";
|
|
62
|
+
VulnerabilityCode["SSTI_MAKO"] = "SSTI_MAKO";
|
|
63
|
+
VulnerabilityCode["SSTI_GENERIC"] = "SSTI_GENERIC";
|
|
64
|
+
// ========================================
|
|
65
|
+
// XML EXTERNAL ENTITY (XXE_*)
|
|
66
|
+
// ========================================
|
|
67
|
+
VulnerabilityCode["XXE_CLASSIC"] = "XXE_CLASSIC";
|
|
68
|
+
VulnerabilityCode["XXE_BLIND"] = "XXE_BLIND";
|
|
69
|
+
VulnerabilityCode["XXE_OOB"] = "XXE_OOB";
|
|
70
|
+
VulnerabilityCode["XXE_ERROR_BASED"] = "XXE_ERROR_BASED";
|
|
71
|
+
VulnerabilityCode["XXE_PARAMETER_ENTITY"] = "XXE_PARAMETER_ENTITY";
|
|
72
|
+
// ========================================
|
|
73
|
+
// XPATH INJECTION (XPATH_*)
|
|
74
|
+
// ========================================
|
|
75
|
+
VulnerabilityCode["XPATH_AUTH_BYPASS"] = "XPATH_AUTH_BYPASS";
|
|
76
|
+
VulnerabilityCode["XPATH_DATA_EXTRACTION"] = "XPATH_DATA_EXTRACTION";
|
|
77
|
+
VulnerabilityCode["XPATH_BLIND"] = "XPATH_BLIND";
|
|
78
|
+
VulnerabilityCode["XPATH_ERROR_BASED"] = "XPATH_ERROR_BASED";
|
|
79
|
+
// ========================================
|
|
80
|
+
// LOCAL FILE INCLUSION (LFI_*)
|
|
81
|
+
// ========================================
|
|
82
|
+
VulnerabilityCode["LFI_PATH_TRAVERSAL"] = "LFI_PATH_TRAVERSAL";
|
|
83
|
+
VulnerabilityCode["LFI_FILTER_BYPASS"] = "LFI_FILTER_BYPASS";
|
|
84
|
+
VulnerabilityCode["LFI_SOURCE_DISCLOSURE"] = "LFI_SOURCE_DISCLOSURE";
|
|
85
|
+
VulnerabilityCode["LFI_WRAPPER_PROTOCOL"] = "LFI_WRAPPER_PROTOCOL";
|
|
86
|
+
VulnerabilityCode["LFI_PROC_DISCLOSURE"] = "LFI_PROC_DISCLOSURE";
|
|
87
|
+
// ========================================
|
|
88
|
+
// JWT VULNERABILITIES (JWT_*)
|
|
89
|
+
// ========================================
|
|
90
|
+
VulnerabilityCode["JWT_NONE_ALGORITHM"] = "JWT_NONE_ALGORITHM";
|
|
91
|
+
VulnerabilityCode["JWT_WEAK_SECRET"] = "JWT_WEAK_SECRET";
|
|
92
|
+
VulnerabilityCode["JWT_KEY_CONFUSION"] = "JWT_KEY_CONFUSION";
|
|
93
|
+
VulnerabilityCode["JWT_EXPIRED_TOKEN"] = "JWT_EXPIRED_TOKEN";
|
|
94
|
+
VulnerabilityCode["JWT_MISSING_CLAIMS"] = "JWT_MISSING_CLAIMS";
|
|
95
|
+
VulnerabilityCode["JWT_CLAIM_TAMPERING"] = "JWT_CLAIM_TAMPERING";
|
|
96
|
+
VulnerabilityCode["JWT_KID_INJECTION"] = "JWT_KID_INJECTION";
|
|
97
|
+
VulnerabilityCode["JWT_JKU_INJECTION"] = "JWT_JKU_INJECTION";
|
|
98
|
+
VulnerabilityCode["JWT_EMBEDDED_JWK"] = "JWT_EMBEDDED_JWK";
|
|
99
|
+
VulnerabilityCode["JWT_X5C_INJECTION"] = "JWT_X5C_INJECTION";
|
|
100
|
+
// ========================================
|
|
101
|
+
// OPEN REDIRECT (REDIRECT_*)
|
|
102
|
+
// ========================================
|
|
103
|
+
VulnerabilityCode["REDIRECT_HEADER_INJECTION"] = "REDIRECT_HEADER_INJECTION";
|
|
104
|
+
VulnerabilityCode["REDIRECT_META_REFRESH"] = "REDIRECT_META_REFRESH";
|
|
105
|
+
VulnerabilityCode["REDIRECT_JS_NAVIGATION"] = "REDIRECT_JS_NAVIGATION";
|
|
106
|
+
// ========================================
|
|
107
|
+
// BROKEN ACCESS CONTROL (BAC_*)
|
|
108
|
+
// ========================================
|
|
109
|
+
VulnerabilityCode["BAC_ANONYMOUS_ACCESS"] = "BAC_ANONYMOUS_ACCESS";
|
|
110
|
+
VulnerabilityCode["BAC_HORIZONTAL_PRIVILEGE"] = "BAC_HORIZONTAL_PRIVILEGE";
|
|
111
|
+
VulnerabilityCode["BAC_VERTICAL_PRIVILEGE"] = "BAC_VERTICAL_PRIVILEGE";
|
|
112
|
+
VulnerabilityCode["BAC_IDOR"] = "BAC_IDOR";
|
|
113
|
+
// ========================================
|
|
114
|
+
// SECURITY HEADERS (HEADER_*)
|
|
115
|
+
// ========================================
|
|
116
|
+
VulnerabilityCode["HEADER_MISSING_CSP"] = "HEADER_MISSING_CSP";
|
|
117
|
+
VulnerabilityCode["HEADER_MISSING_HSTS"] = "HEADER_MISSING_HSTS";
|
|
118
|
+
VulnerabilityCode["HEADER_MISSING_XFRAME"] = "HEADER_MISSING_XFRAME";
|
|
119
|
+
VulnerabilityCode["HEADER_MISSING_XCONTENT_TYPE"] = "HEADER_MISSING_XCONTENT_TYPE";
|
|
120
|
+
VulnerabilityCode["HEADER_MISSING_XSS_PROTECTION"] = "HEADER_MISSING_XSS_PROTECTION";
|
|
121
|
+
VulnerabilityCode["HEADER_MISSING_REFERRER_POLICY"] = "HEADER_MISSING_REFERRER_POLICY";
|
|
122
|
+
VulnerabilityCode["HEADER_MISSING_PERMISSIONS_POLICY"] = "HEADER_MISSING_PERMISSIONS_POLICY";
|
|
123
|
+
VulnerabilityCode["HEADER_WEAK_CSP"] = "HEADER_WEAK_CSP";
|
|
124
|
+
VulnerabilityCode["HEADER_CORS_MISCONFIGURED"] = "HEADER_CORS_MISCONFIGURED";
|
|
125
|
+
VulnerabilityCode["HEADER_COEP_WITHOUT_COOP"] = "HEADER_COEP_WITHOUT_COOP";
|
|
126
|
+
VulnerabilityCode["HEADER_CORP_UNUSUAL"] = "HEADER_CORP_UNUSUAL";
|
|
127
|
+
VulnerabilityCode["HEADER_EXPECT_CT_PRESENT"] = "HEADER_EXPECT_CT_PRESENT";
|
|
128
|
+
VulnerabilityCode["HEADER_SERVER_HEADER_PRESENT"] = "HEADER_SERVER_HEADER_PRESENT";
|
|
129
|
+
VulnerabilityCode["HEADER_X_POWERED_BY_PRESENT"] = "HEADER_X_POWERED_BY_PRESENT";
|
|
130
|
+
VulnerabilityCode["HEADER_X_XSS_PROTECTION_ENABLED"] = "HEADER_X_XSS_PROTECTION_ENABLED";
|
|
131
|
+
VulnerabilityCode["COOKIE_SAMESITE_NONE_WITHOUT_SECURE"] = "COOKIE_SAMESITE_NONE_WITHOUT_SECURE";
|
|
132
|
+
VulnerabilityCode["COOKIE_SESSION_MISSING_SECURE"] = "COOKIE_SESSION_MISSING_SECURE";
|
|
133
|
+
VulnerabilityCode["COOKIE_MISSING_SECURE"] = "COOKIE_MISSING_SECURE";
|
|
134
|
+
VulnerabilityCode["COOKIE_SESSION_MISSING_HTTPONLY"] = "COOKIE_SESSION_MISSING_HTTPONLY";
|
|
135
|
+
VulnerabilityCode["COOKIE_MISSING_HTTPONLY"] = "COOKIE_MISSING_HTTPONLY";
|
|
136
|
+
VulnerabilityCode["COOKIE_MISSING_SAMESITE"] = "COOKIE_MISSING_SAMESITE";
|
|
137
|
+
VulnerabilityCode["COOKIE_HOST_PREFIX_INVALID"] = "COOKIE_HOST_PREFIX_INVALID";
|
|
138
|
+
VulnerabilityCode["COOKIE_SECURE_PREFIX_INVALID"] = "COOKIE_SECURE_PREFIX_INVALID";
|
|
139
|
+
VulnerabilityCode["HEADER_DRIFT_CSP"] = "HEADER_DRIFT_CSP";
|
|
140
|
+
VulnerabilityCode["HEADER_DRIFT_HSTS"] = "HEADER_DRIFT_HSTS";
|
|
141
|
+
VulnerabilityCode["HEADER_DRIFT_XCONTENT_TYPE"] = "HEADER_DRIFT_XCONTENT_TYPE";
|
|
142
|
+
VulnerabilityCode["HEADER_DRIFT_REFERRER_POLICY"] = "HEADER_DRIFT_REFERRER_POLICY";
|
|
143
|
+
VulnerabilityCode["HEADER_DRIFT_XFRAME"] = "HEADER_DRIFT_XFRAME";
|
|
144
|
+
VulnerabilityCode["HEADER_DRIFT_PERMISSIONS_POLICY"] = "HEADER_DRIFT_PERMISSIONS_POLICY";
|
|
145
|
+
VulnerabilityCode["HEADER_DRIFT_COOP"] = "HEADER_DRIFT_COOP";
|
|
146
|
+
VulnerabilityCode["HEADER_DRIFT_COEP"] = "HEADER_DRIFT_COEP";
|
|
147
|
+
VulnerabilityCode["HEADER_DRIFT_CORP"] = "HEADER_DRIFT_CORP";
|
|
148
|
+
// ========================================
|
|
149
|
+
// HOST HEADER INJECTION (HOST_*)
|
|
150
|
+
// ========================================
|
|
151
|
+
VulnerabilityCode["HOST_CACHE_POISONING"] = "HOST_CACHE_POISONING";
|
|
152
|
+
VulnerabilityCode["HOST_PASSWORD_RESET"] = "HOST_PASSWORD_RESET";
|
|
153
|
+
VulnerabilityCode["HOST_REDIRECT"] = "HOST_REDIRECT";
|
|
154
|
+
// ========================================
|
|
155
|
+
// DIRECTORY BROWSING (DIRBROWSE_*)
|
|
156
|
+
// ========================================
|
|
157
|
+
VulnerabilityCode["DIRBROWSE_ENABLED"] = "DIRBROWSE_ENABLED";
|
|
158
|
+
VulnerabilityCode["DIRBROWSE_SENSITIVE"] = "DIRBROWSE_SENSITIVE";
|
|
159
|
+
// ========================================
|
|
160
|
+
// MASS ASSIGNMENT (MASSASSIGN_*)
|
|
161
|
+
// ========================================
|
|
162
|
+
VulnerabilityCode["MASSASSIGN_PROTOTYPE_POLLUTION"] = "MASSASSIGN_PROTOTYPE_POLLUTION";
|
|
163
|
+
VulnerabilityCode["MASSASSIGN_ROLE_ESCALATION"] = "MASSASSIGN_ROLE_ESCALATION";
|
|
164
|
+
VulnerabilityCode["MASSASSIGN_HIDDEN_FIELD"] = "MASSASSIGN_HIDDEN_FIELD";
|
|
165
|
+
// ========================================
|
|
166
|
+
// DESERIALIZATION (DESER_*)
|
|
167
|
+
// ========================================
|
|
168
|
+
VulnerabilityCode["DESER_JAVA"] = "DESER_JAVA";
|
|
169
|
+
VulnerabilityCode["DESER_PHP"] = "DESER_PHP";
|
|
170
|
+
VulnerabilityCode["DESER_PYTHON"] = "DESER_PYTHON";
|
|
171
|
+
VulnerabilityCode["DESER_DOTNET"] = "DESER_DOTNET";
|
|
172
|
+
VulnerabilityCode["DESER_RUBY"] = "DESER_RUBY";
|
|
173
|
+
VulnerabilityCode["DESER_NODE"] = "DESER_NODE";
|
|
174
|
+
// ========================================
|
|
175
|
+
// SENSITIVE PATH SCOUT - CRITICAL (SENS_CRIT_*)
|
|
176
|
+
// ========================================
|
|
177
|
+
VulnerabilityCode["SENS_CRIT_AWS_CREDENTIALS"] = "SENS_CRIT_AWS_CREDENTIALS";
|
|
178
|
+
VulnerabilityCode["SENS_CRIT_SSH_PRIVATE_KEY"] = "SENS_CRIT_SSH_PRIVATE_KEY";
|
|
179
|
+
VulnerabilityCode["SENS_CRIT_SSL_PRIVATE_KEY"] = "SENS_CRIT_SSL_PRIVATE_KEY";
|
|
180
|
+
VulnerabilityCode["SENS_CRIT_RAILS_MASTER_KEY"] = "SENS_CRIT_RAILS_MASTER_KEY";
|
|
181
|
+
VulnerabilityCode["SENS_CRIT_TERRAFORM_STATE"] = "SENS_CRIT_TERRAFORM_STATE";
|
|
182
|
+
VulnerabilityCode["SENS_CRIT_FIREBASE_ADMIN_SDK"] = "SENS_CRIT_FIREBASE_ADMIN_SDK";
|
|
183
|
+
VulnerabilityCode["SENS_CRIT_KUBE_CONFIG"] = "SENS_CRIT_KUBE_CONFIG";
|
|
184
|
+
VulnerabilityCode["SENS_CRIT_AZURE_STORAGE_KEY"] = "SENS_CRIT_AZURE_STORAGE_KEY";
|
|
185
|
+
VulnerabilityCode["SENS_CRIT_CONSUL_KV"] = "SENS_CRIT_CONSUL_KV";
|
|
186
|
+
VulnerabilityCode["SENS_CRIT_VAULT_SECRET"] = "SENS_CRIT_VAULT_SECRET";
|
|
187
|
+
VulnerabilityCode["SENS_CRIT_DOCKER_SECRET"] = "SENS_CRIT_DOCKER_SECRET";
|
|
188
|
+
// ========================================
|
|
189
|
+
// SENSITIVE PATH SCOUT - HIGH (SENS_HIGH_*)
|
|
190
|
+
// ========================================
|
|
191
|
+
VulnerabilityCode["SENS_HIGH_GIT_EXPOSED"] = "SENS_HIGH_GIT_EXPOSED";
|
|
192
|
+
VulnerabilityCode["SENS_HIGH_GIT_CONFIG"] = "SENS_HIGH_GIT_CONFIG";
|
|
193
|
+
VulnerabilityCode["SENS_HIGH_WORDPRESS_CONFIG"] = "SENS_HIGH_WORDPRESS_CONFIG";
|
|
194
|
+
VulnerabilityCode["SENS_HIGH_SPRING_ACTUATOR"] = "SENS_HIGH_SPRING_ACTUATOR";
|
|
195
|
+
VulnerabilityCode["SENS_HIGH_SPRING_HEAPDUMP"] = "SENS_HIGH_SPRING_HEAPDUMP";
|
|
196
|
+
VulnerabilityCode["SENS_HIGH_DATABASE_BACKUP"] = "SENS_HIGH_DATABASE_BACKUP";
|
|
197
|
+
VulnerabilityCode["SENS_HIGH_PHPINFO"] = "SENS_HIGH_PHPINFO";
|
|
198
|
+
VulnerabilityCode["SENS_HIGH_LARAVEL_DEBUG"] = "SENS_HIGH_LARAVEL_DEBUG";
|
|
199
|
+
VulnerabilityCode["SENS_HIGH_GCP_SERVICE_ACCOUNT"] = "SENS_HIGH_GCP_SERVICE_ACCOUNT";
|
|
200
|
+
VulnerabilityCode["SENS_HIGH_GRAPHQL_INTROSPECTION"] = "SENS_HIGH_GRAPHQL_INTROSPECTION";
|
|
201
|
+
VulnerabilityCode["SENS_HIGH_PHPMYADMIN"] = "SENS_HIGH_PHPMYADMIN";
|
|
202
|
+
VulnerabilityCode["SENS_HIGH_MONGODB_CONFIG"] = "SENS_HIGH_MONGODB_CONFIG";
|
|
203
|
+
VulnerabilityCode["SENS_HIGH_JAVA_KEYSTORE"] = "SENS_HIGH_JAVA_KEYSTORE";
|
|
204
|
+
VulnerabilityCode["SENS_HIGH_PHP_SESSION"] = "SENS_HIGH_PHP_SESSION";
|
|
205
|
+
VulnerabilityCode["SENS_HIGH_ENV_FILE"] = "SENS_HIGH_ENV_FILE";
|
|
206
|
+
VulnerabilityCode["SENS_HIGH_BACKUP_FILE"] = "SENS_HIGH_BACKUP_FILE";
|
|
207
|
+
VulnerabilityCode["SENS_HIGH_HTPASSWD"] = "SENS_HIGH_HTPASSWD";
|
|
208
|
+
VulnerabilityCode["SENS_HIGH_DS_STORE"] = "SENS_HIGH_DS_STORE";
|
|
209
|
+
// ========================================
|
|
210
|
+
// SENSITIVE PATH SCOUT - MEDIUM (SENS_MED_*)
|
|
211
|
+
// ========================================
|
|
212
|
+
VulnerabilityCode["SENS_MED_SWAGGER_DOCS"] = "SENS_MED_SWAGGER_DOCS";
|
|
213
|
+
VulnerabilityCode["SENS_MED_APACHE_STATUS"] = "SENS_MED_APACHE_STATUS";
|
|
214
|
+
VulnerabilityCode["SENS_MED_PROMETHEUS_METRICS"] = "SENS_MED_PROMETHEUS_METRICS";
|
|
215
|
+
VulnerabilityCode["SENS_MED_DOCKERFILE"] = "SENS_MED_DOCKERFILE";
|
|
216
|
+
VulnerabilityCode["SENS_MED_FIREBASE_CONFIG"] = "SENS_MED_FIREBASE_CONFIG";
|
|
217
|
+
VulnerabilityCode["SENS_MED_SOURCE_MAP"] = "SENS_MED_SOURCE_MAP";
|
|
218
|
+
VulnerabilityCode["SENS_MED_ELASTICSEARCH"] = "SENS_MED_ELASTICSEARCH";
|
|
219
|
+
VulnerabilityCode["SENS_MED_ADMIN_PANEL"] = "SENS_MED_ADMIN_PANEL";
|
|
220
|
+
VulnerabilityCode["SENS_MED_COMPOSER_LOCK"] = "SENS_MED_COMPOSER_LOCK";
|
|
221
|
+
VulnerabilityCode["SENS_MED_PACKAGE_LOCK"] = "SENS_MED_PACKAGE_LOCK";
|
|
222
|
+
VulnerabilityCode["SENS_MED_GEMFILE_LOCK"] = "SENS_MED_GEMFILE_LOCK";
|
|
223
|
+
VulnerabilityCode["SENS_MED_ROBOTS_TXT"] = "SENS_MED_ROBOTS_TXT";
|
|
224
|
+
VulnerabilityCode["SENS_MED_SITEMAP"] = "SENS_MED_SITEMAP";
|
|
225
|
+
VulnerabilityCode["SENS_MED_CROSSDOMAIN_XML"] = "SENS_MED_CROSSDOMAIN_XML";
|
|
226
|
+
// ========================================
|
|
227
|
+
// SENSITIVE PATH SCOUT - LOW (SENS_LOW_*)
|
|
228
|
+
// ========================================
|
|
229
|
+
VulnerabilityCode["SENS_LOW_TRAVIS_CI"] = "SENS_LOW_TRAVIS_CI";
|
|
230
|
+
VulnerabilityCode["SENS_LOW_JENKINSFILE"] = "SENS_LOW_JENKINSFILE";
|
|
231
|
+
VulnerabilityCode["SENS_LOW_CIRCLECI"] = "SENS_LOW_CIRCLECI";
|
|
232
|
+
VulnerabilityCode["SENS_LOW_GITLAB_CI"] = "SENS_LOW_GITLAB_CI";
|
|
233
|
+
VulnerabilityCode["SENS_LOW_README"] = "SENS_LOW_README";
|
|
234
|
+
VulnerabilityCode["SENS_LOW_CHANGELOG"] = "SENS_LOW_CHANGELOG";
|
|
235
|
+
VulnerabilityCode["SENS_LOW_LICENSE"] = "SENS_LOW_LICENSE";
|
|
236
|
+
// ========================================
|
|
237
|
+
// SENSITIVE PATH SCOUT - EXTENDED
|
|
238
|
+
// ========================================
|
|
239
|
+
// HIGH
|
|
240
|
+
VulnerabilityCode["SENS_HIGH_WEB_SERVER_CONFIGURATION_FILE_DETECTED"] = "SENS_HIGH_WEB_SERVER_CONFIGURATION_FILE_DETECTED";
|
|
241
|
+
VulnerabilityCode["SENS_HIGH_APPSETTINGS_JSON_EXPOSED"] = "SENS_HIGH_APPSETTINGS_JSON_EXPOSED";
|
|
242
|
+
VulnerabilityCode["SENS_HIGH_SPRING_CONFIG_EXPOSED"] = "SENS_HIGH_SPRING_CONFIG_EXPOSED";
|
|
243
|
+
VulnerabilityCode["SENS_HIGH_NPMRC_EXPOSED"] = "SENS_HIGH_NPMRC_EXPOSED";
|
|
244
|
+
VulnerabilityCode["SENS_HIGH_RAILS_DATABASE_YML_EXPOSED"] = "SENS_HIGH_RAILS_DATABASE_YML_EXPOSED";
|
|
245
|
+
VulnerabilityCode["SENS_HIGH_DRUPAL_SETTINGS_PHP_EXPOSED"] = "SENS_HIGH_DRUPAL_SETTINGS_PHP_EXPOSED";
|
|
246
|
+
VulnerabilityCode["SENS_HIGH_MAGENTO_ENV_PHP_EXPOSED"] = "SENS_HIGH_MAGENTO_ENV_PHP_EXPOSED";
|
|
247
|
+
VulnerabilityCode["SENS_HIGH_JOLOKIA_EXPOSED"] = "SENS_HIGH_JOLOKIA_EXPOSED";
|
|
248
|
+
VulnerabilityCode["SENS_HIGH_SVN_WORKING_COPY_DATABASE_EXPOSED"] = "SENS_HIGH_SVN_WORKING_COPY_DATABASE_EXPOSED";
|
|
249
|
+
VulnerabilityCode["SENS_HIGH_SUBVERSION_REPOSITORY_DETECTED"] = "SENS_HIGH_SUBVERSION_REPOSITORY_DETECTED";
|
|
250
|
+
VulnerabilityCode["SENS_HIGH_SPRING_BOOT_THREAD_DUMP_EXPOSED"] = "SENS_HIGH_SPRING_BOOT_THREAD_DUMP_EXPOSED";
|
|
251
|
+
VulnerabilityCode["SENS_HIGH_REDIS_RDB_DUMP_DETECTED"] = "SENS_HIGH_REDIS_RDB_DUMP_DETECTED";
|
|
252
|
+
VulnerabilityCode["SENS_HIGH_TRACE_AXD"] = "SENS_HIGH_TRACE_AXD";
|
|
253
|
+
VulnerabilityCode["SENS_HIGH_ELMAH_AXD_EXPOSED"] = "SENS_HIGH_ELMAH_AXD_EXPOSED";
|
|
254
|
+
VulnerabilityCode["SENS_HIGH_SQLITE_DATABASE_DETECTED"] = "SENS_HIGH_SQLITE_DATABASE_DETECTED";
|
|
255
|
+
VulnerabilityCode["SENS_HIGH_AWS_CONFIG_EXPOSED"] = "SENS_HIGH_AWS_CONFIG_EXPOSED";
|
|
256
|
+
VulnerabilityCode["SENS_HIGH_AZURE_CREDENTIALS_EXPOSED"] = "SENS_HIGH_AZURE_CREDENTIALS_EXPOSED";
|
|
257
|
+
VulnerabilityCode["SENS_HIGH_HELM_VALUES_EXPOSED"] = "SENS_HIGH_HELM_VALUES_EXPOSED";
|
|
258
|
+
VulnerabilityCode["SENS_HIGH_TERRAFORM_VARS_EXPOSED"] = "SENS_HIGH_TERRAFORM_VARS_EXPOSED";
|
|
259
|
+
VulnerabilityCode["SENS_HIGH_LARAVEL_LOG_EXPOSED"] = "SENS_HIGH_LARAVEL_LOG_EXPOSED";
|
|
260
|
+
VulnerabilityCode["SENS_HIGH_WORD_PRESS_DEBUG_LOG_EXPOSED"] = "SENS_HIGH_WORD_PRESS_DEBUG_LOG_EXPOSED";
|
|
261
|
+
VulnerabilityCode["SENS_HIGH_ADMINER_EXPOSED"] = "SENS_HIGH_ADMINER_EXPOSED";
|
|
262
|
+
VulnerabilityCode["SENS_HIGH_DEBUG_ENDPOINT_EXPOSED"] = "SENS_HIGH_DEBUG_ENDPOINT_EXPOSED";
|
|
263
|
+
VulnerabilityCode["SENS_HIGH_GO_DEBUG_VARS_EXPOSED"] = "SENS_HIGH_GO_DEBUG_VARS_EXPOSED";
|
|
264
|
+
VulnerabilityCode["SENS_HIGH_GO_PPROF_EXPOSED"] = "SENS_HIGH_GO_PPROF_EXPOSED";
|
|
265
|
+
VulnerabilityCode["SENS_HIGH_AZURE_STORAGE_CONFIG_EXPOSED"] = "SENS_HIGH_AZURE_STORAGE_CONFIG_EXPOSED";
|
|
266
|
+
VulnerabilityCode["SENS_HIGH_MONGO_RC_EXPOSED"] = "SENS_HIGH_MONGO_RC_EXPOSED";
|
|
267
|
+
// MEDIUM
|
|
268
|
+
VulnerabilityCode["SENS_MED_UN_PROTECTED_CONFIG_JSON"] = "SENS_MED_UN_PROTECTED_CONFIG_JSON";
|
|
269
|
+
VulnerabilityCode["SENS_MED_MERCURIAL_REPOSITORY_FOUND"] = "SENS_MED_MERCURIAL_REPOSITORY_FOUND";
|
|
270
|
+
VulnerabilityCode["SENS_MED_MERCURIAL_HGRC_EXPOSED"] = "SENS_MED_MERCURIAL_HGRC_EXPOSED";
|
|
271
|
+
VulnerabilityCode["SENS_MED_CVS_ROOT_EXPOSED"] = "SENS_MED_CVS_ROOT_EXPOSED";
|
|
272
|
+
VulnerabilityCode["SENS_MED_CVS_ENTRIES_EXPOSED"] = "SENS_MED_CVS_ENTRIES_EXPOSED";
|
|
273
|
+
VulnerabilityCode["SENS_MED_BAZAAR_REPO_EXPOSED"] = "SENS_MED_BAZAAR_REPO_EXPOSED";
|
|
274
|
+
VulnerabilityCode["SENS_MED_DOCKER_COMPOSE_CONFIGURATION_DETECTED"] = "SENS_MED_DOCKER_COMPOSE_CONFIGURATION_DETECTED";
|
|
275
|
+
VulnerabilityCode["SENS_MED_LARAVEL_LOG_VIEWER_ENABLED"] = "SENS_MED_LARAVEL_LOG_VIEWER_ENABLED";
|
|
276
|
+
VulnerabilityCode["SENS_MED_APACHE_HTACCESS_FILE_DETECTED"] = "SENS_MED_APACHE_HTACCESS_FILE_DETECTED";
|
|
277
|
+
VulnerabilityCode["SENS_MED_APACHE_SERVER_INFO_EXPOSED"] = "SENS_MED_APACHE_SERVER_INFO_EXPOSED";
|
|
278
|
+
VulnerabilityCode["SENS_MED_PACKAGE_DEPENDENCIES_DETECTED"] = "SENS_MED_PACKAGE_DEPENDENCIES_DETECTED";
|
|
279
|
+
VulnerabilityCode["SENS_MED_PHP_COMPOSER_DEPENDENCIES_DETECTED"] = "SENS_MED_PHP_COMPOSER_DEPENDENCIES_DETECTED";
|
|
280
|
+
VulnerabilityCode["SENS_MED_SSH_PUBLIC_KEY_EXPOSED"] = "SENS_MED_SSH_PUBLIC_KEY_EXPOSED";
|
|
281
|
+
VulnerabilityCode["SENS_MED_SSL_CERTIFICATE_EXPOSED"] = "SENS_MED_SSL_CERTIFICATE_EXPOSED";
|
|
282
|
+
VulnerabilityCode["SENS_MED_GRAPH_QL_ENDPOINT_EXPOSED"] = "SENS_MED_GRAPH_QL_ENDPOINT_EXPOSED";
|
|
283
|
+
VulnerabilityCode["SENS_MED_GRAPHI_QL_EXPOSED"] = "SENS_MED_GRAPHI_QL_EXPOSED";
|
|
284
|
+
VulnerabilityCode["SENS_MED_TERRAFORM_LOCK_EXPOSED"] = "SENS_MED_TERRAFORM_LOCK_EXPOSED";
|
|
285
|
+
VulnerabilityCode["SENS_MED_ERROR_LOG_EXPOSED"] = "SENS_MED_ERROR_LOG_EXPOSED";
|
|
286
|
+
VulnerabilityCode["SENS_MED_ACCESS_LOG_EXPOSED"] = "SENS_MED_ACCESS_LOG_EXPOSED";
|
|
287
|
+
VulnerabilityCode["SENS_MED_DEBUG_LOG_EXPOSED"] = "SENS_MED_DEBUG_LOG_EXPOSED";
|
|
288
|
+
VulnerabilityCode["SENS_MED_APPLICATION_LOG_EXPOSED"] = "SENS_MED_APPLICATION_LOG_EXPOSED";
|
|
289
|
+
VulnerabilityCode["SENS_MED_WSDL_EXPOSED"] = "SENS_MED_WSDL_EXPOSED";
|
|
290
|
+
VulnerabilityCode["SENS_MED_WORD_PRESS_XML_RPC_EXPOSED"] = "SENS_MED_WORD_PRESS_XML_RPC_EXPOSED";
|
|
291
|
+
// LOW
|
|
292
|
+
VulnerabilityCode["SENS_LOW_TOML_PROJECT_FILE_EXPOSED"] = "SENS_LOW_TOML_PROJECT_FILE_EXPOSED";
|
|
293
|
+
VulnerabilityCode["SENS_LOW_ATLASSIAN_BITBUCKET_PIPELINES_CONFIGURATION_DETECTED"] = "SENS_LOW_ATLASSIAN_BITBUCKET_PIPELINES_CONFIGURATION_DETECTED";
|
|
294
|
+
VulnerabilityCode["SENS_LOW_AZURE_PIPELINES_CONFIGURATION_DETECTED"] = "SENS_LOW_AZURE_PIPELINES_CONFIGURATION_DETECTED";
|
|
295
|
+
VulnerabilityCode["SENS_LOW_AWS_CODE_BUILD_BUILDSPEC_DETECTED"] = "SENS_LOW_AWS_CODE_BUILD_BUILDSPEC_DETECTED";
|
|
296
|
+
VulnerabilityCode["SENS_LOW_GITHUB_ACTIONS_WORKFLOW_DETECTED"] = "SENS_LOW_GITHUB_ACTIONS_WORKFLOW_DETECTED";
|
|
297
|
+
VulnerabilityCode["SENS_LOW_PYTHON_REQUIREMENTS_DETECTED"] = "SENS_LOW_PYTHON_REQUIREMENTS_DETECTED";
|
|
298
|
+
VulnerabilityCode["SENS_LOW_TEST_ENDPOINT_EXPOSED"] = "SENS_LOW_TEST_ENDPOINT_EXPOSED";
|
|
299
|
+
VulnerabilityCode["SENS_LOW_STAGING_ENDPOINT_EXPOSED"] = "SENS_LOW_STAGING_ENDPOINT_EXPOSED";
|
|
300
|
+
VulnerabilityCode["SENS_LOW_EDITOR_BACKUP_FILE_DETECTED"] = "SENS_LOW_EDITOR_BACKUP_FILE_DETECTED";
|
|
301
|
+
VulnerabilityCode["SENS_LOW_VIM_SWAP_FILE_DETECTED"] = "SENS_LOW_VIM_SWAP_FILE_DETECTED";
|
|
302
|
+
VulnerabilityCode["SENS_LOW_DIRECTORY_LISTING_ENABLED"] = "SENS_LOW_DIRECTORY_LISTING_ENABLED";
|
|
303
|
+
VulnerabilityCode["SENS_LOW_AWSSAM_TEMPLATE_EXPOSED"] = "SENS_LOW_AWSSAM_TEMPLATE_EXPOSED";
|
|
304
|
+
VulnerabilityCode["SENS_LOW_SERVERLESS_CONFIG_EXPOSED"] = "SENS_LOW_SERVERLESS_CONFIG_EXPOSED";
|
|
305
|
+
VulnerabilityCode["SENS_LOW_CLOUD_FORMATION_TEMPLATE_EXPOSED"] = "SENS_LOW_CLOUD_FORMATION_TEMPLATE_EXPOSED";
|
|
306
|
+
// ========================================
|
|
307
|
+
// CLICKJACKING (CLICK_*)
|
|
308
|
+
// ========================================
|
|
309
|
+
VulnerabilityCode["CLICK_FRAMEABLE"] = "CLICK_FRAMEABLE";
|
|
310
|
+
VulnerabilityCode["CLICK_PARTIAL_PROTECTION"] = "CLICK_PARTIAL_PROTECTION";
|
|
311
|
+
})(VulnerabilityCode || (VulnerabilityCode = {}));
|
|
312
|
+
export default VulnerabilityCode;
|
package/dist/index.d.ts
ADDED
|
@@ -0,0 +1,60 @@
|
|
|
1
|
+
/**
|
|
2
|
+
* Vulnerability Registry - Main Entry Point
|
|
3
|
+
*
|
|
4
|
+
* Exports all vulnerability codes, definitions, and lookup utilities
|
|
5
|
+
*/
|
|
6
|
+
import { VulnerabilityCode } from './error-codes.js';
|
|
7
|
+
import type { VulnerabilityDefinition, VulnerabilityLookup, Severity, VulnerabilityCategory } from './types.js';
|
|
8
|
+
import { INJECTION_VULNERABILITIES } from './categories/injection.js';
|
|
9
|
+
import { XSS_VULNERABILITIES } from './categories/xss.js';
|
|
10
|
+
import { SSRF_VULNERABILITIES } from './categories/ssrf.js';
|
|
11
|
+
import { AUTH_VULNERABILITIES } from './categories/authentication.js';
|
|
12
|
+
import { CONFIG_VULNERABILITIES } from './categories/configuration.js';
|
|
13
|
+
import { SENSITIVE_PATH_VULNERABILITIES } from './categories/sensitive-paths.js';
|
|
14
|
+
/**
|
|
15
|
+
* Complete vulnerability registry combining all categories
|
|
16
|
+
*/
|
|
17
|
+
export declare const VULNERABILITY_REGISTRY: Record<string, VulnerabilityDefinition>;
|
|
18
|
+
/**
|
|
19
|
+
* Get vulnerability definition by code
|
|
20
|
+
*/
|
|
21
|
+
export declare function getVulnerabilityDefinition(code: VulnerabilityCode | string): VulnerabilityLookup;
|
|
22
|
+
/**
|
|
23
|
+
* Get all vulnerabilities for a specific scanner
|
|
24
|
+
*/
|
|
25
|
+
export declare function getVulnerabilitiesByScanner(scanner: string): VulnerabilityDefinition[];
|
|
26
|
+
/**
|
|
27
|
+
* Get all vulnerabilities for a specific category
|
|
28
|
+
*/
|
|
29
|
+
export declare function getVulnerabilitiesByCategory(category: VulnerabilityCategory): VulnerabilityDefinition[];
|
|
30
|
+
/**
|
|
31
|
+
* Get all vulnerabilities for a specific severity
|
|
32
|
+
*/
|
|
33
|
+
export declare function getVulnerabilitiesBySeverity(severity: Severity): VulnerabilityDefinition[];
|
|
34
|
+
/**
|
|
35
|
+
* Get all vulnerability codes
|
|
36
|
+
*/
|
|
37
|
+
export declare function getAllVulnerabilityCodes(): VulnerabilityCode[];
|
|
38
|
+
/**
|
|
39
|
+
* Get total count of registered vulnerabilities
|
|
40
|
+
*/
|
|
41
|
+
export declare function getVulnerabilityCount(): number;
|
|
42
|
+
/**
|
|
43
|
+
* Create a finding with vulnerability definition
|
|
44
|
+
*/
|
|
45
|
+
export declare function createFinding(code: VulnerabilityCode | string, overrides?: Partial<VulnerabilityDefinition>): VulnerabilityDefinition | null;
|
|
46
|
+
export { VulnerabilityCode } from './error-codes.js';
|
|
47
|
+
export type { VulnerabilityDefinition, VulnerabilityLookup, CVSSProfile, CWEReference, OWASPReference, Severity, VulnerabilityCategory, } from './types.js';
|
|
48
|
+
export { INJECTION_VULNERABILITIES, XSS_VULNERABILITIES, SSRF_VULNERABILITIES, AUTH_VULNERABILITIES, CONFIG_VULNERABILITIES, SENSITIVE_PATH_VULNERABILITIES, };
|
|
49
|
+
declare const _default: {
|
|
50
|
+
VulnerabilityCode: typeof VulnerabilityCode;
|
|
51
|
+
VULNERABILITY_REGISTRY: Record<string, VulnerabilityDefinition>;
|
|
52
|
+
getVulnerabilityDefinition: typeof getVulnerabilityDefinition;
|
|
53
|
+
getVulnerabilitiesByScanner: typeof getVulnerabilitiesByScanner;
|
|
54
|
+
getVulnerabilitiesByCategory: typeof getVulnerabilitiesByCategory;
|
|
55
|
+
getVulnerabilitiesBySeverity: typeof getVulnerabilitiesBySeverity;
|
|
56
|
+
getAllVulnerabilityCodes: typeof getAllVulnerabilityCodes;
|
|
57
|
+
getVulnerabilityCount: typeof getVulnerabilityCount;
|
|
58
|
+
createFinding: typeof createFinding;
|
|
59
|
+
};
|
|
60
|
+
export default _default;
|