@zerothreatai/vulnerability-registry 3.0.0 → 5.0.0

package/dist-cjs/categories/ssrf.js

@@ -9,11 +9,12 @@ exports.SSRF_VULNERABILITIES = void 0;
 const error_codes_js_1 = require("../error-codes.js");
 exports.SSRF_VULNERABILITIES = {
     [error_codes_js_1.VulnerabilityCode.SSRF_CLOUD_METADATA]: {
-        id: 46,
+        id: 450,
         code: error_codes_js_1.VulnerabilityCode.SSRF_CLOUD_METADATA,
         title: 'Server-Side Request Forgery - Cloud Metadata Access',
         description: 'Critical SSRF vulnerability enabling access to cloud provider metadata services (AWS IMDSv1, GCP, Azure) which expose sensitive information including IAM credentials, API tokens, and instance configuration that can lead to full cloud account compromise and lateral movement.',
         severity: 'critical',
+        levelId: 1,
         category: 'ssrf',
         scanner: 'ssrf',
         cvss: {
@@ -30,11 +31,12 @@ exports.SSRF_VULNERABILITIES = {
         remediation: 'Block access to cloud metadata IP ranges (169.254.169.254). Implement IMDSv2 which requires tokens. Use allowlist for external URLs. Validate and sanitize all URL inputs.',
     },
     [error_codes_js_1.VulnerabilityCode.SSRF_INTERNAL_SERVICE]: {
-        id: 47,
+        id: 451,
         code: error_codes_js_1.VulnerabilityCode.SSRF_INTERNAL_SERVICE,
         title: 'Server-Side Request Forgery - Internal Service Access',
         description: 'SSRF vulnerability allowing attackers to access internal network services that should not be reachable from the internet, including databases, admin panels, cache servers, and other infrastructure components protected only by network segmentation without authentication.',
         severity: 'high',
+        levelId: 2,
         category: 'ssrf',
         scanner: 'ssrf',
         cvss: {
@@ -51,11 +53,12 @@ exports.SSRF_VULNERABILITIES = {
         remediation: 'Implement URL allowlist for permitted external resources. Block requests to private IP ranges and localhost. Use network segmentation with proper authentication for internal services.',
     },
     [error_codes_js_1.VulnerabilityCode.SSRF_PROTOCOL_SMUGGLING]: {
-        id: 48,
+        id: 452,
         code: error_codes_js_1.VulnerabilityCode.SSRF_PROTOCOL_SMUGGLING,
         title: 'Server-Side Request Forgery - Protocol Smuggling',
         description: 'SSRF vulnerability exploiting non-HTTP protocol handlers like file://, gopher://, dict://, or ftp:// to read local files, interact with internal services using raw TCP, or perform attacks that would not be possible through HTTP requests alone, significantly expanding impact scope.',
         severity: 'high',
+        levelId: 2,
         category: 'ssrf',
         scanner: 'ssrf',
         cvss: {
@@ -72,11 +75,12 @@ exports.SSRF_VULNERABILITIES = {
         remediation: 'Enforce HTTP/HTTPS only for outbound requests. Disable or block dangerous protocol handlers at the application and network level. Validate URL schemes against strict allowlist.',
     },
     [error_codes_js_1.VulnerabilityCode.SSRF_BLIND_OOB]: {
-        id: 49,
+        id: 453,
         code: error_codes_js_1.VulnerabilityCode.SSRF_BLIND_OOB,
         title: 'Server-Side Request Forgery - Blind OOB',
         description: 'Blind SSRF vulnerability confirmed through out-of-band DNS or HTTP callbacks indicating the server makes requests to attacker-controlled destinations even though responses are not reflected, enabling internal network scanning and data exfiltration through DNS or timing side channels.',
         severity: 'medium',
+        levelId: 3,
         category: 'ssrf',
         scanner: 'ssrf',
         cvss: {
@@ -96,11 +100,12 @@ exports.SSRF_VULNERABILITIES = {
     // OPEN REDIRECT
     // ========================================
     [error_codes_js_1.VulnerabilityCode.REDIRECT_HEADER_INJECTION]: {
-        id: 50,
+        id: 454,
         code: error_codes_js_1.VulnerabilityCode.REDIRECT_HEADER_INJECTION,
         title: 'Open Redirect - HTTP Header Injection',
         description: 'Open redirect vulnerability through Location header manipulation allowing attackers to redirect victims to malicious websites after authenticating or interacting with the legitimate application, facilitating phishing attacks that abuse user trust in the original domain.',
         severity: 'medium',
+        levelId: 3,
         category: 'business_logic',
         scanner: 'redirect-route',
         cvss: {
@@ -117,11 +122,12 @@ exports.SSRF_VULNERABILITIES = {
         remediation: 'Use allowlist of permitted redirect destinations. Avoid using user input for redirect URLs. If redirects are required, use indirect references or validate against known safe patterns.',
     },
     [error_codes_js_1.VulnerabilityCode.REDIRECT_JS_NAVIGATION]: {
-        id: 51,
+        id: 455,
         code: error_codes_js_1.VulnerabilityCode.REDIRECT_JS_NAVIGATION,
         title: 'Open Redirect - JavaScript Navigation',
         description: 'Client-side open redirect vulnerability through JavaScript navigation methods like window.location or location.href being set to user-controlled values, allowing attackers to redirect users to malicious sites through specially crafted URLs that bypass server-side validation.',
         severity: 'medium',
+        levelId: 3,
         category: 'business_logic',
         scanner: 'redirect-route',
         cvss: {
@@ -141,11 +147,12 @@ exports.SSRF_VULNERABILITIES = {
     // HOST HEADER INJECTION
     // ========================================
     [error_codes_js_1.VulnerabilityCode.HOST_CACHE_POISONING]: {
-        id: 52,
+        id: 456,
         code: error_codes_js_1.VulnerabilityCode.HOST_CACHE_POISONING,
         title: 'Host Header Injection - Cache Poisoning',
         description: 'Host header injection vulnerability where manipulated Host headers are reflected in cached responses, allowing attackers to poison web caches and CDNs with malicious content that is then served to all users, potentially enabling widespread defacement or malware distribution.',
         severity: 'high',
+        levelId: 2,
         category: 'configuration',
         scanner: 'host-header',
         cvss: {
@@ -162,11 +169,12 @@ exports.SSRF_VULNERABILITIES = {
         remediation: 'Configure web servers to reject requests with unexpected Host headers. Include Host header in cache keys. Use canonical URLs for all generated links.',
     },
     [error_codes_js_1.VulnerabilityCode.HOST_PASSWORD_RESET]: {
-        id: 53,
+        id: 457,
         code: error_codes_js_1.VulnerabilityCode.HOST_PASSWORD_RESET,
         title: 'Host Header Injection - Password Reset Poisoning',
         description: 'Critical host header injection vulnerability in password reset functionality where the injected Host header is used to generate password reset URLs, allowing attackers to receive password reset tokens when victims click the manipulated links in legitimate reset emails.',
         severity: 'high',
+        levelId: 2,
         category: 'configuration',
         scanner: 'host-header',
         cvss: {
@@ -183,11 +191,12 @@ exports.SSRF_VULNERABILITIES = {
         remediation: 'Use hardcoded canonical domain for generated URLs. Never trust Host header for security-sensitive functionality. Validate Host header against configured allowed hosts.',
     },
     [error_codes_js_1.VulnerabilityCode.SSRF_FILTER_BYPASS]: {
-        id: 54,
+        id: 458,
         code: error_codes_js_1.VulnerabilityCode.SSRF_FILTER_BYPASS,
         title: 'Server-Side Request Forgery - Filter Bypass',
         description: 'SSRF vulnerability that bypasses security filters through encoding tricks (URL encoding, IPv6 representation, decimal IP notation), DNS rebinding, or using alternative representations of blocked addresses to reach internal resources despite URL validation controls.',
         severity: 'high',
+        levelId: 2,
         category: 'ssrf',
         scanner: 'ssrf',
         cvss: {
@@ -204,11 +213,12 @@ exports.SSRF_VULNERABILITIES = {
         remediation: 'Implement defense-in-depth with multiple validation layers. Resolve DNS before validation. Use strict URL parsing libraries. Block all private IP ranges including encoded forms.',
     },
     [error_codes_js_1.VulnerabilityCode.REDIRECT_META_REFRESH]: {
-        id: 55,
+        id: 459,
         code: error_codes_js_1.VulnerabilityCode.REDIRECT_META_REFRESH,
         title: 'Open Redirect - Meta Refresh',
         description: 'Open redirect vulnerability through HTML meta refresh tags where user input controls the redirect target URL, enabling phishing attacks by sending victims to malicious sites after a brief delay on the legitimate domain, bypassing some security controls.',
         severity: 'low',
+        levelId: 4,
         category: 'business_logic',
         scanner: 'redirect-route',
         cvss: {
@@ -225,11 +235,12 @@ exports.SSRF_VULNERABILITIES = {
         remediation: 'Validate meta refresh URLs against allowlist. Avoid using user input in meta refresh tags. Prefer server-side redirects with proper validation over client-side meta refresh.',
     },
     [error_codes_js_1.VulnerabilityCode.HOST_REDIRECT]: {
-        id: 56,
+        id: 460,
         code: error_codes_js_1.VulnerabilityCode.HOST_REDIRECT,
         title: 'Host Header Injection - Open Redirect',
         description: 'Host header injection leading to open redirect where the application uses the Host header to generate redirect URLs, allowing attackers to redirect users to malicious domains by manipulating the Host header in their requests.',
         severity: 'medium',
+        levelId: 3,
         category: 'configuration',
         scanner: 'host-header',
         cvss: {

package/dist-cjs/categories/xss.js

@@ -9,11 +9,12 @@ exports.XSS_VULNERABILITIES = void 0;
 const error_codes_js_1 = require("../error-codes.js");
 exports.XSS_VULNERABILITIES = {
     [error_codes_js_1.VulnerabilityCode.XSS_REFLECTED]: {
-        id: 31,
+        id: 400,
         code: error_codes_js_1.VulnerabilityCode.XSS_REFLECTED,
         title: 'Cross-Site Scripting - Reflected',
         description: 'Reflected XSS vulnerability where user input is immediately returned by the server in the response without proper encoding, allowing attackers to inject malicious scripts that execute in the victim browser when they click a crafted link or submit a manipulated form.',
         severity: 'medium',
+        levelId: 3,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -30,11 +31,12 @@ exports.XSS_VULNERABILITIES = {
         remediation: 'HTML-encode all user input before rendering in HTML. Implement Content Security Policy (CSP). Use context-aware output encoding based on output location (HTML, JS, CSS, URL).',
     },
     [error_codes_js_1.VulnerabilityCode.XSS_STORED]: {
-        id: 32,
+        id: 401,
         code: error_codes_js_1.VulnerabilityCode.XSS_STORED,
         title: 'Cross-Site Scripting - Stored',
         description: 'Critical stored XSS vulnerability where malicious scripts are permanently saved in the application database and served to all users who view the affected content, enabling widespread session hijacking, credential theft, and malware distribution without requiring victim interaction beyond normal usage.',
         severity: 'high',
+        levelId: 2,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -51,11 +53,12 @@ exports.XSS_VULNERABILITIES = {
         remediation: 'Sanitize all user input before storage. HTML-encode all dynamic content in responses. Implement strict Content Security Policy. Use HTTP-only and Secure flags for session cookies.',
     },
     [error_codes_js_1.VulnerabilityCode.XSS_DOM_BASED]: {
-        id: 33,
+        id: 402,
         code: error_codes_js_1.VulnerabilityCode.XSS_DOM_BASED,
         title: 'Cross-Site Scripting - DOM Based',
         description: 'DOM-based XSS vulnerability where the attack payload is processed entirely in the client-side JavaScript code without being sent to the server, typically through dangerous sinks like innerHTML, document.write(), or eval() that process URL fragments or user-controlled DOM elements.',
         severity: 'medium',
+        levelId: 3,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -72,11 +75,12 @@ exports.XSS_VULNERABILITIES = {
         remediation: 'Avoid using dangerous DOM sinks like innerHTML and document.write(). Use textContent instead of innerHTML. Sanitize any DOM manipulation with user input. Implement Trusted Types if supported.',
     },
     [error_codes_js_1.VulnerabilityCode.XSS_SVG_INJECTION]: {
-        id: 34,
+        id: 403,
         code: error_codes_js_1.VulnerabilityCode.XSS_SVG_INJECTION,
         title: 'Cross-Site Scripting - SVG Injection',
         description: 'SVG-based XSS vulnerability where malicious JavaScript is embedded within SVG image files using script elements or event handlers like onload, which execute when the browser renders the SVG file as an image or inline element, bypassing image upload security controls.',
         severity: 'high',
+        levelId: 2,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -93,11 +97,12 @@ exports.XSS_VULNERABILITIES = {
         remediation: 'Sanitize uploaded SVG files to remove script elements and event handlers. Serve user-uploaded SVGs from a separate domain. Set Content-Disposition: attachment for SVG downloads. Use Content-Security-Policy.',
     },
     [error_codes_js_1.VulnerabilityCode.XSS_CSTI_ANGULAR]: {
-        id: 35,
+        id: 404,
         code: error_codes_js_1.VulnerabilityCode.XSS_CSTI_ANGULAR,
         title: 'Cross-Site Scripting - Angular Template Injection',
         description: 'AngularJS client-side template injection vulnerability where user input containing Angular expressions like {{constructor.constructor("alert(1)")()}} is evaluated by the Angular template engine, leading to arbitrary JavaScript execution in the user browser context.',
         severity: 'high',
+        levelId: 2,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -115,11 +120,12 @@ exports.XSS_VULNERABILITIES = {
         remediation: 'Upgrade from AngularJS to modern Angular which is not vulnerable to template injection. Use ng-non-bindable directive for user content. Encode special characters {{}} in user input. Apply strict CSP.',
     },
     [error_codes_js_1.VulnerabilityCode.XSS_CSP_BYPASS]: {
-        id: 36,
+        id: 405,
         code: error_codes_js_1.VulnerabilityCode.XSS_CSP_BYPASS,
         title: 'Cross-Site Scripting - CSP Bypass',
         description: 'XSS vulnerability that bypasses Content Security Policy protections through techniques like JSONP endpoints on whitelisted domains, base tag injection, Angular.js libraries on CDN, or other CSP bypass gadgets that allow script execution despite CSP controls being in place.',
         severity: 'high',
+        levelId: 2,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -136,11 +142,12 @@ exports.XSS_VULNERABILITIES = {
         remediation: 'Review CSP for JSONP endpoints and Angular.js CDN inclusions. Use nonce-based CSP instead of allowlist domains. Add base-uri restriction. Fix the underlying XSS vulnerability.',
     },
     [error_codes_js_1.VulnerabilityCode.XSS_JS_CONTEXT]: {
-        id: 37,
+        id: 406,
         code: error_codes_js_1.VulnerabilityCode.XSS_JS_CONTEXT,
         title: 'Cross-Site Scripting - JavaScript Context',
         description: 'XSS vulnerability where user input is injected directly into JavaScript code blocks, allowing attackers to break out of string contexts and execute arbitrary JavaScript by injecting quote characters and script code, or modify application logic by injecting new statements.',
         severity: 'high',
+        levelId: 2,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -157,11 +164,12 @@ exports.XSS_VULNERABILITIES = {
         remediation: 'Avoid inserting user data into JavaScript code. Use JSON.stringify() with proper encoding for data passed to JavaScript. Pass data through data attributes and access via DOM APIs instead.',
     },
     [error_codes_js_1.VulnerabilityCode.XSS_EVENT_HANDLER]: {
-        id: 38,
+        id: 407,
         code: error_codes_js_1.VulnerabilityCode.XSS_EVENT_HANDLER,
         title: 'Cross-Site Scripting - Event Handler Injection',
         description: 'XSS vulnerability through injection into HTML event handler attributes like onclick, onerror, onload, or onmouseover, allowing attackers to execute JavaScript when users interact with or simply view the affected page elements without requiring script tags.',
         severity: 'high',
+        levelId: 2,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -178,11 +186,12 @@ exports.XSS_VULNERABILITIES = {
         remediation: 'Use proper HTML encoding for all user input in attributes. Avoid placing user input in event handler attributes. Use Content Security Policy with unsafe-inline disabled.',
     },
     [error_codes_js_1.VulnerabilityCode.XSS_SCRIPT_INJECTION]: {
-        id: 39,
+        id: 408,
         code: error_codes_js_1.VulnerabilityCode.XSS_SCRIPT_INJECTION,
         title: 'Cross-Site Scripting - Script Tag Injection',
         description: 'XSS vulnerability where attackers can inject complete script tags into the HTML response, enabling arbitrary JavaScript execution. This is often the most straightforward XSS exploitation when input is not properly sanitized before rendering.',
         severity: 'high',
+        levelId: 2,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -199,11 +208,12 @@ exports.XSS_VULNERABILITIES = {
         remediation: 'Encode < and > characters in user input. Implement Content Security Policy. Use HTML sanitization libraries that remove script tags. Apply context-aware output encoding.',
     },
     [error_codes_js_1.VulnerabilityCode.XSS_HTML_INJECTION]: {
-        id: 40,
+        id: 409,
         code: error_codes_js_1.VulnerabilityCode.XSS_HTML_INJECTION,
         title: 'Cross-Site Scripting - HTML Injection',
         description: 'HTML injection vulnerability where attackers can inject arbitrary HTML elements that modify page structure, enabling phishing attacks through fake login forms, content spoofing, or combination with CSS to overlay malicious content over legitimate page elements.',
         severity: 'medium',
+        levelId: 3,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -220,11 +230,12 @@ exports.XSS_VULNERABILITIES = {
         remediation: 'HTML-encode all user input. Use allowlist-based HTML sanitization if rich text is required. Implement Content Security Policy to restrict form actions and frame sources.',
     },
     [error_codes_js_1.VulnerabilityCode.XSS_ATTRIBUTE_INJECTION]: {
-        id: 41,
+        id: 410,
         code: error_codes_js_1.VulnerabilityCode.XSS_ATTRIBUTE_INJECTION,
         title: 'Cross-Site Scripting - Attribute Injection',
         description: 'XSS vulnerability where user input is placed in HTML attributes without proper encoding, allowing attackers to break out of the attribute context and inject new attributes or event handlers by using quote characters and spaces.',
         severity: 'medium',
+        levelId: 3,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -241,11 +252,12 @@ exports.XSS_VULNERABILITIES = {
         remediation: 'HTML-encode quotes (single and double) when placing user input in attributes. Always use quoted attributes. Avoid placing user input in dangerous attributes like href, src, or event handlers.',
     },
     [error_codes_js_1.VulnerabilityCode.XSS_CSS_INJECTION]: {
-        id: 42,
+        id: 411,
         code: error_codes_js_1.VulnerabilityCode.XSS_CSS_INJECTION,
         title: 'Cross-Site Scripting - CSS Injection',
         description: 'CSS injection vulnerability where attackers can inject malicious CSS rules to exfiltrate data through CSS selectors and background URLs, modify page appearance for phishing, or in older browsers achieve JavaScript execution through CSS expressions.',
         severity: 'medium',
+        levelId: 3,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -262,11 +274,12 @@ exports.XSS_VULNERABILITIES = {
         remediation: 'Sanitize CSS input to remove url() functions and expression() directives. Use CSS-specific encoding. Implement Content Security Policy with style-src restrictions.',
     },
     [error_codes_js_1.VulnerabilityCode.XSS_TEMPLATE_LITERAL]: {
-        id: 43,
+        id: 412,
         code: error_codes_js_1.VulnerabilityCode.XSS_TEMPLATE_LITERAL,
         title: 'Cross-Site Scripting - Template Literal Injection',
         description: 'XSS vulnerability through JavaScript template literals (backtick strings) where user input can break out of the template context or inject expressions using ${} syntax, executing arbitrary JavaScript in the client browser context.',
         severity: 'high',
+        levelId: 2,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -283,11 +296,12 @@ exports.XSS_VULNERABILITIES = {
         remediation: 'Avoid placing user input inside template literals. Escape backticks, dollar signs, and braces. Use tagged template functions with proper escaping for user data.',
     },
     [error_codes_js_1.VulnerabilityCode.XSS_MUTATION_BASED]: {
-        id: 44,
+        id: 413,
         code: error_codes_js_1.VulnerabilityCode.XSS_MUTATION_BASED,
         title: 'Cross-Site Scripting - Mutation XSS',
         description: 'Mutation-based XSS (mXSS) vulnerability exploiting browser HTML parser quirks and DOM mutations where seemingly safe HTML is transformed into executable script through browser parsing behaviors, bypassing traditional sanitization.',
         severity: 'high',
+        levelId: 2,
         category: 'xss',
         scanner: 'xss',
         cvss: {
@@ -304,11 +318,12 @@ exports.XSS_VULNERABILITIES = {
         remediation: 'Use DOMPurify or similar mXSS-aware sanitizers. Avoid innerHTML with user content. Implement Trusted Types. Stay updated on browser parsing behavior changes.',
     },
     [error_codes_js_1.VulnerabilityCode.XSS_CSTI_VUE]: {
-        id: 45,
+        id: 414,
         code: error_codes_js_1.VulnerabilityCode.XSS_CSTI_VUE,
         title: 'Cross-Site Scripting - Vue.js Template Injection',
         description: 'Vue.js client-side template injection vulnerability where user input containing Vue expression syntax like {{}} or v-bind directives is evaluated by the Vue template compiler, leading to arbitrary JavaScript execution in the browser context.',
         severity: 'high',
+        levelId: 2,
         category: 'xss',
         scanner: 'xss',
         cvss: {

package/dist-cjs/category.js

@@ -0,0 +1,18 @@
+"use strict";
+/**
+ * Category registry - human-friendly titles for categories.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.CATEGORY_REGISTRY = void 0;
+exports.CATEGORY_REGISTRY = {
+    "injection": { title: "Injection" },
+    "xss": { title: "Cross-Site Scripting" },
+    "authentication": { title: "Authentication" },
+    "access_control": { title: "Access Control" },
+    "configuration": { title: "Configuration" },
+    "information_disclosure": { title: "Information Disclosure" },
+    "cryptographic": { title: "Cryptographic" },
+    "business_logic": { title: "Business Logic" },
+    "ssrf": { title: "Server-Side Request Forgery" },
+    "file_inclusion": { title: "File Inclusion" },
+};

package/dist-cjs/error-codes.js

@@ -175,6 +175,26 @@ var VulnerabilityCode;
     // ========================================
     // DIRECTORY BROWSING (DIRBROWSE_*)
     // ========================================
+    VulnerabilityCode["DIRBROWSE_GENERIC"] = "DIRBROWSE_GENERIC";
+    VulnerabilityCode["DIRBROWSE_GENERIC_SENSITIVE"] = "DIRBROWSE_GENERIC_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_APACHE"] = "DIRBROWSE_APACHE";
+    VulnerabilityCode["DIRBROWSE_APACHE_SENSITIVE"] = "DIRBROWSE_APACHE_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_NGINX"] = "DIRBROWSE_NGINX";
+    VulnerabilityCode["DIRBROWSE_NGINX_SENSITIVE"] = "DIRBROWSE_NGINX_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_IIS"] = "DIRBROWSE_IIS";
+    VulnerabilityCode["DIRBROWSE_IIS_SENSITIVE"] = "DIRBROWSE_IIS_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_TOMCAT"] = "DIRBROWSE_TOMCAT";
+    VulnerabilityCode["DIRBROWSE_TOMCAT_SENSITIVE"] = "DIRBROWSE_TOMCAT_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_CADDY"] = "DIRBROWSE_CADDY";
+    VulnerabilityCode["DIRBROWSE_CADDY_SENSITIVE"] = "DIRBROWSE_CADDY_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_WEBDAV"] = "DIRBROWSE_WEBDAV";
+    VulnerabilityCode["DIRBROWSE_WEBDAV_SENSITIVE"] = "DIRBROWSE_WEBDAV_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_S3"] = "DIRBROWSE_S3";
+    VulnerabilityCode["DIRBROWSE_S3_SENSITIVE"] = "DIRBROWSE_S3_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_GCS"] = "DIRBROWSE_GCS";
+    VulnerabilityCode["DIRBROWSE_GCS_SENSITIVE"] = "DIRBROWSE_GCS_SENSITIVE";
+    VulnerabilityCode["DIRBROWSE_AZURE_BLOB"] = "DIRBROWSE_AZURE_BLOB";
+    VulnerabilityCode["DIRBROWSE_AZURE_BLOB_SENSITIVE"] = "DIRBROWSE_AZURE_BLOB_SENSITIVE";
     VulnerabilityCode["DIRBROWSE_ENABLED"] = "DIRBROWSE_ENABLED";
     VulnerabilityCode["DIRBROWSE_SENSITIVE"] = "DIRBROWSE_SENSITIVE";
     // ========================================

package/dist-cjs/index.js

@@ -5,7 +5,7 @@
  * Exports all vulnerability codes, definitions, and lookup utilities
  */
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.SENSITIVE_PATH_VULNERABILITIES = exports.CONFIG_VULNERABILITIES = exports.AUTH_VULNERABILITIES = exports.SSRF_VULNERABILITIES = exports.XSS_VULNERABILITIES = exports.INJECTION_VULNERABILITIES = exports.VulnerabilityCode = exports.VULNERABILITY_REGISTRY = void 0;
+exports.SCANNER_REGISTRY = exports.CATEGORY_REGISTRY = exports.SENSITIVE_PATH_VULNERABILITIES = exports.CONFIG_VULNERABILITIES = exports.AUTH_VULNERABILITIES = exports.SSRF_VULNERABILITIES = exports.XSS_VULNERABILITIES = exports.INJECTION_VULNERABILITIES = exports.VulnerabilityCode = exports.VULNERABILITY_REGISTRY = void 0;
 exports.getVulnerabilityDefinition = getVulnerabilityDefinition;
 exports.getVulnerabilitiesByScanner = getVulnerabilitiesByScanner;
 exports.getVulnerabilitiesByCategory = getVulnerabilitiesByCategory;
@@ -27,6 +27,10 @@ const configuration_js_1 = require("./categories/configuration.js");
 Object.defineProperty(exports, "CONFIG_VULNERABILITIES", { enumerable: true, get: function () { return configuration_js_1.CONFIG_VULNERABILITIES; } });
 const sensitive_paths_js_1 = require("./categories/sensitive-paths.js");
 Object.defineProperty(exports, "SENSITIVE_PATH_VULNERABILITIES", { enumerable: true, get: function () { return sensitive_paths_js_1.SENSITIVE_PATH_VULNERABILITIES; } });
+const category_js_1 = require("./category.js");
+Object.defineProperty(exports, "CATEGORY_REGISTRY", { enumerable: true, get: function () { return category_js_1.CATEGORY_REGISTRY; } });
+const scanner_js_1 = require("./scanner.js");
+Object.defineProperty(exports, "SCANNER_REGISTRY", { enumerable: true, get: function () { return scanner_js_1.SCANNER_REGISTRY; } });
 /**
  * Complete vulnerability registry combining all categories
  */
@@ -104,4 +108,6 @@ exports.default = {
     getAllVulnerabilityCodes,
     getVulnerabilityCount,
     createFinding,
+    CATEGORY_REGISTRY: category_js_1.CATEGORY_REGISTRY,
+    SCANNER_REGISTRY: scanner_js_1.SCANNER_REGISTRY,
 };

package/dist-cjs/scanner.js

@@ -0,0 +1,25 @@
+"use strict";
+/**
+ * Scanner registry - human-friendly titles for scanners.
+ */
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.SCANNER_REGISTRY = void 0;
+exports.SCANNER_REGISTRY = {
+    "broken-access": { title: "Broken Access" },
+    "command-injection": { title: "Command Injection" },
+    "deserialization": { title: "Deserialization" },
+    "directory-browsing": { title: "Directory Browsing" },
+    "host-header": { title: "Host Header" },
+    "jwt": { title: "JSON WEB TOKEN" },
+    "local-file-inclusion": { title: "Local File Inclusion" },
+    "model-state": { title: "Model State" },
+    "redirect-route": { title: "Redirect Route" },
+    "security-headers": { title: "Security Headers" },
+    "sensitive-path-scout": { title: "Sensitive Path Scout" },
+    "sql-injection": { title: "SQL Injection" },
+    "ssrf": { title: "SSRF" },
+    "ssti": { title: "SSTI" },
+    "xpath-injection": { title: "XPath Injection" },
+    "xss": { title: "XSS" },
+    "xxe": { title: "XXE" },
+};

package/package.json

@@ -1,37 +1,40 @@
 {
-    "name": "@zerothreatai/vulnerability-registry",
-    "version": "3.0.0",
-    "description": "Centralized vulnerability definitions, CVSS scores, and references for ZeroThreat scanners",
-    "main": "dist/index.js",
-    "types": "dist/index.d.ts",
-    "type": "module",
-    "scripts": {
-        "build:esm": "tsc -p tsconfig.json",
-        "build:cjs": "tsc -p tsconfig.cjs.json",
-        "build": "npm run build:esm && npm run build:cjs",
-        "postbuild": "node scripts/write-cjs-package.cjs",
-        "prepack": "npm run build",
-        "test": "vitest run"
+  "name": "@zerothreatai/vulnerability-registry",
+  "version": "5.0.0",
+  "description": "Centralized vulnerability definitions, CVSS scores, and references for ZeroThreat scanners",
+  "main": "dist/index.js",
+  "types": "dist/index.d.ts",
+  "type": "module",
+  "scripts": {
+    "ids:assign": "tsx scripts/assign-ids.ts",
+    "ids:check": "tsx scripts/check-duplicate-ids.ts",
+    "build:esm": "tsc -p tsconfig.json",
+    "build:cjs": "tsc -p tsconfig.cjs.json",
+    "build": "npm run build:esm && npm run build:cjs",
+    "postbuild": "node scripts/write-cjs-package.cjs",
+    "prepack": "npm run build",
+    "test": "vitest run"
+  },
+  "exports": {
+    ".": {
+      "types": "./dist/index.d.ts",
+      "import": "./dist/index.js",
+      "require": "./dist-cjs/index.js"
     },
-    "exports": {
-        ".": {
-            "types": "./dist/index.d.ts",
-            "import": "./dist/index.js",
-            "require": "./dist-cjs/index.js"
-        },
-        "./types": {
-            "types": "./dist/types.d.ts",
-            "import": "./dist/types.js",
-            "require": "./dist-cjs/types.js"
-        },
-        "./error-codes": {
-            "types": "./dist/error-codes.d.ts",
-            "import": "./dist/error-codes.js",
-            "require": "./dist-cjs/error-codes.js"
-        }
+    "./types": {
+      "types": "./dist/types.d.ts",
+      "import": "./dist/types.js",
+      "require": "./dist-cjs/types.js"
     },
-    "devDependencies": {
-        "typescript": "^5.0.0",
-        "vitest": "^1.0.0"
+    "./error-codes": {
+      "types": "./dist/error-codes.d.ts",
+      "import": "./dist/error-codes.js",
+      "require": "./dist-cjs/error-codes.js"
     }
+  },
+  "devDependencies": {
+    "tsx": "^4.19.2",
+    "typescript": "^5.0.0",
+    "vitest": "^1.0.0"
+  }
 }

package/scripts/assign-ids.ts

@@ -0,0 +1,105 @@
+import fs from "node:fs";
+import path from "node:path";
+
+const ROOT = path.resolve("D:/new-git-project/agents/shared/vulnerability-registry");
+const CATEGORIES_DIR = path.join(ROOT, "src", "categories");
+const REGISTRY_PATH = path.join(ROOT, "src", "id-registry.json");
+
+const RANGES: Record<string, [number, number]> = {
+  authentication: [100, 199],
+  configuration: [200, 299],
+  injection: [300, 399],
+  xss: [400, 449],
+  ssrf: [450, 499],
+  "sensitive-paths": [500, 699],
+};
+
+const CODE_PATTERN = /\[VulnerabilityCode\.([A-Z0-9_]+)\]\s*:/g;
+const ID_PATTERN = /\bid\s*:\s*(\d+)/;
+
+type AssignedEntry = {
+  code: string;
+  category: string;
+  id: number;
+};
+
+function assignIdsForFile(filePath: string, category: string): { text: string; entries: AssignedEntry[] } {
+  const text = fs.readFileSync(filePath, "utf-8");
+  const matches = Array.from(text.matchAll(CODE_PATTERN));
+  if (matches.length === 0) {
+    return { text, entries: [] };
+  }
+
+  const [startId, endId] = RANGES[category];
+  let nextId = startId;
+  const entries: AssignedEntry[] = [];
+  const outParts: string[] = [];
+  let cursor = 0;
+
+  for (let i = 0; i < matches.length; i += 1) {
+    const match = matches[i];
+    const blockStart = match.index! + match[0].length;
+    const blockEnd = i + 1 < matches.length ? matches[i + 1].index! : text.length;
+    const block = text.slice(blockStart, blockEnd);
+
+    const idMatch = ID_PATTERN.exec(block);
+    if (!idMatch) {
+      throw new Error(`Missing id field for ${match[1]} in ${filePath}`);
+    }
+    if (nextId > endId) {
+      throw new Error(`ID range exhausted for category ${category}`);
+    }
+
+    const newBlock =
+      block.slice(0, idMatch.index) +
+      `id: ${nextId}` +
+      block.slice(idMatch.index + idMatch[0].length);
+
+    outParts.push(text.slice(cursor, blockStart));
+    outParts.push(newBlock);
+    cursor = blockEnd;
+
+    entries.push({
+      code: match[1],
+      category,
+      id: nextId,
+    });
+    nextId += 1;
+  }
+
+  outParts.push(text.slice(cursor));
+  return { text: outParts.join(""), entries };
+}
+
+function main(): void {
+  const allEntries: AssignedEntry[] = [];
+  const files: Array<[string, string]> = [
+    ["authentication.ts", "authentication"],
+    ["configuration.ts", "configuration"],
+    ["injection.ts", "injection"],
+    ["xss.ts", "xss"],
+    ["ssrf.ts", "ssrf"],
+    ["sensitive-paths.ts", "sensitive-paths"],
+  ];
+
+  for (const [fileName, category] of files) {
+    const filePath = path.join(CATEGORIES_DIR, fileName);
+    if (!fs.existsSync(filePath)) {
+      throw new Error(`Missing category file: ${filePath}`);
+    }
+    const { text, entries } = assignIdsForFile(filePath, category);
+    fs.writeFileSync(filePath, text);
+    allEntries.push(...entries);
+  }
+
+  const registry = {
+    ranges: Object.fromEntries(
+      Object.entries(RANGES).map(([key, value]) => [key, Array.from(value)])
+    ),
+    entries: allEntries,
+  };
+  fs.writeFileSync(REGISTRY_PATH, JSON.stringify(registry, null, 2));
+  console.log(`Wrote ${allEntries.length} entries to ${REGISTRY_PATH}`);
+}
+
+main();