aura-security 0.4.0

package/dist/integrations/notifications.d.ts

@@ -0,0 +1,99 @@
+/**
+ * Notification Integrations for aurasecurity
+ *
+ * Supports:
+ * - Slack (webhooks + bot API)
+ * - Discord (webhooks)
+ * - Email (SMTP)
+ * - Custom webhooks
+ */
+export interface NotificationConfig {
+    slack?: {
+        webhookUrl?: string;
+        botToken?: string;
+        channel?: string;
+        enabled: boolean;
+    };
+    discord?: {
+        webhookUrl?: string;
+        enabled: boolean;
+    };
+    email?: {
+        smtp: {
+            host: string;
+            port: number;
+            secure: boolean;
+            user: string;
+            pass: string;
+        };
+        from: string;
+        to: string[];
+        enabled: boolean;
+    };
+    webhook?: {
+        url: string;
+        headers?: Record<string, string>;
+        enabled: boolean;
+    };
+}
+export interface NotificationPayload {
+    title: string;
+    message: string;
+    severity: 'low' | 'medium' | 'high' | 'critical';
+    auditId?: string;
+    target?: string;
+    findings?: {
+        critical: number;
+        high: number;
+        medium: number;
+        low: number;
+    };
+    link?: string;
+}
+export declare class NotificationService {
+    private config;
+    private dbPath?;
+    constructor(config?: NotificationConfig, dbPath?: string);
+    /**
+     * Load configuration from database settings
+     */
+    loadFromDatabase(): void;
+    /**
+     * Send notification to all configured channels
+     */
+    notify(payload: NotificationPayload): Promise<{
+        sent: string[];
+        failed: string[];
+    }>;
+    /**
+     * Send to Slack webhook
+     */
+    private sendSlack;
+    /**
+     * Send to Discord webhook
+     */
+    private sendDiscord;
+    /**
+     * Send to custom webhook
+     */
+    private sendWebhook;
+    /**
+     * Test a specific notification channel
+     */
+    testChannel(channel: 'slack' | 'discord' | 'webhook'): Promise<{
+        success: boolean;
+        error?: string;
+    }>;
+    private getSeverityColor;
+    private getSeverityColorInt;
+    private getSeverityEmoji;
+}
+/**
+ * Create notification from scan result
+ */
+export declare function createNotificationFromAudit(auditId: string, type: string, target: string, summary: {
+    critical: number;
+    high: number;
+    medium: number;
+    low: number;
+}, baseUrl?: string): NotificationPayload;

package/dist/integrations/notifications.js

@@ -0,0 +1,305 @@
+/**
+ * Notification Integrations for aurasecurity
+ *
+ * Supports:
+ * - Slack (webhooks + bot API)
+ * - Discord (webhooks)
+ * - Email (SMTP)
+ * - Custom webhooks
+ */
+import { getDatabase } from '../database/index.js';
+export class NotificationService {
+    config;
+    dbPath;
+    constructor(config = {}, dbPath) {
+        this.config = config;
+        this.dbPath = dbPath;
+    }
+    /**
+     * Load configuration from database settings
+     */
+    loadFromDatabase() {
+        if (!this.dbPath)
+            return;
+        const db = getDatabase(this.dbPath);
+        const settings = db.getSettings('notifications.');
+        // Parse Slack settings
+        if (settings['notifications.slack.enabled'] === 'true') {
+            this.config.slack = {
+                enabled: true,
+                webhookUrl: settings['notifications.slack.webhookUrl'],
+                botToken: settings['notifications.slack.botToken'],
+                channel: settings['notifications.slack.channel']
+            };
+        }
+        // Parse Discord settings
+        if (settings['notifications.discord.enabled'] === 'true') {
+            this.config.discord = {
+                enabled: true,
+                webhookUrl: settings['notifications.discord.webhookUrl']
+            };
+        }
+        // Parse webhook settings
+        if (settings['notifications.webhook.enabled'] === 'true') {
+            this.config.webhook = {
+                enabled: true,
+                url: settings['notifications.webhook.url'],
+                headers: settings['notifications.webhook.headers']
+                    ? JSON.parse(settings['notifications.webhook.headers'])
+                    : undefined
+            };
+        }
+    }
+    /**
+     * Send notification to all configured channels
+     */
+    async notify(payload) {
+        const results = { sent: [], failed: [] };
+        // Try each enabled channel
+        const promises = [];
+        if (this.config.slack?.enabled && this.config.slack.webhookUrl) {
+            promises.push(this.sendSlack(payload)
+                .then(() => { results.sent.push('slack'); })
+                .catch((err) => {
+                console.error('[NOTIFY] Slack failed:', err.message);
+                results.failed.push('slack');
+            }));
+        }
+        if (this.config.discord?.enabled && this.config.discord.webhookUrl) {
+            promises.push(this.sendDiscord(payload)
+                .then(() => { results.sent.push('discord'); })
+                .catch((err) => {
+                console.error('[NOTIFY] Discord failed:', err.message);
+                results.failed.push('discord');
+            }));
+        }
+        if (this.config.webhook?.enabled && this.config.webhook.url) {
+            promises.push(this.sendWebhook(payload)
+                .then(() => { results.sent.push('webhook'); })
+                .catch((err) => {
+                console.error('[NOTIFY] Webhook failed:', err.message);
+                results.failed.push('webhook');
+            }));
+        }
+        await Promise.all(promises);
+        // Record in database
+        if (this.dbPath) {
+            try {
+                const db = getDatabase(this.dbPath);
+                db.recordNotification(payload.auditId || 'manual', results.sent.join(','), results.failed.length === 0);
+            }
+            catch (err) {
+                console.error('[NOTIFY] Failed to record notification:', err);
+            }
+        }
+        return results;
+    }
+    /**
+     * Send to Slack webhook
+     */
+    async sendSlack(payload) {
+        const webhookUrl = this.config.slack?.webhookUrl;
+        if (!webhookUrl)
+            throw new Error('Slack webhook URL not configured');
+        const color = this.getSeverityColor(payload.severity);
+        const emoji = this.getSeverityEmoji(payload.severity);
+        const slackPayload = {
+            attachments: [{
+                    color,
+                    blocks: [
+                        {
+                            type: 'header',
+                            text: {
+                                type: 'plain_text',
+                                text: `${emoji} ${payload.title}`,
+                                emoji: true
+                            }
+                        },
+                        {
+                            type: 'section',
+                            text: {
+                                type: 'mrkdwn',
+                                text: payload.message
+                            }
+                        },
+                        ...(payload.findings ? [{
+                                type: 'section',
+                                fields: [
+                                    { type: 'mrkdwn', text: `*Critical:* ${payload.findings.critical}` },
+                                    { type: 'mrkdwn', text: `*High:* ${payload.findings.high}` },
+                                    { type: 'mrkdwn', text: `*Medium:* ${payload.findings.medium}` },
+                                    { type: 'mrkdwn', text: `*Low:* ${payload.findings.low}` }
+                                ]
+                            }] : []),
+                        ...(payload.target ? [{
+                                type: 'context',
+                                elements: [{
+                                        type: 'mrkdwn',
+                                        text: `📁 Target: \`${payload.target}\``
+                                    }]
+                            }] : []),
+                        ...(payload.link ? [{
+                                type: 'actions',
+                                elements: [{
+                                        type: 'button',
+                                        text: { type: 'plain_text', text: 'View Details' },
+                                        url: payload.link,
+                                        action_id: 'view_audit'
+                                    }]
+                            }] : [])
+                    ]
+                }]
+        };
+        const response = await fetch(webhookUrl, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify(slackPayload)
+        });
+        if (!response.ok) {
+            throw new Error(`Slack returned ${response.status}: ${await response.text()}`);
+        }
+        console.log('[NOTIFY] Slack notification sent');
+    }
+    /**
+     * Send to Discord webhook
+     */
+    async sendDiscord(payload) {
+        const webhookUrl = this.config.discord?.webhookUrl;
+        if (!webhookUrl)
+            throw new Error('Discord webhook URL not configured');
+        const color = this.getSeverityColorInt(payload.severity);
+        const emoji = this.getSeverityEmoji(payload.severity);
+        const discordPayload = {
+            embeds: [{
+                    title: `${emoji} ${payload.title}`,
+                    description: payload.message,
+                    color,
+                    fields: payload.findings ? [
+                        { name: '🔴 Critical', value: String(payload.findings.critical), inline: true },
+                        { name: '🟠 High', value: String(payload.findings.high), inline: true },
+                        { name: '🟡 Medium', value: String(payload.findings.medium), inline: true },
+                        { name: '🟢 Low', value: String(payload.findings.low), inline: true }
+                    ] : [],
+                    footer: payload.target ? { text: `Target: ${payload.target}` } : undefined,
+                    timestamp: new Date().toISOString()
+                }]
+        };
+        const response = await fetch(webhookUrl, {
+            method: 'POST',
+            headers: { 'Content-Type': 'application/json' },
+            body: JSON.stringify(discordPayload)
+        });
+        if (!response.ok) {
+            throw new Error(`Discord returned ${response.status}: ${await response.text()}`);
+        }
+        console.log('[NOTIFY] Discord notification sent');
+    }
+    /**
+     * Send to custom webhook
+     */
+    async sendWebhook(payload) {
+        const webhookConfig = this.config.webhook;
+        if (!webhookConfig?.url)
+            throw new Error('Webhook URL not configured');
+        const response = await fetch(webhookConfig.url, {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json',
+                ...webhookConfig.headers
+            },
+            body: JSON.stringify({
+                event: 'audit_complete',
+                timestamp: new Date().toISOString(),
+                ...payload
+            })
+        });
+        if (!response.ok) {
+            throw new Error(`Webhook returned ${response.status}: ${await response.text()}`);
+        }
+        console.log('[NOTIFY] Custom webhook notification sent');
+    }
+    /**
+     * Test a specific notification channel
+     */
+    async testChannel(channel) {
+        const testPayload = {
+            title: 'aurasecurity Test',
+            message: 'This is a test notification from aurasecurity.',
+            severity: 'low',
+            findings: { critical: 0, high: 0, medium: 1, low: 2 },
+            target: 'test'
+        };
+        try {
+            switch (channel) {
+                case 'slack':
+                    await this.sendSlack(testPayload);
+                    break;
+                case 'discord':
+                    await this.sendDiscord(testPayload);
+                    break;
+                case 'webhook':
+                    await this.sendWebhook(testPayload);
+                    break;
+            }
+            return { success: true };
+        }
+        catch (err) {
+            return { success: false, error: err instanceof Error ? err.message : String(err) };
+        }
+    }
+    getSeverityColor(severity) {
+        switch (severity) {
+            case 'critical': return '#ff0000';
+            case 'high': return '#ff6600';
+            case 'medium': return '#ffcc00';
+            case 'low': return '#00cc00';
+            default: return '#666666';
+        }
+    }
+    getSeverityColorInt(severity) {
+        switch (severity) {
+            case 'critical': return 0xff0000;
+            case 'high': return 0xff6600;
+            case 'medium': return 0xffcc00;
+            case 'low': return 0x00cc00;
+            default: return 0x666666;
+        }
+    }
+    getSeverityEmoji(severity) {
+        switch (severity) {
+            case 'critical': return '🚨';
+            case 'high': return '⚠️';
+            case 'medium': return '⚡';
+            case 'low': return 'ℹ️';
+            default: return '🔍';
+        }
+    }
+}
+/**
+ * Create notification from scan result
+ */
+export function createNotificationFromAudit(auditId, type, target, summary, baseUrl) {
+    const total = summary.critical + summary.high + summary.medium + summary.low;
+    let severity = 'low';
+    if (summary.critical > 0)
+        severity = 'critical';
+    else if (summary.high > 0)
+        severity = 'high';
+    else if (summary.medium > 0)
+        severity = 'medium';
+    const title = total > 0
+        ? `Security Scan Found ${total} Issue${total > 1 ? 's' : ''}`
+        : 'Security Scan Complete';
+    const message = total > 0
+        ? `A ${type} scan of \`${target}\` found security issues that require attention.`
+        : `A ${type} scan of \`${target}\` completed with no findings.`;
+    return {
+        title,
+        message,
+        severity,
+        auditId,
+        target,
+        findings: summary,
+        link: baseUrl ? `${baseUrl}/#audit/${auditId}` : undefined
+    };
+}

package/dist/integrations/scanners.d.ts

@@ -0,0 +1,57 @@
+import type { EvidenceBundle } from '../types/events.js';
+export interface VulnerabilityFinding {
+    id: string;
+    severity: 'critical' | 'high' | 'medium' | 'low';
+    title: string;
+    description?: string;
+    package?: string;
+    version?: string;
+    fixedIn?: string;
+    cve?: string;
+    cwes?: string[];
+    file?: string;
+    line?: number;
+}
+export interface ScanResult {
+    scanner: string;
+    timestamp: string;
+    findings: VulnerabilityFinding[];
+    summary: {
+        critical: number;
+        high: number;
+        medium: number;
+        low: number;
+    };
+    raw?: string;
+}
+export declare abstract class ScannerParser {
+    abstract name: string;
+    abstract parse(input: string | object): ScanResult;
+    toEvidenceBundle(result: ScanResult): Partial<EvidenceBundle>;
+    protected normalizeSeverity(sev: string): VulnerabilityFinding['severity'];
+}
+export declare class SnykParser extends ScannerParser {
+    name: string;
+    parse(input: string | object): ScanResult;
+    private summarize;
+}
+export declare class TrivyParser extends ScannerParser {
+    name: string;
+    parse(input: string | object): ScanResult;
+    private summarize;
+}
+export declare class SemgrepParser extends ScannerParser {
+    name: string;
+    parse(input: string | object): ScanResult;
+    private summarize;
+}
+export declare class NpmAuditParser extends ScannerParser {
+    name: string;
+    parse(input: string | object): ScanResult;
+    private summarize;
+}
+export declare class GenericParser extends ScannerParser {
+    name: string;
+    parse(input: string | object): ScanResult;
+}
+export declare function getParser(scannerName: string): ScannerParser;

package/dist/integrations/scanners.js

@@ -0,0 +1,217 @@
+// Scanner Parsers - Parse output from security scanning tools
+// Supports: Snyk, Trivy, Semgrep, npm audit, and custom formats
+export class ScannerParser {
+    toEvidenceBundle(result) {
+        const vulnScan = `critical: ${result.summary.critical}\nhigh: ${result.summary.high}\nmedium: ${result.summary.medium}\nlow: ${result.summary.low}`;
+        return { vuln_scan: vulnScan };
+    }
+    normalizeSeverity(sev) {
+        const s = sev.toLowerCase();
+        if (s === 'critical' || s === 'crit')
+            return 'critical';
+        if (s === 'high' || s === 'h')
+            return 'high';
+        if (s === 'medium' || s === 'med' || s === 'moderate')
+            return 'medium';
+        return 'low';
+    }
+}
+// Snyk JSON output parser
+export class SnykParser extends ScannerParser {
+    name = 'snyk';
+    parse(input) {
+        const data = typeof input === 'string' ? JSON.parse(input) : input;
+        const findings = [];
+        const vulnerabilities = data.vulnerabilities || [];
+        for (const vuln of vulnerabilities) {
+            findings.push({
+                id: vuln.id,
+                severity: this.normalizeSeverity(vuln.severity),
+                title: vuln.title,
+                description: vuln.description,
+                package: vuln.packageName || vuln.moduleName,
+                version: vuln.version,
+                fixedIn: vuln.fixedIn?.[0],
+                cve: vuln.identifiers?.CVE?.[0],
+                cwes: vuln.identifiers?.CWE
+            });
+        }
+        return {
+            scanner: this.name,
+            timestamp: new Date().toISOString(),
+            findings,
+            summary: this.summarize(findings),
+            raw: typeof input === 'string' ? input : JSON.stringify(input)
+        };
+    }
+    summarize(findings) {
+        return {
+            critical: findings.filter(f => f.severity === 'critical').length,
+            high: findings.filter(f => f.severity === 'high').length,
+            medium: findings.filter(f => f.severity === 'medium').length,
+            low: findings.filter(f => f.severity === 'low').length
+        };
+    }
+}
+// Trivy JSON output parser
+export class TrivyParser extends ScannerParser {
+    name = 'trivy';
+    parse(input) {
+        const data = typeof input === 'string' ? JSON.parse(input) : input;
+        const findings = [];
+        const results = data.Results || [];
+        for (const result of results) {
+            const vulns = result.Vulnerabilities || [];
+            for (const vuln of vulns) {
+                findings.push({
+                    id: vuln.VulnerabilityID,
+                    severity: this.normalizeSeverity(vuln.Severity),
+                    title: vuln.Title || vuln.VulnerabilityID,
+                    description: vuln.Description,
+                    package: vuln.PkgName,
+                    version: vuln.InstalledVersion,
+                    fixedIn: vuln.FixedVersion,
+                    cve: vuln.VulnerabilityID.startsWith('CVE') ? vuln.VulnerabilityID : undefined,
+                    cwes: vuln.CweIDs
+                });
+            }
+        }
+        return {
+            scanner: this.name,
+            timestamp: new Date().toISOString(),
+            findings,
+            summary: this.summarize(findings),
+            raw: typeof input === 'string' ? input : JSON.stringify(input)
+        };
+    }
+    summarize(findings) {
+        return {
+            critical: findings.filter(f => f.severity === 'critical').length,
+            high: findings.filter(f => f.severity === 'high').length,
+            medium: findings.filter(f => f.severity === 'medium').length,
+            low: findings.filter(f => f.severity === 'low').length
+        };
+    }
+}
+// Semgrep JSON output parser (SAST)
+export class SemgrepParser extends ScannerParser {
+    name = 'semgrep';
+    parse(input) {
+        const data = typeof input === 'string' ? JSON.parse(input) : input;
+        const findings = [];
+        const results = data.results || [];
+        for (const result of results) {
+            findings.push({
+                id: result.check_id,
+                severity: this.normalizeSeverity(result.extra?.severity || 'medium'),
+                title: result.extra?.message || result.check_id,
+                description: result.extra?.metadata?.description,
+                file: result.path,
+                line: result.start?.line,
+                cwes: result.extra?.metadata?.cwe ? [result.extra.metadata.cwe] : undefined
+            });
+        }
+        return {
+            scanner: this.name,
+            timestamp: new Date().toISOString(),
+            findings,
+            summary: this.summarize(findings),
+            raw: typeof input === 'string' ? input : JSON.stringify(input)
+        };
+    }
+    summarize(findings) {
+        return {
+            critical: findings.filter(f => f.severity === 'critical').length,
+            high: findings.filter(f => f.severity === 'high').length,
+            medium: findings.filter(f => f.severity === 'medium').length,
+            low: findings.filter(f => f.severity === 'low').length
+        };
+    }
+}
+// npm audit JSON output parser
+export class NpmAuditParser extends ScannerParser {
+    name = 'npm-audit';
+    parse(input) {
+        const data = typeof input === 'string' ? JSON.parse(input) : input;
+        const findings = [];
+        // npm audit v2 format
+        const vulnerabilities = data.vulnerabilities || {};
+        for (const [pkgName, vuln] of Object.entries(vulnerabilities)) {
+            const v = vuln;
+            findings.push({
+                id: `npm-${pkgName}`,
+                severity: this.normalizeSeverity(v.severity || 'medium'),
+                title: v.title || `Vulnerability in ${pkgName}`,
+                description: v.url,
+                package: pkgName,
+                version: v.range,
+                fixedIn: v.fixAvailable ? 'Update available' : undefined
+            });
+        }
+        return {
+            scanner: this.name,
+            timestamp: new Date().toISOString(),
+            findings,
+            summary: this.summarize(findings),
+            raw: typeof input === 'string' ? input : JSON.stringify(input)
+        };
+    }
+    summarize(findings) {
+        return {
+            critical: findings.filter(f => f.severity === 'critical').length,
+            high: findings.filter(f => f.severity === 'high').length,
+            medium: findings.filter(f => f.severity === 'medium').length,
+            low: findings.filter(f => f.severity === 'low').length
+        };
+    }
+}
+// Generic parser for simple formats
+export class GenericParser extends ScannerParser {
+    name = 'generic';
+    parse(input) {
+        // Parse simple format like "critical: 5\nhigh: 10"
+        if (typeof input === 'string') {
+            const summary = { critical: 0, high: 0, medium: 0, low: 0 };
+            const lines = input.split('\n');
+            for (const line of lines) {
+                const match = line.match(/(critical|high|medium|low)[:\s]+(\d+)/i);
+                if (match) {
+                    const sev = match[1].toLowerCase();
+                    summary[sev] = parseInt(match[2], 10);
+                }
+            }
+            return {
+                scanner: this.name,
+                timestamp: new Date().toISOString(),
+                findings: [],
+                summary,
+                raw: input
+            };
+        }
+        // Object format
+        const data = input;
+        return {
+            scanner: this.name,
+            timestamp: new Date().toISOString(),
+            findings: [],
+            summary: {
+                critical: data.critical || 0,
+                high: data.high || 0,
+                medium: data.medium || 0,
+                low: data.low || 0
+            },
+            raw: JSON.stringify(input)
+        };
+    }
+}
+// Factory function to get appropriate parser
+export function getParser(scannerName) {
+    switch (scannerName.toLowerCase()) {
+        case 'snyk': return new SnykParser();
+        case 'trivy': return new TrivyParser();
+        case 'semgrep': return new SemgrepParser();
+        case 'npm':
+        case 'npm-audit': return new NpmAuditParser();
+        default: return new GenericParser();
+    }
+}